http://bugs.centos.org/view.php?id=5105
Forum moderators have been battling spammers creating bogus accounts by the thousands using automated "bots". The only way moderators currently have to attack the problem is by a laborious process of searching for such accounts and selecting them for deletion. This has been working, although at the cost of considerable time to perform the operations; however, such accounts are currently being created at a rate of thousands per day making deletion of 50 at a time via the web interface a practical impossibility.
Our approach has been to delete all "Inactive" accounts more than 7 days old (these are being created at a rate of about 1 per minute) and "Active" accounts with no posts and either no logins, or with no logins in the last 30 days. The latter are the rapidly growing problem, and more than 40,000 accounts with zero posts created between 7 and 30 days ago currently exist. Account creation at this rate will likely bring the site down if the situation is not dealt with soon.
Proposed approach:
1. Implement some automated way of deleting accounts as described above. 2. Implement captcha or some other mechanism in the account creation process to foil the bots.
Phil
On 09/14/2011 08:44 AM, Phil Schaffner wrote:
http://bugs.centos.org/view.php?id=5105
Forum moderators have been battling spammers creating bogus accounts by the thousands using automated "bots". The only way moderators currently have to attack the problem is by a laborious process of searching for such accounts and selecting them for deletion. This has been working, although at the cost of considerable time to perform the operations; however, such accounts are currently being created at a rate of thousands per day making deletion of 50 at a time via the web interface a practical impossibility.
Our approach has been to delete all "Inactive" accounts more than 7 days old (these are being created at a rate of about 1 per minute) and "Active" accounts with no posts and either no logins, or with no logins in the last 30 days. The latter are the rapidly growing problem, and more than 40,000 accounts with zero posts created between 7 and 30 days ago currently exist. Account creation at this rate will likely bring the site down if the situation is not dealt with soon.
Proposed approach:
- Implement some automated way of deleting accounts as described above.
- Implement captcha or some other mechanism in the account creation
process to foil the bots.
Phil _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
While I don't know exactly what these particular attacks look like, I'm wondering if you could use iptables ability to block ip's that have excessive incoming connection rates. You might also look at fail2ban.
One other useful thing to look at, which would of course require you to implement for the forums website is the postscreen technology in the postfix smtp implementation. postscreen receives the incoming smtp connection and then has its own algorithms for determining if the connection is legitimate and then hands of legitimate connections to the actual smtp agent retransmitting the data that it has already received on the connection. I'm not sure how useful it would be here or if something like that would introduce too many delays for a website, but it is a potentially interesting and effective technology which could have relevance here.
Nataraj
On 09/14/2011 05:05 PM, Nataraj wrote:
On 09/14/2011 08:44 AM, Phil Schaffner wrote:
http://bugs.centos.org/view.php?id=5105
Forum moderators have been battling spammers creating bogus accounts by the thousands using automated "bots". The only way moderators currently have to attack the problem is by a laborious process of searching for such accounts and selecting them for deletion. This has been working, although at the cost of considerable time to perform the operations; however, such accounts are currently being created at a rate of thousands per day making deletion of 50 at a time via the web interface a practical impossibility.
Our approach has been to delete all "Inactive" accounts more than 7 days old (these are being created at a rate of about 1 per minute) and "Active" accounts with no posts and either no logins, or with no logins in the last 30 days. The latter are the rapidly growing problem, and more than 40,000 accounts with zero posts created between 7 and 30 days ago currently exist. Account creation at this rate will likely bring the site down if the situation is not dealt with soon.
Proposed approach:
- Implement some automated way of deleting accounts as described above.
- Implement captcha or some other mechanism in the account creation
process to foil the bots.
Phil _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
While I don't know exactly what these particular attacks look like, I'm wondering if you could use iptables ability to block ip's that have excessive incoming connection rates. You might also look at fail2ban.
One other useful thing to look at, which would of course require you to implement for the forums website is the postscreen technology in the postfix smtp implementation. postscreen receives the incoming smtp connection and then has its own algorithms for determining if the connection is legitimate and then hands of legitimate connections to the actual smtp agent retransmitting the data that it has already received on the connection. I'm not sure how useful it would be here or if something like that would introduce too many delays for a website, but it is a potentially interesting and effective technology which could have relevance here.
Nataraj
CentOS-devel mailing list CentOS-devel@centos.org http://lists.centos.org/mailman/listinfo/centos-devel
One further idea that I just ran across is to require that posters have a confirmed email address on file. The first time they post, or if they haven't posted for some time, send a confirmation request to the email address on file and delay the post until it is confirmed. If necessary the confirmation could require reading a character string from a graphic image and entering it on the website.
Nataraj
On 09/14/2011 05:44 PM, Phil Schaffner wrote:
Proposed approach:
- Implement some automated way of deleting accounts as described above.
- Implement captcha or some other mechanism in the account creation
process to foil the bots.
I guess that someone with access to the machine and the corresponding mysql db/tables can do that, assuming that such 'research' has to be done to know what to delete from the xoops db ... I don't know if captcha is available for that old xoops version. What i did for the fr.centos.org forum (using captcha by default) was also to moderate the first post of every new user : spammers not seeing their posts appearing on the forum stop to post (i guess the bot does a check and stop after several attempts). That means that the moderator (me) has to check the first post of each new user, but that's safer and easier than having to deal with millions of posts from autogenerated accounts
Fabian
Време: 09/15/2011 12:54 PM, Fabian Arrotin пише:
On 09/14/2011 05:44 PM, Phil Schaffner wrote:
Proposed approach:
- Implement some automated way of deleting accounts as described above.
- Implement captcha or some other mechanism in the account creation
process to foil the bots.
I guess that someone with access to the machine and the corresponding mysql db/tables can do that, assuming that such 'research' has to be done to know what to delete from the xoops db ... I don't know if captcha is available for that old xoops version. What i did for the fr.centos.org forum (using captcha by default) was also to moderate the first post of every new user : spammers not seeing their posts appearing on the forum stop to post (i guess the bot does a check and stop after several attempts). That means that the moderator (me) has to check the first post of each new user, but that's safer and easier than having to deal with millions of posts from autogenerated accounts
Fabian
+1
Fabian Arrotin wrote on 09/15/2011 06:54 AM: ...
I guess that someone with access to the machine and the corresponding mysql db/tables can do that, assuming that such 'research' has to be done to know what to delete from the xoops db ... I don't know if captcha is available for that old xoops version. What i did for the fr.centos.org forum (using captcha by default) was also to moderate the first post of every new user : spammers not seeing their posts appearing on the forum stop to post (i guess the bot does a check and stop after several attempts). That means that the moderator (me) has to check the first post of each new user, but that's safer and easier than having to deal with millions of posts from autogenerated accounts
We are not having a problem (yet) with automated posts. The manual spammers can be dealt with fairly easily by moderators. The concern is that the thousands of bogus accounts are sooner or later going to break Xoops or otherwise bring the site to its knees.
The motivation of the bad guys is not clear to me. Perhaps they are just expecting to generate hits on their URLs by search engines, or just want to be disruptive.
Phil
On Thursday, September 15, 2011 11:28:54 AM Phil Schaffner wrote:
The motivation of the bad guys is not clear to me. Perhaps they are just expecting to generate hits on their URLs by search engines, or just want to be disruptive.
SEO spam. The ardour.org site gets hit a lot by it.
But, then again, perhaps the same folks who zorched kernel.org and the Linux Foundation sites are up to no good.
-
Fabian Arrotin -
Lamar Owen -
Ljubomir Ljubojevic -
Nataraj -
Phil Schaffner