Ask / Submit
40

Spam prevention at TJC

asked 2015-07-18 08:53:01 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2015-07-18 12:13:35 +0200

After what happened (icymi: a lot of spam questions) I think TJC needs some sort spam prevention. How about the classic "type these numbers" challenge when posting new questions?

E2: DON'T TOUCH THE SPAM

edit retag flag offensive close delete

Comments

Well, no-one will notice this, spam is still flooding in.

jollailija ( 2015-07-18 08:54:49 +0200 )edit

Hopefully this problem gets fixed soon. Together is almost unusable now :(.

veps2i ( 2015-07-18 09:03:34 +0200 )edit

@veps2i Yep. Someone has started marking the questions as spam, but they need to be REMOVED as you can't find anything from the front page as real quesions get buried under the spam.

jollailija ( 2015-07-18 10:46:45 +0200 )edit
1

Some legit accounts have been hijacked...

objectifnul ( 2015-07-18 10:59:52 +0200 )edit

It seems the spam tagging is done mostly by community members and not by jolla. They are on weekend. So everyone who can help doing sth. manually shoud do so. Thanks

silmoc ( 2015-07-18 11:02:15 +0200 )edit

13 Answers

Sort by » oldest newest most voted
20

answered 2015-07-18 11:47:32 +0200

tigeli gravatar image

updated 2015-07-20 17:41:06 +0200

Keto gravatar image

The attack started yesterday and we were able to block the initial one (by blocking several Korean ISP subnets as well as Digital Ocean hosting company). Eventually we had to go sleeping and the attackers found their way.

Anyway no need for you to mark the post as spam, we at Jolla will go through them later today and remove them.

UPDATE: We first tried the built in spam detection in askbot, but that turned out to be inefficient. So we have now added captcha in the question and answer forms.

UPDATE: The captcha did not help, so it was removed. More spam detection rules were added and users are now also auto blocked after too many post attempts that are considered spam.

edit flag offensive delete publish link more

Comments

1

How about my suggestion to prevent this from happening in the future? Or is a bot-test not capable of preventing these attacks?

jollailija ( 2015-07-18 12:15:57 +0200 )edit
2

Any word about new spam prevention? I mean you already learned that blacklisting won't work - Hackers "operate" in different subnets with bot networks. Also chances are high that you block legitimate users while blocking subnets - one infected PC in the subnet is enough. Whitelisting also doesn't work as you will block legitimate IPs - The internet is just to big for that.

Also is that statement correct: "Some legit accounts have been hijacked..." and if so: Any plans to prevent that in the future?

Last: "as well as Digital Ocean hosting company" Did you inform them about the spam? ... Oh well, forget that, just googled and it seems DO has very bad spam policies.

V10lator ( 2015-07-18 12:23:10 +0200 )edit

Looks much better, thanks!!

damourti ( 2015-07-18 12:31:18 +0200 )edit
1

Oh no, it is starting again!

wanderer ( 2015-07-18 13:06:06 +0200 )edit

@V10lator the subnet blocks are just temporary measures, eventually we would have had to shutdown the site so blocking plain subnets before that is a better solution. :)

However we have not noticed that any legit accounts would have been hijacked.

We are currently working on adding some counter-measures to make the spamming more difficult. :)

tigeli ( 2015-07-18 20:12:16 +0200 )edit
3

answered 2015-07-18 11:04:24 +0200

oenone gravatar image

If you have enough karma you can close the spam questions by clicking "close" in the bottom right corner of the question, then selection "Spam or advertising" as the reason to close the question.

I just closed about five pages of this spam but it is a bit tiring and I think we can all work together!

edit flag offensive delete publish link more

Comments

Closing a spam question doesn't really help. Deep cleaning can only be performed by the admin team.

objectifnul ( 2015-07-18 11:09:55 +0200 )edit

I suspect that closing will make the deep cleaning a three-keystroke job for the admin team, rather than having them have to identify each post individually.

oenone ( 2015-07-18 11:13:21 +0200 )edit

It makes it mildly easier for me as a moderator. I don't need to confirm deletion if the question is already marked spam. Carsten said Jolla IT is working on proper cleanup. Meanwhile I try to keep an eye on newly created accounts to reduce the influx of new spam

tbr ( 2015-07-18 11:13:43 +0200 )edit

just blocked some new users and deleted a few posts, but it is again that many that an admin needs to do that from backend/db

chemist ( 2015-07-18 11:16:27 +0200 )edit
2

But at least we can help a bit by marking the spam, so it's easier to find and delete.

Also we should frequently answer this question to bring it back to the front and show tge world that we are still alive and don't let the spambots win :)

wanderer ( 2015-07-18 11:16:58 +0200 )edit
3

answered 2015-07-18 11:51:46 +0200

coderus gravatar image

tbr said: "please don't mark posts or interact with them. that puts your username on them. I almost killed a legitimate user that way..."

edit flag offensive delete publish link more

Comments

2

That's mainly relevant if new posts are flooding in, as then I can just click on the username and proceed to block them. Prod chemist or me on IRC if a new surge happens.

Old spam will get cleaned up by Tigeli and his squad, so also not necessary to touch.

tbr ( 2015-07-18 11:55:37 +0200 )edit

I retaged a couple of older questions as "spam" but stopped after the info from the jolla-admin. Hope everything will get back in good shape here on TJC.

silmoc ( 2015-07-18 12:00:27 +0200 )edit
3

answered 2015-07-18 12:20:47 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2015-07-18 12:20:47 +0200

A new wave of spam is flooding in, could you just disable registering new accounts temporarily?

edit flag offensive delete publish link more
2

answered 2015-07-18 11:14:31 +0200

Matthias gravatar image

It's not just this forum beeing flooded but several sites using the Ask Bot engine. Same spam messages everywhere.

edit flag offensive delete publish link more
1

answered 2015-07-18 16:07:24 +0200

once again: new attack started?

edit flag offensive delete publish link more

Comments

yep, started again

shfit ( 2015-07-18 18:21:20 +0200 )edit
1

answered 2015-07-20 12:19:36 +0200

cemoi71 gravatar image

updated 2015-07-20 12:20:06 +0200

Hello to the admins.
@tigeli @Keto and others
i remark you made a great job and a lot improvement.
I want just to remark that currently the registration is something really simple.
Just give a name an email and password.

If someone has already been registered i think it is easy for him to plug his spam machine.

Did you think about a stronger registration process for new users? - don't know what,add a captcha too, or one or too motivation question on why they registered, store pc signature (not pretty for private sphere but could we know if it comes from a blocked user pc)...

edit flag offensive delete publish link more

Comments

Some possible rules that can be enforced automatically:

  • only one account can be registered from one IP address the same day

  • account activation via email or SMS, delayed one hour, only one account per email address/phone number, junk addresses not allowed

  • not more than 3 questions and 6 answers/comments per user the same day if low karma

  • account closed/blocked automatically after 3 questions or comments in a non-English language, all contributions deleted or hidden

objectifnul ( 2015-07-20 14:59:25 +0200 )edit

@objectifnul could be a further good ideas. but last one could be really complicated i think. that is a full-time job for a human to control it. or should be a powerful process if it is automatic (means $$$$).

cemoi71 ( 2015-07-20 15:51:38 +0200 )edit
1

Well, the posts mostly in non usual character sets are now blocked, and also autoblocking of users is in place, so lets see how it goes...

Keto ( 2015-07-20 16:20:45 +0200 )edit

@Keto wow! i thought that the blocking of non usual character could be really complicated or expensive... seems then not to be. that's fine.
just for curiosity: could you please explain how the auto-blocking of users happened, and maybe how does it works to unblock it (in case it is done mistakenly)?
next question that i have is, are you prepared too if there is a massive English spam "overflow"?
Does make sense making the user registration something more complex too, to reduce those kind of misused (in english tongue too)? each time i remarked that those people were registered for a couple of minute ago.. and then post there threads like world-master next few minutes.
objectifnul has told some interesting point about rules for new users.No idea if it make sense or is workable.I think new users could wait at last one day until activation, and could have reduced thread productions. and tags like "spam" and "spammer" could make for the rest easy to stop it.
are just suggestions. don't want to make your job.
thank you for hearing and answering. that's great :-)

cemoi71 ( 2015-07-20 17:03:56 +0200 )edit
1

User is auto blocked after three post attempts that are considered as spam by the automatic checks. And we get notified of this so that we can remove the block if it was false positive.

For the spam prevention we took the Askbot built-in support for Akismet spam cheker in use. But that turned out to be ineffective against the non-English spam, so at the moment we are treating everything that is mostly outside of the ASCII range as spam also. It is currently very crude measure, but hopefully blocks most of the spam (until they figure out something else ;)

We will also see what can be done about the new user registration. And thank you all for all the patience, help and suggestions :)

Keto ( 2015-07-20 17:32:48 +0200 )edit
0

answered 2015-07-18 18:23:23 +0200

shfit gravatar image

Would it be possible to at least reject all posts containing korean characters for the time being? It would at least slow down this dang bot.

edit flag offensive delete publish link more
0

answered 2015-07-19 10:12:27 +0200

objectifnul gravatar image

After the Korean attacks, TJC now creates a .google.com cookie named "NID" (expiry period 6 months, scrambled content). I don't think this cookie existed before.

edit flag offensive delete publish link more

Comments

I hope that's not required for spam protection then, since Google is blocked here.

null ( 2015-07-19 10:40:45 +0200 )edit

Via hosts.deny ? Doesn't work for me (unless I use it wrongly)

objectifnul ( 2015-07-19 11:54:43 +0200 )edit

No, just in the browser.

null ( 2015-07-19 12:32:36 +0200 )edit
0

answered 2015-07-19 13:22:37 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2015-07-19 13:22:37 +0200

New attack started... I hope it ends soon :)

edit flag offensive delete publish link more

Comments

1

This time they want us to call a phpne number.

jollailija ( 2015-07-19 13:23:59 +0200 )edit

Do NOT call. Do NOT pay. Freeze the site. See https://www.projecthoneypot.org/ and specially this page: https://www.projecthoneypot.org/httpbl_implementations.php

objectifnul ( 2015-07-19 13:32:59 +0200 )edit
Login/Signup to Answer

Question tools

Follow
4 followers

Stats

Asked: 2015-07-18 08:53:01 +0200

Seen: 2,070 times

Last updated: Jul 20 '15