Of spambots and delayed posts

Click here for the latest news
Post Reply
User avatar
higgins
Heresiarch
Posts: 1186
Joined: 05 Jan 2013, 08:00

Of spambots and delayed posts

Post by higgins » 12 Jun 2015, 13:40

Hi all!

This thread is going to be very simple at its core: I simply want to offer an apology to everyone that has had their initial post delayed in this forums. And as I've had to approve the posts of every single person in this board, this means everyone of you.

I'm aware of how annoying it can be, but here are some examples on why such amount control is strictly necessary.

Exhibit #1:
The first iteration of this forum had a massive breach. I used the phpBB inbuilt captcha, which just wasn't enough. In short, the forum got filled with weird links and meaningless dribble before we even managed to announce its existence on the TROSfans. As the forum had only a couple of users (me and Agamemnon) and the breach was so bad... I just reinstalled it from scratch.

Exhibit #2:
So I went with Google captcha. Google knows what they are doing, right? Well, a spammer managed to get past that one as well, but I had the approval-countermeasures on by then. The damage was under control, but clearly the Google captcha wasn't doing its job. So, this is why you guys have to arrange up the image as you first register, as it's not a widespread countermeasure and not something most bots can handle on their own.

Exhibit #3:
In truth, that previous breach actually involved two breaches. Two users registered at the same time, one went full-on spamming immediately and the other account lay dormant for over a month before attempting to spew the same crap that the previous, now banned user. So, despite having their IP banned, the same people still managed to harass us twice. Luckily, the approval-countermeasures saved our bacon once more.

Exhibit #4:
Next breach happened on our old wordpress-based main website. The spambots are getting so smart than they can actually post generic, but legit-looking posts to get the first approval, presumably to land a full scale assault after the initial post is approved.
where to buy a metronome wrote:Howdy! I could have sworn I've visited your blog before but after looking at a few of the posts I realized it's new to me. Anyhow, I'm certainly happy I came across it and I'll be book-marking it and checking back regularly!
I almost fell for that one! The grammar was there, it showed an interest... yet the name gave it away. I was about to approve the comment as I realized how generic it was. It's applicable to literally almost any blog-style website out there. So, yeah, a spammer it was. And they're just not parroting that single paragraph -- bots can make modifications and mix it up!

After that kind of subtlety, I started wondering at what point will the bots be taking the context into account? Well, I can just say that we no longer need to wonder, as it became a reality today:

Exhibit #5:
Image

In short, not only did the spammer manage to get past the non-standard captcha (not a surprise, really, as there are captcha-solving sweatshops out there), but this time... there wasn't any obvious spam or generic texts. This time, the spambot chose to copy another post from our forums... and re-post it.

So, yeah... I just hope the spambot realized the irony in what kind of post it chose to replicate before I booted it from our boards and banned its IP forever.

Here's to hoping they won't teach it to pick out a more subtle post the next time around.
"You can never have too many knives."
- Logen Ninefingers, The Blade Itself
User avatar
higgins
Heresiarch
Posts: 1186
Joined: 05 Jan 2013, 08:00

Re: Of spambots and delayed posts

Post by higgins » 01 Apr 2017, 15:33

Okay, today we got infiltrated by an evangelical krishna-bot. Definitely a first for me. You simply can't make that stuff up. :lol:
"You can never have too many knives."
- Logen Ninefingers, The Blade Itself
User avatar
Korbel
Standard Bearer
Posts: 1153
Joined: 13 Apr 2015, 12:09
Location: Poland

Re: Of spambots and delayed posts

Post by Korbel » 02 Apr 2017, 04:07

higgins wrote:Okay, today we got infiltrated by an evangelical krishna-bot. Definitely a first for me. You simply can't make that stuff up. :lol:
Don't tell me you didn't expect that, starting a forum named grandheresy... :D
User avatar
higgins
Heresiarch
Posts: 1186
Joined: 05 Jan 2013, 08:00

Re: Of spambots and delayed posts

Post by higgins » 02 Apr 2017, 10:20

Touché! :lol:
"You can never have too many knives."
- Logen Ninefingers, The Blade Itself
User avatar
Benedict
Standard Bearer
Posts: 1035
Joined: 23 May 2016, 09:52

Re: Of spambots and delayed posts

Post by Benedict » 03 Apr 2017, 04:08

Bots. Hate these things. One countermeasure that could work to some extend would be to limit linking and signatures apart from post approval. For example:

After X posts

X=10 You can post without post approval
x=20 You can have link in post without approval
x=40 You get access to signature feature

One thing they usually do is numerous links to adds through signature. Restricting rights in this way can deal a serious blow on some bots. In essence you'd have 20 approvals do deal with, then 20 more posts to check out behavior consistency. Ofc these numbers are hypothetical, you can set the limits that best suit you.

As captcha goes, while it seems a solid way to beat bots, unfortunately spammers have found a hole against it. The most usual tactic is to set up a phony porn/music/movie DL or view portal which has a "captcha" to access their "free" features, but when you do the test it takes you through a loop of adds/new captcha. What happens in reality? Their captcha is phony, in essence its a link to another serious site proteced by captcha, and the spammers trick users to beat the legit captcha for them. :?

The most serious thing about the blog forum is that its not a secure connection. While we users can do things to protect ourselves (for example by not sharing email addresses in the open, use a unique password that we change regularly, etc), a non-secure connection is an open invitation to spam bot algorithms.
Last edited by Benedict on 05 Apr 2017, 11:52, edited 1 time in total.
"The fool doth think he is wise, but the wise man knows himself to be a fool."
― Touchstone
User avatar
higgins
Heresiarch
Posts: 1186
Joined: 05 Jan 2013, 08:00

Re: Of spambots and delayed posts

Post by higgins » 05 Apr 2017, 03:26

I originally required three posts before approval was no longer required, but that was a huge pain. With more mods than just me and Agamemnon it might be doable. Signature limitations are a good idea but on the other hand makes spammers harder to spot without the telltale signature.

As for transitioning to https, that's on my short list as far as our forums are concerned, but I want to try it out on a pilot project first.
"You can never have too many knives."
- Logen Ninefingers, The Blade Itself
Post Reply