Page 1 of 1

the forum is spamming me

Posted: Sun Feb 25, 2018 10:35 pm
by filbo
I seem to be getting a set of 10 emails about spam posts by exterminated accounts 'GalenPi' and 'Ridgecopy', from Jan 14th, over and over. The emails actually claim to be dated Jan 14th (internal Date: header), but issue from artsoft.org last night.

Ohhh... hmmm, they're from staging dot whatever. Working on antispam scripts last night?

Re: the forum is spamming me

Posted: Mon Feb 26, 2018 6:08 am
by Holger
First of all, I have to apologize for these unwanted side effects! :(

Apparently all users of the forum got these spam mails. Oh well... :-o

Yes, you're sort of right -- I had an older copy of the forum at staging.artsoft.org for some testing purposes, which did not have the effective anti-spam measures activated as the "real" forum at www.artsoft.org has. Unfortunately, spam accounts registered at that staging forum and started spamming it... :-(

I've deleted it for now. Please let me know if you should get any further spam mails. (You shouldn't, but if I should have overseen something, I would have to take further actions.)

Re: the forum is spamming me

Posted: Tue Feb 26, 2019 7:42 am
by Qufrarynai
I also received a lot of letters from the forum in a few days. This is normal?

Re: the forum is spamming me

Posted: Tue Feb 26, 2019 9:16 am
by Holger
Yes, it is normal that you get notification mails for new posts or topics in those sub-forums you are subscribed to.

If you go to your User Control Panel, you can unmark topics that you don't want to watch or receive notification mails about.

Re: the forum is spamming me

Posted: Tue Jul 23, 2019 8:23 pm
by Grunt002
I got my first spam PM ever that made its way into my inbox today. I took it as a calling to check out the forums again and boy am I glad to see this place after all those years.

Re: the forum is spamming me

Posted: Tue Jul 30, 2019 5:35 pm
by Metalmorphosis
Woah, long time not seen. Well, I'm afraid I have to report something I hoped it won't be necessary, but it's getting annoying.

Since yesterday, I keep getting notifications about new PM's by a user named "Lolitanic777", subject "XEvil can break ANY Captcha!". I haven't opened any of these messages yet and I don't have any interest doing that in the near future.

Re: the forum is spamming me

Posted: Tue Jul 30, 2019 8:15 pm
by Eizzoux
Yep, got 3 same message from same darn bot. I think forum should probably have some kind of "blocking" option to prohibit any messages from blocked user... maybe from foe, I dunno

Re: the forum is spamming me

Posted: Wed Jul 31, 2019 5:57 am
by filbo
It should disallow PMs from new users (make them wait 24h at least); and no more than 2 sent-not-yet-received PMs from a new user (1st 6 months or so).

Of course any such restrictions can be worked around if they're sufficiently diligent. Create accounts 6mo in advance, attack later. Or create many accounts 24h in advance. But most aren't going to go to that sort of trouble.

Re: the forum is spamming me

Posted: Fri Aug 09, 2019 1:04 pm
by Holger
Sorry for all these inconveniences regarding private forum messages and posts containing just spam -- I was on vacation for the last three weeks and did not read my mails or check the forum. :-(

Apparently a few days after I was away, a whole bunch (well, several hundreds) of spam users were registered by a script, and although the spam posts created by them did not get through (I have to confirm the very first post of any newly registered user), these new users apparently can immediately start sending forum PMs to all users. :-(

I have changed this now -- users in the "new users" group" should not be able to send PMs now until they have written at least one post that was confirmend by the admin. In addition, I've limited sending PMs to only one forum user, so PMs to all forum users are not allowed anymore.

I really hate this; whenever I think the forum is finally spam-proof, they find another way to place their spam trash. :-(

Re: the forum is spamming me

Posted: Fri Aug 09, 2019 7:18 pm
by Holger
Oh well, it seems that I was happy too soon, as I nearly forgot the initial attack vector: The registration captcha, which asks R'n'D related questions. It does not help at all to activate new users manually it they are spam users, so they have to be blocked away directly at the registration phase. Apparently this is not the case anymore since 2019-07-25. :-(

I've added some logging to the forum to see what the results are when new users try to register to the forum. Here are some examples:

Code: Select all

Q: What is the name of the classic game that lets you push objects onto special fields to solve the level? [hermannj1]
A: puzzle [hermannj1]
SOLVED: N [hermannj1]

Q: You know the classic game that contains Murphy, zonks, infotrons, electrons and scissors -- what is the name of the Windows clone of this game that starts with "M"? [hermannj1]
A: minecraft [hermannj1]
SOLVED: N [hermannj1]

Q: R'n'D is a game in the tradition of certain classic arcade games. Enter one such game! [adexx958]
A: boulder dash [adexx958]
SOLVED: Y [adexx958]

Q: In many R'n'D style levels, there are enemies that try to kill you. Enter one such enemy!
A: bug [Autumnflide]
SOLVED: Y [Autumnflide]

Q: In many R'n'D style levels, there are enemies that try to kill you. Enter one such enemy!
A: pac man [Audreyjoype]
SOLVED: Y [Audreyjoype]

Q: What is the name of the classic game that lets you push objects onto special fields to solve the level?
A: tetris [Anthonypealk]
SOLVED: N [Anthonypealk]

Q: What is the name of the classic game that contains emeralds, bugs, spaceships, robots, bombs and dynamite? [Anthonypealk]
A:  [Anthonypealk]
SOLVED: N [Anthonypealk]

Q: In some R'n'D style levels, there are creatures that do NOT try to kill the player. Enter one such creature! [Anthonypealk]
A: pig [Anthonypealk]
SOLVED: Y [Anthonypealk]

Q: Which game element is usually needed to crack a nut in R'n'D style levels?
A:  [tomhg2]
SOLVED: N [tomhg2]

Q: In some R'n'D style levels, there are creatures that do NOT try to kill the player. Enter one such creature! [tomhg2]
A: shark [tomhg2]
SOLVED: N [tomhg2]

Q: You know the classic game that contains Murphy, zonks, infotrons, electrons and scissors -- what is the name of the Windows clone of this game that starts with "M"? [tomhg2]
A: megaplex [tomhg2]
SOLVED: Y [tomhg2]
My first thought was that the captcha answers were leaked from the database, but interestingly, there are some wrong answers like "puzzle", "minecraft", "tetris" and "shark" that let me think that the attacker might use some sort of (simple or not so simple) AI for answering the captcha questions, which would make it hard to come up with some new set of questions which would be bullet-proof against this kind of attack. :(

Re: the forum is spamming me

Posted: Fri Aug 09, 2019 8:38 pm
by Holger
OK, I've just changed the "spam countermeasures" when registering from "Q & A" to "reCAPTCHA" (the Google one with the "I'm not a robot" checkbox).

Let's see if this will improve things ... :-/

Re: the forum is spamming me

Posted: Sat Aug 10, 2019 1:06 pm
by Holger
Apparently it does not help (eight new spam user registrations since using reCAPTCHA).

Looking for a new, different solution now... :(

Re: the forum is spamming me

Posted: Sat Aug 10, 2019 4:11 pm
by Holger
Next try: I've removed all anti-spam questions that were answered correctly by the bot and added a new question for every question that was removed (to have an overall number of ten questions again).

Let's see if this works a bit better than the previous questions or the Google captcha...

Re: the forum is spamming me

Posted: Sun Aug 11, 2019 7:01 am
by filbo
Where's the '10,000 volts at 500 amps down the wire to the spam initiator' option?

Re: the forum is spamming me

Posted: Mon Aug 12, 2019 3:52 pm
by Holger
Where's the '10,000 volts at 500 amps down the wire to the spam initiator' option?
Yes, I'm also missing this option!! :lol:

BTW: The new anti-spam questions seem to work fine so far. Apparently the bot/script/AI is not as clever as I was afraid it might be. Lot's of tries by the bot script, but no successful attempt to create a new user so far...