spambot attack

[Please Register and Login to this forum to stop seeing this advertsing.]

[admin (no pm's please)]

I have spotted and eliminated a forum that had accumulated over 200,000 spam postings   This was I think automated and the sort of thing that was probably coming in bursts and probably contributing to some of the problems we have been seeing on the Slarti server recently
_________________

Family Friendly Shareware | | Web Design/Services | Free Forums

[admin (no pm's please)]

More investigation leads me to believe that this has been a widespread and insidious cancer on the entire system developing over the last several months since the phpbb3 CAPCHA system was cracked  

Quite possibly ending up with as much 10,000 spam postings daily, something like 25% of the legitimate total. Now that is "only" 6 or so posts a minute, but with bots it would not be spread out but done in fashion that would create load spikes.

Combine that with the spam increasing pressure on the already problematic backup system and don't get a good result

Hopefully there has been a whole host of actions this week that will improves things.

1) Removing the IO bottle neck caused by backups, by making them bypass the disks piping directly to their destination.
2) Disabling and in extreme cases deleting badly spammed forums.
3) Making the gallery more efficient.
4) A major purge of forums that have been inactive a very long time.
5) Making downsizer.net forums (one of the most active on the system and not a myff forum) more efficient.

I'm hoping these measures will delay the need for a new server, every server we have when responding normally is perfectly fast, as I am typing this at what is peak access time, I have looked at a large forum on every server and it has been running at a perfectly decent speed. It has been the load spikes that have caused issues.
_________________

Family Friendly Shareware | | Web Design/Services | Free Forums

[panther_dust]

i had this on one of my forums.... or an attemt anyway to stop this i simple set the user sighn up to user confirms by email. spambot doesnt use legit email so it cant retrieve it therefor cannot get access.

I hadover 150 malicius member sighn ups with names like ccccqcqqiugfkgv which is pointless.
if you wanna take alook admin its http://www.crumpled-tapes.co.nr
_________________
PD, Pantherdust, Benjamin, BMDProductions



Last edited by panther_dust on Thu May 21, 2009 5:47 pm; edited 1 time in total

[Zudane]

A lot of forums had those problems, but I think it's the extreme cases that are the problem.
_________________


Harsh Reality - Unleash your creativity!

[admin (no pm's please)]

In our case the sheer accumulation combined with the fact that it is bots doing it.

We are running three powerful servers and that has the unfortunate side effect that some issues need to get to fairly extreme levels before the problems really start flagging themselves.

We have been seeing increased load in recent months, but we have also been seeing a totally valid rise in the number of active forums on the system. We have highlighted the spam issue to phpbb3 forum owners and last time the issue was looked at, it only looked like a minor pain in the neck that phpbb3 admins would by and large deal with themselves.

Instead it is plain that a lot have simply abandoned ship leaving forums open to spammers  
_________________

Family Friendly Shareware | | Web Design/Services | Free Forums

[panther_dust]

i left them there becouse it makes the forum look bigger haha but i am still beeing very caucious about it and i always keep my eye on all the forums i help run..
_________________
PD, Pantherdust, Benjamin, BMDProductions

[admin (no pm's please)]

Slarti again got his last night and the services needed to be restarted

It may be that whilst the boards effected have been disabled, the attack is still heavy enough to cause a problem.

I will suspend said boards rather than disabling them which will mean the admins will need to come here to get them reinstated, but will lighten any attack load by a large factor.
_________________

Family Friendly Shareware | | Web Design/Services | Free Forums

[panther_dust]

can u not simply do what i did? turn all the bords to user controlled registartion so they have to click a link in an email...
_________________
PD, Pantherdust, Benjamin, BMDProductions

[admin (no pm's please)]

We don't override owner choices unless there is a totally compelling reason.
_________________

Family Friendly Shareware | | Web Design/Services | Free Forums

[panther_dust]

server overload... sounds good enough to me..
_________________
PD, Pantherdust, Benjamin, BMDProductions

[admin (no pm's please)]

Good enough to cause radical action yes. In fact forum suspension, but forum suspension whilst more severe is not the same as overriding owner choices and just overriding the choices does not stop the problems on the forums where the issue is occurring. e.g. the spammers are registered and active.
_________________

Family Friendly Shareware | | Web Design/Services | Free Forums

[panther_dust]

very true. so it would be a case of erase the spambots and ban the ip from the server then lots of modifications.. i see.....
_________________
PD, Pantherdust, Benjamin, BMDProductions

[Zudane]

The spam bots come from hundreds of IPs.  IP bans actually aren't that useful, because each time a typical person reconnects to the internet their IP changes slightly.  Someone else gets that IP and is wrongfully banned, while the person you wanted is free to visit.  Ban an IP range and you ban a collection of people for the sake of one.

All in all, I like admin's idea, because it doesn't change how the forum is run, it simply disallows access unless the owner is willing to make the needed changes.
_________________


Harsh Reality - Unleash your creativity!

[admin (no pm's please)]

IP bans don't work for the reasons stated.

The important thing is to lesson the impact on any spambots. A suspension does this 1000x more effectively than a board being disabled.
_________________

Family Friendly Shareware | | Web Design/Services | Free Forums

[admin (no pm's please)]

Having wiped out the spammers, they continue to creep back onto other abandoned forums.

Of course now the problem is more recognized as a chronic one it can be part of a daily review, and the new management code will create a tighter net.

---

_________________

Family Friendly Shareware | | Web Design/Services | Free Forums