[CentOS-devel] URGENT: Website and fora at risk due to automated spammer account creation
incoming-centos at rjl.com
Wed Sep 14 23:19:43 EDT 2011
On 09/14/2011 05:05 PM, Nataraj wrote:
> On 09/14/2011 08:44 AM, Phil Schaffner wrote:
>> Forum moderators have been battling spammers creating bogus accounts by
>> the thousands using automated "bots". The only way moderators currently
>> have to attack the problem is by a laborious process of searching for
>> such accounts and selecting them for deletion. This has been working,
>> although at the cost of considerable time to perform the operations;
>> however, such accounts are currently being created at a rate of
>> thousands per day making deletion of 50 at a time via the web interface
>> a practical impossibility.
>> Our approach has been to delete all "Inactive" accounts more than 7 days
>> old (these are being created at a rate of about 1 per minute) and
>> "Active" accounts with no posts and either no logins, or with no logins
>> in the last 30 days. The latter are the rapidly growing problem, and
>> more than 40,000 accounts with zero posts created between 7 and 30 days
>> ago currently exist. Account creation at this rate will likely bring
>> the site down if the situation is not dealt with soon.
>> Proposed approach:
>> 1. Implement some automated way of deleting accounts as described above.
>> 2. Implement captcha or some other mechanism in the account creation
>> process to foil the bots.
>> CentOS-devel mailing list
>> CentOS-devel at centos.org
> While I don't know exactly what these particular attacks look like, I'm
> wondering if you could use iptables ability to block ip's that have
> excessive incoming connection rates. You might also look at fail2ban.
> One other useful thing to look at, which would of course require you to
> implement for the forums website is the postscreen technology in the
> postfix smtp implementation. postscreen receives the incoming smtp
> connection and then has its own algorithms for determining if the
> connection is legitimate and then hands of legitimate connections to the
> actual smtp agent retransmitting the data that it has already received
> on the connection. I'm not sure how useful it would be here or if
> something like that would introduce too many delays for a website, but
> it is a potentially interesting and effective technology which could
> have relevance here.
> CentOS-devel mailing list
> CentOS-devel at centos.org
One further idea that I just ran across is to require that posters have
a confirmed email address on file. The first time they post, or if they
haven't posted for some time, send a confirmation request to the email
address on file and delay the post until it is confirmed. If necessary
the confirmation could require reading a character string from a graphic
image and entering it on the website.
More information about the CentOS-devel