No Mods around, and the forum is under attack

Have something to say about forums.debian.net itself?

No Mods around, and the forum is under attack

Postby GarryRicketson » 2015-06-20 14:29

No mods around, there is a whole bunch of spambots , and nothing I can do, someone needs to do some work on "blocking" these things, this could have been prevented.
It may even "crash" the forum again.
User avatar
GarryRicketson
 
Posts: 3658
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: No Mods around, and the forum is under attack

Postby deltaflyer » 2015-06-20 14:35

sorted m8,not as fast as i used to be at typing ;)
free your computer,use opensource
User avatar
deltaflyer
 
Posts: 358
Joined: 2007-10-02 18:03
Location: EastAnglia,U.K.

Re: No Mods around, and the forum is under attack

Postby dasein » 2015-06-20 15:05

Thanks, deltaflyer. :cool:

In fairness to my former colleagues, given the way administrative privileges are set up here at FDN, spamhunters are ill-equipped to deal with this particular kind of attack. Spamhunters can ban the spambot accounts themselves, but that only prevents new spam from being posted; "one-click" cleanup of the existing spam requires the ability to globally nuke all posts by a given user. For whatever reason(s), FDN spamhunters (purple) are not entrusted with that particular ability, which means that effective cleanup requires a mod (green) or admin (red).

tl;dr: FDN's spamhunters are just as helpless (and no doubt just as frustrated) as regular users in the face of this particular kind of attack.

That said, I think that GarryRicketson's core point is well-taken: clearly, someone has sussed out a way to circumvent the "automated" tools that are currently in place. Maybe it's time to re-examine, and perhaps to fortify, FDN's first-line defenses.
Last edited by dasein on 2015-06-20 15:56, edited 1 time in total.
User avatar
dasein
 
Posts: 7207
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: No Mods around, and the forum is under attack

Postby GarryRicketson » 2015-06-20 15:41

deltaflyer wrote:sorted m8,not as fast as i used to be at typing ;)

Glad to see that, so it wasn't as bad as it appeared. I realize it is impossible for anyone, including admins, to keep a eye on it 24 hours a day,
@dasein : Thanks too, I am not very familiar with how they have the adminstration and mods set up,
clearly, someone has sussed out a way to circumvent the "automated" tools that are currently in place. Maybe it's time to re-examine, and perhaps to fortify, FDN's first-line defenses.

Over all, considering the size of the forum,etc, they do a pretty good job, this recent one was a first, at least for me, to see that happen, we got hit yesterday, at SFS (Stop Forum Spam), by one, similar to these, I was online, but there I am a mod, and was able to stop it ,before it got very far, and no others followed, so far. Similar, as to the "spamhunters" here I am not administrator, at SFS, just a helper (mod) just to clarify. Glad to see it got stopped , and was not as "big" a mess as I thought they were going to make. Thanks
User avatar
GarryRicketson
 
Posts: 3658
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: No Mods around, and the forum is under attack

Postby andyetanother » 2015-06-20 16:14

There's no such thing as a spam free forum. The best line of defence is to have volunteers to clean it up. You can complicate registration and use various kinds of captcha, but in the end spammers will always circumvent it. Countermeasures are only a means of reducing the problem to an acceptable level and a combination of anti robot software and human staff is the best approach.

If I understand the implementation correctly here, all that 'spamhunters' can do is move posts to a hidden 'recycler' forum? I so, that is in fact sufficient. Usually this user group is set up with the least possible privileges. Even where they can only move posts, sadly this is still abused by those who choose to classify posts which aren't to their tastes as 'spam'. Web forums are always crawling with self-appointed moderators and all kinds of 'ambitious' staff wannabes, Most sane people have no real interest in this, but for certain people it's truly a sickness. They will often suck up and 'brown nose' their way onto the staff, by stroking the egos of selected staff members or attempting to do so. Good news is that this type of user has a 'soft centre' and after some repeated prodding will usually just throw their toys out of the pram and resign their position (especially when being told they've overstepped the mark).

Forum administrators have to deal with lots of personalities, without really knowing the people involved or if they can be trusted. Thus the current model is about the safest. Probably just a few more spamhunters needed to ensure round the clock coverage (easy solution - ask a few of the long term most active members).

But when all is said and done, compared to how this place was a few years ago, there seems to be more than enough staff here.
andyetanother
 
Posts: 37
Joined: 2015-06-01 15:44

Re: No Mods around, and the forum is under attack

Postby dasein » 2015-06-20 16:30

GarryRicketson wrote:I realize it is impossible for anyone, including admins, to keep a eye on it 24 hours a day

Back when the staff was "beefed up" a few years back, we actually had pretty close to global coverage. In those days, it was quite commonplace for spam, along with the corresponding spambot, to be nuked before anyone had a chance to report it. But there has been a lot of attrition among the staff since then; we've lost at least one admin, a mod or two, and at least one spamhunter (or as many as three, depending on how one chooses to count such things). Then too, not all staff members are equally active/engaged. (Not a slap, just stating a fact.)

GarryRicketson wrote:@dasein : Thanks too, I am not very familiar with how they have the adminstration and mods set up

I have been led to believe (read: not QFT) that phpBBS provides tools that allow for the assignment of customized administrative powers to the staff. At FDN, spamhunters have basically two tools: the ability to move a given post (or thread) and to ban a user. Global powers (such as removing all posts by a given user) are reserved to mods and admins.

Given the kind of attack mounted today, it would require at least two spamhunters working simultaneously to clean up all the cruft, and even then, it would still be very slow going. Thankfully, deltaflyer showed up and dropped the Red Hammer on the offender(s).
User avatar
dasein
 
Posts: 7207
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: No Mods around, and the forum is under attack

Postby GarryRicketson » 2015-06-20 17:26

If I understand the implementation correctly here, all that 'spamhunters' can do
is move posts to a hidden 'recycler' forum? I so, that is in fact sufficient.

I am not sure if that is how they do it here, I think so too. It is a good method.
We have something similar at SFS, and the post in question is moved to a "trashbin",
once there the only person that can edit, or move it again, etc. is the administrator.
On the bans, similar, for example, if I see a spam post and the bot is still online,
the first thing I do is ban it, often, because bots post so fast, they will have all ready
posted 3 or 4 spams, just in the few seconds it took to do the ban.
Then I go, back, move the posts to the trashbin, or at least one. The main point, is,
if I ban a person, and later it turns out I was mistaken, either I or the admin, or another
moderator can remove the ban.
When it is a definite "spambot" there is more work to do, I have to submit the details
into the database, that includes a copy of the "spampost" as evidence, but that kind of
is another topic too.

Most sane people have no real interest in this, but for certain people it's truly a
sickness. They will often suck up and 'brown nose' their way onto the staff,......

We had one, in many ways he was a very good mod, and I am not sure what happened,
but he started getting "carried" away, so to speak, was banning people right and left,
many had been long time members, ...but also, what happened was, every time he banned someone, the admin, or another mod, removed the ban, and restored the post,...needless
to say and as you say :
Good news is that this type of user has a 'soft centre' and after some repeated prodding will usually just throw their toys out of the pram and resign their position (especially when being told they've overstepped the mark).

That is what happened, he got mad, and left the forum.
I didn't start being a mod, because I was a ""ambitious' staff wannabe"", it happened ,
because the person keeping the "spanish" forum, left, and they were going to close it,
then when they learned that I am in Mexico, and speak spanish , well, ....one thing leads
to another, for me it is pretty easy, and there is not much traffic on the spanish forum,
But anyway that is another topic.
@Dasein, At FDN, spamhunters have basically two tools: the ability to move a given post (or thread) and to ban a user. Global powers (such as removing all posts by a given user) are reserved to mods and admins.
That is enough, if a "spamhunter" happens to be on line at the time,...Ok well any way, I can't think of much else to say on this at the moment.
Last edited by GarryRicketson on 2015-06-26 23:51, edited 1 time in total.
User avatar
GarryRicketson
 
Posts: 3658
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: No Mods around, and the forum is under attack

Postby GarryRicketson » 2015-06-20 17:41

Something administrators, might want to look at,
https://www.funcaptcha.com/
I have been using this, for a year now, on a PHPbb forum, of mine, we also are using it at SFS,
it really works well against "spambots" but is very easy for "humans" and genuine users to use.
On my website, I have some other "security" measures, that blocks even more then just spambots,
but when I first was testing the "funcaptcha", I disabled my "other security" , leaving the forum "open", normally, even with the traditional captcha, disabling the "other security" would result in getting 100s of spamposts in a day, and with the "Funcaptcha", there was not even 1 in a week ,..
Guess for now that is about it.
User avatar
GarryRicketson
 
Posts: 3658
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: No Mods around, and the forum is under attack

Postby robert-e » 2015-06-20 18:04

@GarryRicketson;
I am all for any means to reduce spam' so please don't consider this as a criticism: I went to your funcaptcha link, and was somewhat disappointed that it was the type of captcha that I seem to have the most problem "solving"; so much so that lately when confronted with one, I just go away. Really, at times I have had to recycle the captcha a half dozen times before I could get one that was solveable. Perhaps it is just problematic for me only? I have seen some types of captcha's that combine a "block letter" word, with a "scripted" word that i seem to solve quite readily. Whatever, I will say that if I have to solve the fun captcha type, it will result in me not hanging around here regularly anymore....Perhaps that will make some OP happy? :)

Regards,
Bob
robert-e
 
Posts: 44
Joined: 2011-12-09 21:29

Re: No Mods around, and the forum is under attack

Postby GarryRicketson » 2015-06-20 18:25

I am all for any means to reduce spam' so please don't consider this as a criticism: I went to your funcaptcha link, and was somewhat disappointed that it was the type of captcha that I seem to have the most problem "solving"; so much so that lately when confronted with one, I just go away.
Oh,...well, I am not the maker, or designer of the "funcaptcha", so it is not like you are criticizing me,...no problem,
so much so that lately when confronted with one, I just go away

That is exactly what the "bots" say too! :D Don't get me wrong, it is obvious you are not a bot. But I have noticed in the past, whenever someone tries to tell some forum or site admins, about a better way to "block" spambots, the people that don't like the idea, are people that write "kiddie scripts" and send spambots all over the ineternet,..again, I am not saying, this is the case with you, but it does make me wonder,..

Whatever, I will say that if I have to solve the fun captcha type, it will result in me not hanging around here regularly anymore

This shows, what it is, you don't really understand how all this works, you are all ready registered,and a member. A new kind of captcha would not affect you, the captcha, or funcaptcha, is something that only occurs when someone registers for their first time, it is something that only needs to be done once, ...of course, if you are making "multiple" registrations, registering with various usernames, and fake e-mail addresses, proxy IP s,..yes indeed, the "funcaptcha" would be a serious problem for you, and more so because you would have to solve it many times, and if you can not solve it, well,...bye bye, you just go way,...But seriously, since you are already a member, the use of "funcaptcha" would not effect you at all. :D
Last edited by GarryRicketson on 2015-06-20 18:29, edited 1 time in total.
User avatar
GarryRicketson
 
Posts: 3658
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: No Mods around, and the forum is under attack

Postby Head_on_a_Stick » 2015-06-20 18:26

FWIW, I never seen any spam on the Arch forums.

They use a shibboleth-type captcha:
What is the output of "date -u +%V$(uname)|sha256sum|sed 's/\W//g'"?

https://bbs.archlinux.org/register.php

Seems to work very well...
“Such is modern computing: everything simple is made too complicated because it’s easy to fiddle with; everything complicated stays complicated because it’s hard to fix." — Rob Pike

Please read before posting How to report a problem
User avatar
Head_on_a_Stick
 
Posts: 6378
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: No Mods around, and the forum is under attack

Postby GarryRicketson » 2015-06-20 18:39

Head_on_a_Stick wrote:FWIW, I never seen any spam on the Arch forums.

They use a shibboleth-type captcha:
What is the output of "date -u +%V$(uname)|sha256sum|sed 's/\W//g'"?

https://bbs.archlinux.org/register.php

Seems to work very well...

I like that, and it does, it sure had me "stumped" when I joined the archlinux forum, but just for a few seconds, but I have a feeling, because a lot of the members here appear to be "windows" users, just starting to try to learn about Linux and Debian, there would be a whole bunch of "new members" that never join, But it would work, as a "alternative", IE: if the person trying to register is intimidated by the "captcha" or "funcaptcha", they could select the "alternative question" ....
And it could be a different type of question, one that can be solved with windows as well as linux/unix, I don't know, maybe there is a way to solve it on windows, ??? I don't use windows,
----------------------
Edited: All though I am familiar with the question and the captcha at "archlinux"
I was not sure what type it is "shibboleth-type captcha:" So any way , this is what I found,

https://www.unicon.net/opensource/shibboleth
Interesting, I may give this a try, just to see how well it works.
User avatar
GarryRicketson
 
Posts: 3658
Joined: 2015-01-20 22:16
Location: Durango, Mexico


Return to Forum stuff & feedback

Who is online

Users browsing this forum: No registered users and 2 guests

fashionable