Board index Discussion Music Discussion

Recent Spam Bot Attack

Talk about all music related topics
Post a reply
16 posts • Page 1 of 21, 2

Recent Spam Bot Attack

Postby lothario » Sun Nov 18, 2012 10:19 am

This weekend a massive spam bot attack came about. I wasn't aware of this until today, but luckily the moderators and Aquila took care of the worst. Massive thanks to them!

I've taken some measures to avoid this in the near future:

I've made Aquila administrator, so he won't have to create an emergency admin user again.

I've set up new registrations to be activated by myself, so all new registrations go through the music-playground@music-playground.net mail for now. This will eventually be changed to email activation, when things cool down.

New users needs to post 2 times, before they can create a topic.

A captcha is set up instead of a Q&A security question.

This will help keeping an eye on spam bots for now.
User avatar
lothario
General
General
 
Posts: 1894
Joined: Thu Sep 13, 2007 4:11 pm
Location: Copenhagen, Denmark

Re: Recent Spam Bot Attack

Postby Aquila » Sun Nov 18, 2012 10:52 am

Just be wary that opting to approve each registration manually can consume a fair amount of time if the site gets attacked with hundreds of bots again.
Est. 1981
User avatar
Aquila
Lieutenant Colonel
Lieutenant Colonel
 
Posts: 1619
Joined: Fri Sep 14, 2007 9:26 am
Location: Cairns, Australia

Re: Recent Spam Bot Attack

Postby Aquila » Sun Nov 18, 2012 10:55 am

FWIW I still like the idea of a changeable password in the Q&A field in the registration page. How easy would it be to create a box on the homepage that displays the current required password (which can be changed by admins)?
Est. 1981
User avatar
Aquila
Lieutenant Colonel
Lieutenant Colonel
 
Posts: 1619
Joined: Fri Sep 14, 2007 9:26 am
Location: Cairns, Australia

Re: Recent Spam Bot Attack

Postby lothario » Sun Nov 18, 2012 3:30 pm

Aquila wrote:FWIW I still like the idea of a changeable password in the Q&A field in the registration page. How easy would it be to create a box on the homepage that displays the current required password (which can be changed by admins)?


It can be done, but it needs a bit of tingling.
User avatar
lothario
General
General
 
Posts: 1894
Joined: Thu Sep 13, 2007 4:11 pm
Location: Copenhagen, Denmark

Re: Recent Spam Bot Attack

Postby Aquila » Sun Nov 18, 2012 9:42 pm

Well my phone kept going off throughout the night with email alerts for new registrations. 96 in total. I have a feeling this isn't going to be easy...
Est. 1981
User avatar
Aquila
Lieutenant Colonel
Lieutenant Colonel
 
Posts: 1619
Joined: Fri Sep 14, 2007 9:26 am
Location: Cairns, Australia

Re: Recent Spam Bot Attack

Postby Aquila » Mon Nov 19, 2012 10:06 am

Well the Captcha didn't work I'm afraid. We got slammed with nearly 200 registrations in 24 hours.

I've implemented a Q&A system with an 8-character case-sensetive password hidden in an animated GIF. The field currently has the link to the GIF in text form which registrants need to copy/paste into a new window/tab. Followed by admin approval after that. Let's see if that helps.
Est. 1981
User avatar
Aquila
Lieutenant Colonel
Lieutenant Colonel
 
Posts: 1619
Joined: Fri Sep 14, 2007 9:26 am
Location: Cairns, Australia

Re: Recent Spam Bot Attack

Postby Aquila » Mon Nov 19, 2012 10:21 am

Also, the recent spam increase is not just ours. Apparently there's some new intelligent spambot software that is smart enough to interpret standard questions and answer them, crack most captcha scripts and bypass most standard phpbb security measures. Check this thread out: https://www.phpbb.com/community/viewtop ... 5&start=15
Est. 1981
User avatar
Aquila
Lieutenant Colonel
Lieutenant Colonel
 
Posts: 1619
Joined: Fri Sep 14, 2007 9:26 am
Location: Cairns, Australia

Re: Recent Spam Bot Attack

Postby lothario » Mon Nov 19, 2012 5:23 pm

Aquila wrote:Well my phone kept going off throughout the night with email alerts for new registrations. 96 in total. I have a feeling this isn't going to be easy...


That's odd, I haven't received a single one... might check up on mail settings.
User avatar
lothario
General
General
 
Posts: 1894
Joined: Thu Sep 13, 2007 4:11 pm
Location: Copenhagen, Denmark

Re: Recent Spam Bot Attack

Postby Aquila » Mon Nov 19, 2012 8:58 pm

lol ok...somehow I ended up with all the notifications :P
Est. 1981
User avatar
Aquila
Lieutenant Colonel
Lieutenant Colonel
 
Posts: 1619
Joined: Fri Sep 14, 2007 9:26 am
Location: Cairns, Australia

Re: Recent Spam Bot Attack

Postby lothario » Mon Nov 19, 2012 10:35 pm

Aquila wrote:lol ok...somehow I ended up with all the notifications :P


Was it your personal email? It should be music-playground@music-playground.net...
User avatar
lothario
General
General
 
Posts: 1894
Joined: Thu Sep 13, 2007 4:11 pm
Location: Copenhagen, Denmark

16 posts • Page 1 of 21, 2
Post a reply

Who is online

Users browsing this forum: No registered users and 1 guest

cron