asked 2015-07-18 08:53:01 +0300
This post is a wiki. Anyone with karma >75 is welcome to improve it.
After what happened (icymi: a lot of spam questions) I think TJC needs some sort spam prevention. How about the classic "type these numbers" challenge when posting new questions?
E2: DON'T TOUCH THE SPAM
answered 2015-07-18 11:47:32 +0300
The attack started yesterday and we were able to block the initial one (by blocking several Korean ISP subnets as well as Digital Ocean hosting company). Eventually we had to go sleeping and the attackers found their way.
Anyway no need for you to mark the post as spam, we at Jolla will go through them later today and remove them.
UPDATE: We first tried the built in spam detection in askbot, but that turned out to be inefficient. So we have now added captcha in the question and answer forms.
UPDATE: The captcha did not help, so it was removed. More spam detection rules were added and users are now also auto blocked after too many post attempts that are considered spam.
How about my suggestion to prevent this from happening in the future? Or is a bot-test not capable of preventing these attacks?
jollailija ( 2015-07-18 12:15:57 +0300 )editAny word about new spam prevention? I mean you already learned that blacklisting won't work - Hackers "operate" in different subnets with bot networks. Also chances are high that you block legitimate users while blocking subnets - one infected PC in the subnet is enough. Whitelisting also doesn't work as you will block legitimate IPs - The internet is just to big for that.
Also is that statement correct: "Some legit accounts have been hijacked..." and if so: Any plans to prevent that in the future?
Last: "as well as Digital Ocean hosting company" Did you inform them about the spam? ... Oh well, forget that, just googled and it seems DO has very bad spam policies.
V10lator ( 2015-07-18 12:23:10 +0300 )edit@V10lator the subnet blocks are just temporary measures, eventually we would have had to shutdown the site so blocking plain subnets before that is a better solution. :)
However we have not noticed that any legit accounts would have been hijacked.
We are currently working on adding some counter-measures to make the spamming more difficult. :)
tigeli ( 2015-07-18 20:12:16 +0300 )editanswered 2015-07-18 11:04:24 +0300
If you have enough karma you can close the spam questions by clicking "close" in the bottom right corner of the question, then selection "Spam or advertising" as the reason to close the question.
I just closed about five pages of this spam but it is a bit tiring and I think we can all work together!
Closing a spam question doesn't really help. Deep cleaning can only be performed by the admin team.
objectifnul ( 2015-07-18 11:09:55 +0300 )editIt makes it mildly easier for me as a moderator. I don't need to confirm deletion if the question is already marked spam. Carsten said Jolla IT is working on proper cleanup. Meanwhile I try to keep an eye on newly created accounts to reduce the influx of new spam
tbr ( 2015-07-18 11:13:43 +0300 )editanswered 2015-07-18 11:51:46 +0300
tbr said: "please don't mark posts or interact with them. that puts your username on them. I almost killed a legitimate user that way..."
answered 2015-07-18 12:20:47 +0300
This post is a wiki. Anyone with karma >75 is welcome to improve it.
A new wave of spam is flooding in, could you just disable registering new accounts temporarily?
answered 2015-07-20 12:19:36 +0300
Hello to the admins.
@tigeli @Keto and others
i remark you made a great job and a lot improvement.
I want just to remark that currently the registration is something really simple.
Just give a name an email and password.
If someone has already been registered i think it is easy for him to plug his spam machine.
Did you think about a stronger registration process for new users? - don't know what,add a captcha too, or one or too motivation question on why they registered, store pc signature (not pretty for private sphere but could we know if it comes from a blocked user pc)...
Some possible rules that can be enforced automatically:
only one account can be registered from one IP address the same day
account activation via email or SMS, delayed one hour, only one account per email address/phone number, junk addresses not allowed
not more than 3 questions and 6 answers/comments per user the same day if low karma
account closed/blocked automatically after 3 questions or comments in a non-English language, all contributions deleted or hidden
@objectifnul could be a further good ideas. but last one could be really complicated i think. that is a full-time job for a human to control it. or should be a powerful process if it is automatic (means $$$$).
cemoi71 ( 2015-07-20 15:51:38 +0300 )edit@Keto wow! i thought that the blocking of non usual character could be really complicated or expensive... seems then not to be. that's fine.
just for curiosity: could you please explain how the auto-blocking of users happened, and maybe how does it works to unblock it (in case it is done mistakenly)?
next question that i have is, are you prepared too if there is a massive English spam "overflow"?
Does make sense making the user registration something more complex too, to reduce those kind of misused (in english tongue too)? each time i remarked that those people were registered for a couple of minute ago.. and then post there threads like world-master next few minutes.
objectifnul has told some interesting point about rules for new users.No idea if it make sense or is workable.I think new users could wait at last one day until activation, and could have reduced thread productions. and tags like "spam" and "spammer" could make for the rest easy to stop it.
are just suggestions. don't want to make your job.
thank you for hearing and answering. that's great :-)
User is auto blocked after three post attempts that are considered as spam by the automatic checks. And we get notified of this so that we can remove the block if it was false positive.
For the spam prevention we took the Askbot built-in support for Akismet spam cheker in use. But that turned out to be ineffective against the non-English spam, so at the moment we are treating everything that is mostly outside of the ASCII range as spam also. It is currently very crude measure, but hopefully blocks most of the spam (until they figure out something else ;)
We will also see what can be done about the new user registration. And thank you all for all the patience, help and suggestions :)
Keto ( 2015-07-20 17:32:48 +0300 )editanswered 2015-07-18 18:23:23 +0300
Would it be possible to at least reject all posts containing korean characters for the time being? It would at least slow down this dang bot.
answered 2015-07-19 10:12:27 +0300
After the Korean attacks, TJC now creates a .google.com cookie named "NID" (expiry period 6 months, scrambled content). I don't think this cookie existed before.
answered 2015-07-19 13:22:37 +0300
This post is a wiki. Anyone with karma >75 is welcome to improve it.
New attack started... I hope it ends soon :)
Do NOT call. Do NOT pay. Freeze the site. See https://www.projecthoneypot.org/ and specially this page: https://www.projecthoneypot.org/httpbl_implementations.php
objectifnul ( 2015-07-19 13:32:59 +0300 )editAsked: 2015-07-18 08:53:01 +0300
Seen: 2,241 times
Last updated: Jul 20 '15
Well, no-one will notice this, spam is still flooding in.
jollailija ( 2015-07-18 08:54:49 +0300 )editHopefully this problem gets fixed soon. Together is almost unusable now :(.
veps2i ( 2015-07-18 09:03:34 +0300 )edit@veps2i Yep. Someone has started marking the questions as spam, but they need to be REMOVED as you can't find anything from the front page as real quesions get buried under the spam.
jollailija ( 2015-07-18 10:46:45 +0300 )editSome legit accounts have been hijacked...
objectifnul ( 2015-07-18 10:59:52 +0300 )editIt seems the spam tagging is done mostly by community members and not by jolla. They are on weekend. So everyone who can help doing sth. manually shoud do so. Thanks
silmoc ( 2015-07-18 11:02:15 +0300 )edit