Spam Attacks

[Will Prowse]

Last few days were tough, and we were slammed with thousands of posts by spam profiles. Not a fun time for me and the other mods.

This morning I found a spam comment management tool that works with our forum software. It is called akismet, and it's $100 annually. I am hoping this fixes the issue! I also made a time delay for registrations coming from the same IP address.

Hoping this fixes the issue! Let's see what happens today..

 

[Adam De Lay]

I spend hours each week blocking spammers. It's a full time job on it's own. Thanks to you and all the mods for dealing with all of it.

 

[myles]

I use akismet for wordpress, it does help, if its a form sign up issue consider adding honeypots to all the forms so that when bots are filling out the form they miss this and the form gets rejected, works great on all my gravityforms plugin items

 

[Gavin Stone]

I appreciate it. The whole thing was odd. It wasn’t even the usual spam like “click here to win” or something. Just loads of Chinese writing. More like an attack really.

 

[tim0shel]

Thanks Will for taking actions and trying to eliminate what you can in the future!

 

[Solar Guppy]

I modified my forum software ( phpbb ) to require use of a keyword needed in the registration form that I posted in a thread that a human can easily find, since I did this I have cut to spam registrations to zero.

 

[upnorthandpersonal]

I appreciate it. The whole thing was odd. It wasn’t even the usual spam like “click here to win” or something. Just loads of Chinese writing. More like an attack really.

Spam Bots pushing whatever they can trying to overwhelm a system. One of the issues is that the posts all started a new thread, and that this is harder to deal with to just designate the user as a spammer and delete all the posts. It's something that should be addressed in an update to the forum software soon.
As always, these things are a fight between the spammers and the measures against their methods. The forum software is pretty robust though, and the tools to deal with the spam are already good, and improving over time.

 

[Gavin Stone]

Spam Bots pushing whatever they can trying to overwhelm a system. One of the issues is that the posts all started a new thread, and that this is harder to deal with to just designate the user as a spammer and delete all the posts. It's something that should be addressed in an update to the forum software soon.
As always, these things are a fight between the spammers and the measures against their methods. The forum software is pretty robust though, and the tools to deal with the spam are already good, and improving over time.

Thanks for dealing with it. It’s one of those things people may not consider on a daily basis. I’m certainly guilty of that. You just assume things run smoothly. But the reason they function is people behind the scenes managing and doing what’s needed.

What is the point of overwhelming a system? Just a digital form of vandalism?

 

[upnorthandpersonal]

What is the point of overwhelming a system? Just a digital form of vandalism?

It's a combination of things: if you overwhelm a system, you might be able to take it down, increase the costs for people running the system, etc. But it also helps to find vulnerabilities: if you can make a system crash, you can learn valuable information about said system (for example error pages, faulty responses, or other error messages to help find out what operating system is running to use that to target different malware exploits). In addition, since it's automated, it can also find abandoned systems it can use to turn either into a bot itself, or to use it to advertise from/push more spam.

 

[toms]

Once again, big thanks to Will and the mods for making this forum possible and allowing us all to improve our knowledge.

Much appreciated

 

[Watts Happening]

Last few days were tough, and we were slammed with thousands of posts by spam profiles. Not a fun time for me and the other mods.

This morning I found a spam comment management tool that works with our forum software. It is called akismet, and it's $100 annually. I am hoping this fixes the issue! I also made a time delay for registrations coming from the same IP address.

Hoping this fixes the issue! Let's see what happens today..

With the dozens of things I use on a daily basis to fight spam, I have to say a basic v3 Recaptcha during sign up goes a LONG way.

 

[Will Prowse]

With the dozens of things I use on a daily basis to fight spam, I have to say a basic v3 Recaptcha during sign up goes a LONG way.

Yes we have that. We have multiple spam management programs setup in xenforo.

 

[Watts Happening]

Yes we have that. We have multiple spam management programs setup in xenforo.

Sounds like they’re getting tricky!

 

[upnorthandpersonal]

Sounds like they’re getting tricky!

It's a popular forum... 75k users and counting, so it makes a nice target.

 

[Mithril]

Does the forum software allow rate limiting? Or even better rate limiting with progressive backoff?

 

[Bud Martin]

It is not working, I still see lots of same spams yesterday and just now at 12:45AM 3-12-2023.

 

[TorC]

Nice idea, Mithril, if it's available. One thread per hour until 25-50 posts or something seems like it should do for this particular spam attack.

 

[upnorthandpersonal]

It is working, just not 100% (yet). It's a persistent effort... We'll gradually make things more strict.

 

[Don B. Cilly]

Yeah well. I really liked it when I signed up here how "loose" it was - almost no restrictions.
Most other forums I use have a lot more.
As they say in Spain, "Pagan los justos por los pecadores" - which loosely* translates to "The righteous end up paying for the sinners".
It's the usual "security vs. usability" trade-off.

*Cesare Pavese (who was a very good translator) said: "Translations are like wives. Ugly and faithful or beautiful and unfaithful".
-

 

[tim0shel]

Looks like we got hit again!