On 09/14/2011 05:05 PM, Nataraj wrote: > On 09/14/2011 08:44 AM, Phil Schaffner wrote: >> http://bugs.centos.org/view.php?id=5105 >> >> Forum moderators have been battling spammers creating bogus accounts by >> the thousands using automated "bots". The only way moderators currently >> have to attack the problem is by a laborious process of searching for >> such accounts and selecting them for deletion. This has been working, >> although at the cost of considerable time to perform the operations; >> however, such accounts are currently being created at a rate of >> thousands per day making deletion of 50 at a time via the web interface >> a practical impossibility. >> >> Our approach has been to delete all "Inactive" accounts more than 7 days >> old (these are being created at a rate of about 1 per minute) and >> "Active" accounts with no posts and either no logins, or with no logins >> in the last 30 days. The latter are the rapidly growing problem, and >> more than 40,000 accounts with zero posts created between 7 and 30 days >> ago currently exist. Account creation at this rate will likely bring >> the site down if the situation is not dealt with soon. >> >> Proposed approach: >> >> 1. Implement some automated way of deleting accounts as described above. >> 2. Implement captcha or some other mechanism in the account creation >> process to foil the bots. >> >> Phil >> _______________________________________________ >> CentOS-devel mailing list >> CentOS-devel at centos.org >> http://lists.centos.org/mailman/listinfo/centos-devel > While I don't know exactly what these particular attacks look like, I'm > wondering if you could use iptables ability to block ip's that have > excessive incoming connection rates. You might also look at fail2ban. > > One other useful thing to look at, which would of course require you to > implement for the forums website is the postscreen technology in the > postfix smtp implementation. postscreen receives the incoming smtp > connection and then has its own algorithms for determining if the > connection is legitimate and then hands of legitimate connections to the > actual smtp agent retransmitting the data that it has already received > on the connection. I'm not sure how useful it would be here or if > something like that would introduce too many delays for a website, but > it is a potentially interesting and effective technology which could > have relevance here. > > Nataraj > > _______________________________________________ > CentOS-devel mailing list > CentOS-devel at centos.org > http://lists.centos.org/mailman/listinfo/centos-devel One further idea that I just ran across is to require that posters have a confirmed email address on file. The first time they post, or if they haven't posted for some time, send a confirmation request to the email address on file and delay the post until it is confirmed. If necessary the confirmation could require reading a character string from a graphic image and entering it on the website. Nataraj