12 ->
^^
vv
List results:
Search options:
Use \ before commas in usernames
Hey,

Some of you may have noticed a growing trend in Russian bots posting an obscene amount of spam on the boards. We've had at least three previous attempts to nip this in the bud, two temporarily successful and one heinously unsuccessful.

The unsuccessful attempt revolved around enabling phpBB's visual confirmation mode for new user registrations. I notice that the phpBB team have now enabled this by default in the latest version, and I'm going to be highly amused when they discover (as we did) that there is already a pretty clever bot out there that has no problem parsing the PNG file it generates (and I remember telling Saber there would be stuff out there before too much longer that would have this capability). I know both Nate and I have a degree of respect for the spambot writer for managing to write something that is able to defeat an (albeit crap) Turing-esque test.

phpBB's defences suck, then (like we didn't know that already), so we had to come up with something ourselves. I added some forensic code to the boards so we could figure out what the bots were doing, I analysed the results following another attack, had a chat about the situation with Nate and Radix, and then I wrote an aggressive honeypot "security through obscurity" patch, which has just been installed. Security through obscurity is frowned upon by most security minded people (myself included), but unfortunately there's not much option in this case when you're using someone else's software.

So, if you encounter any weirdness regarding registration or editing your profile, please let us know, as the patch may be responsible. We've tested with all the browsers we've got and there don't appear to be any problems.

I'd also like to apologise to the mods who had to clean up the mess after the last spam attack, but it was necessary that it took place so we had some forensic data to work with.

If you're interested in what the patch does, have a look at the source code of the registration page and do a search for "honeypot". You should be able to figure it out from there.

-grenola
Thread title: 
let the grenola worship begin!!

what would we do without him?! X_X
Quote from nate:
what would we do without him?! X_X


Uh...everything? :P
You have no idea how stupid I'm going to look in half an hour when another load of spam gets dumped on the boards.

hahaha, I crack myself up.
i simply do not have the time to be spending my entire life with my face buried in phpbb's excrement. grenola is an invaluable asset to this community.
l'appel du vide
I, for one, welcome our new pseudo snack food overlord.
Quote from nate:
what would we do without him?! X_X


Something e-::is shot::
in the name of justice!
Quote from DJGrenola:
I know both Nate and I have a degree of respect for the spambot writer for managing to write something that is able to defeat an (albeit crap) Turing-esque test.

Oh, gunship, I hope my girlfriend didn't think that copy of GEB was a birthday present. >.<  </random>

Anyway, this is awesome, like always, grenola.

Hrmm...damn, I don't get it yet though.  Nobody ruin it for me! XD
*Genuflects.* Silly Russians.

So, how long for the Turing bots figure how to run Echoes low-percent (SW assisted)?

*Runs.*
Quote from doninss:
*Genuflects.* Silly Russians.

So, how long for the Turing bots figure how to run Echoes low-percent (SW assisted)?

*Runs.*


haha, yeah, it's a shame I've not really had a chance to properly look at doing that run. I got stuck in the route walkthrough attempting the robot hop. :(
PAGE BREAKER
Ready and willing.
I noticed nate's and now Chanoire's sigs have lost their ability to parse BBCode... if it's anything like that avatar locking bug, reediting the profile should fix it. Definitely seems like it could be related to this patch...
Quote from DJGrenola:
We've tested with all the browsers we've got and there don't appear to be any problems.


*ahem*
Quote:
I noticed nate's and now Chanoire's sigs have lost their ability to parse BBCode... if it's anything like that avatar locking bug, reediting the profile should fix it. Definitely seems like it could be related to this patch...

I noticed when making my last post that quotes with arguments like the above weren't working (in a post, I mean, not just in my sig) but removing the name did.  Odd.
I'm arrogantly and optimistically going to deny responsibility, because the patch doesn't touch anything to do with signatures. Furthermore, this issue affects posts as well as sigs, as Hejira demonstrated, and the patch doesn't touch the posting code either - it's purely a registration / profile hack.

Nate, have you upgraded to two-zero-twenty yet ? Could that be causing the problem ?

Mein Gott, ich habe phpBB nicht gern.

Annoyingly, the board doesn't even seem to have been hit by one of the advanced "Type-II" bots since the patch was installed, so in all honesty there's no proof yet that it even works (there have been a bunch of Type-I attacks, but my older "zimetone" patch would have been enough to keep them out).
Strategy Guide Writer
I still say "happy days" to the manual account activation at SCU. That's a rock solid solution to the problem :P But nice work DJ if it works.  :D

BTW: Does anyone know if vBulletin has any such problems with spambots? (Seeing as that's a paid for service).
Yeah, I originally felt that manual account activation at scu wasn't the cleverest idea as it would annoy new users, but it definitely has merit now this swarm of bots has descended. It does generate a lot of extra work for whoever admins the board though - I think nate would rather that his workload is kept as small as possible, particularly with regard to banal administrative tasks like policing the forum (so he gets me to do it instead. :P)

As to whether it works, well, we'll see. I'm actually seriously shocked at how frequent these attacks are now - it looks like the last patch we applied must have stopped hundreds of bots already (I'm considering another patch for the purposes of gathering statistics purely from a security geek point of view). It is of course always possible that they have humans going round creating accounts and then use bots to actually post the spam once the accounts are active - there's really very little that can be done if that's the case.

More automation !
komputer ftw.

about the bbcode, i'm 99% sure it was the upgrade to .20. unfortunately, i may not have time to look at it until tonight. i'm going to try some crude stuff in the meantime to try to get it temporarily working again, but i can't promise anything as today is a really bad day for this.

edit: this is not going well.
red chamber dream
*bows to Grenola*

I don't understand half of this thread, but you're still the shit.
*flies grenola to arcterra to get the last artifact there*
just had a look at the logs this morning, and there's indeed at least one type-II been stopped by the patch, so hopefully this should mark the end of the problems until we reach defcon 2.

-g
i'm assuming defcon 1 is samusforum.co.uk style capitulation to manual verification? :)
Strategy Guide Writer
Quote from nate:
i'm assuming defcon 1 is samusforum.co.uk style capitulation to manual verification? :)

It's guaranteed to work though... :P

Defcon 1 FTW! ;)
in the name of justice!
I will certainly give you that it works, Mills...

you never verified my account!  =)  Keeping those dregs out, I see...ah well, I don't think I would have ever done much anyways.
as i un-announcement this topic, i just thought it would be nice to officially declare victory over all contemporary spambots. feel free to smile, because you are someplace special right now.
Quote from nate:
as i un-announcement this topic, i just thought it would be nice to officially declare victory over all contemporary spambots. feel free to smile, because you are someplace special right now.

Hmmm...
* considers registering an alt account under the name "Olga3478" and spamming the hell out of the boards, just to piss nate off *
* decides against it *
...
Excellent news, sir.  I can now bask in the knowledge that all spam on these boards is strictly authentic, human-created spam.  The "LOL!!1!1!!" variety, not the "visit my website to see the best real estate deals" kind of spam.
...
I do indeed feel special now.
* smiles *