Forum Index » Website & Forum Admin/Support » site being hacked


Display Avatars Sort By:
John West
(skyzo) - F

Locale: Borah Gear
Re: Re: Re: Re site being hacked on 10/14/2012 20:19:52 MDT Print View

This is getting out of control.

Eric Lundquist
(cobberman) - F - M

Locale: Northern Colorado
Re: site being hacked on 10/14/2012 20:23:53 MDT Print View

They're even posting in the "Site Being Hacked" thread.

John Donewar
(Newton) - MLife

Locale: Southeastern Louisiana
Re: Re: site being hacked on 10/14/2012 20:47:07 MDT Print View

Attention Moderators,

by greenaonir aifsengh

Most if not all of these SPAM posts are by the above spammer.

I know its not this simple but block his user name or block his IP address!

Saying "this is getting out of hand" implies that we ever had a hand on it.

I say again, we need to oversee the posts of people new to the forum. Let the noobies view the content that is freely available but moderate and approve their posts for a period of time before allowing free accesss to posting JUNK like these SPAM posts. We can't keep letting stuff like this happen to these forums and expect any new "serious" interested guests or prospective members to even consider BPL as a helpful or informative website.

There is a page and half when I last looked of JUNK on the recent posts listing!

Uncle Jed Clampett said it best, "Pitiful, just pitiful"!

Party On ;-?

Newton

John Donewar
(Newton) - MLife

Locale: Southeastern Louisiana
Re: Re: Re: site being hacked on 10/14/2012 21:07:27 MDT Print View

Close the screen door already the flies are getting in!

247 JUNK/SPAM posts in under 3 hours, "C'mon man"!

Update the software and moderate the noob posts!

Party On,

Newton ;-(

Edited by Newton on 10/14/2012 21:17:47 MDT.

Mary D
(hikinggranny) - MLife

Locale: Gateway to Columbia River Gorge
site being hacked on 10/14/2012 21:43:22 MDT Print View

This does seem more like a malicious attack rather than a simple spammer.

Who is a moderator besides Roger? I sent him a PM but he's obviously not at home (it's midday tomorrow where he is).

More moderators are needed here!

Edit: I see the poster's name just got changed to SPAM, which at least means the incoming flow has been stopped!

Second massive attack in 5 days, and I'll bet it's the same outfit!

Edited by hikinggranny on 10/14/2012 21:48:35 MDT.

drowning in spam
(leaftye) - F

Locale: SoCal
Re: site being hacked on 10/14/2012 22:34:37 MDT Print View

Archaic forum software

A single moderator

Handicaps placed on that single moderator





Frankly, I'm surprised this site isn't more popular with spammers.

Roger Caffin
(rcaffin) - BPL Staff - MLife

Locale: Wollemi & Kosciusko NPs, Europe
Re: site being hacked on 10/15/2012 03:06:28 MDT Print View

Hi all

> I know its not this simple but block his user name or block his IP address!
As soon as I am notified I block the poster from sending any more. That's simple.
The problem is that sometimes they post while I am asleep - literally, as I live in Australia. Other times I am out working on the farm or something. So someitmes they have a window to work in.

When it was just one or two postings I was able to delete them by hand. I imagine you will all understand that with a spam attack of this magnitude I simply don't have the hours in the day to delete each one separately. (In case you are wondering, I am not paid for this.) I have asked Ryan J to organise some way for me to 'delete all postings by X'. I have no idea whether this is even possible with the Forum SW we have.

Moderation: well, that is tricky. What happens when I am away for a week in the bush? A new reader would have to wait till I come back. Is this acceptable?
Even if we put that in place, all they have to do is register half a dozen names, wait until those names are approved, then let rip using one name after another.
On low traffic sites new registrants have to have their first dozen postings 'approved'. But with the number of new registrations we get every day, that would become a full-time job (=$$$).

Problems, problems...

Cheers
Roger Caffin

John Donewar
(Newton) - MLife

Locale: Southeastern Louisiana
Re: Re: site being hacked on 10/15/2012 04:49:55 MDT Print View

"On low traffic sites new registrants have to have their first dozen postings 'approved'. But with the number of new registrations we get every day, that would become a full-time job (=$$$)".

"Problems, problems..."

At a place where I used to be employed I heard it said that if you knew of a particular problem it was no longer a problem. It then became something you should either fix or go around. Which one are we doing here at BPL?

@Roger,

Thank you for all that you do in regards to these SPAM attacks on our forum!

@Ryan J,

Roger said, "In case you are wondering, I am not paid for this".
and "But with the number of new registrations we get every day..."

You currently have "compensated" employment opportunities listed on the home page of BPL.

BPL premium members and lifetime members have paid to support this forum. Unless I am sadly mistaken those irritating little adds that appear at the bottom of our posts also generate income for BPL.

Please use some of these funds to offer a "compensated" position with BPL for a forum moderator(s) that can deal with these issues and or update the software. If even a quarter of those new registrations are paying members reinvest those funds into the software and / or a compensated moderator position.

I always try to be positive, informative and helpful when I can on this forum. I apologize for the tone of this post. I know that this problem isn't easily fixed but it needs to have the proper tools put into place for the fix.

Party On,

Newton

Edited by Newton on 10/15/2012 04:51:56 MDT.

Ken Thompson
(kthompson) - MLife

Locale: Behind the Redwood Curtain
Re: site being hacked on 10/15/2012 06:46:25 MDT Print View

@ John Remember RJ's letter to MLifer's? He said there will be no changes for the next long while. (can't give specifics here as RJ thinks it's top secret) I've volunteered for moderator a few times through the years. I'm here enough, could do something actually productive.

Steve G
(sgrobben) - M

Locale: Ohio
Re: Re: site being hacked on 10/15/2012 07:02:20 MDT Print View

Learn SQL and you can delete all posts from a single User (or any number of users) from your DB in less than a second. It is a trivially simple thing to do. You can also filter new posts containing certain keywords (I.e. "Tiffany") from "new" users and throw them into a moderation queue without much effort.

Adding more moderators cleans up the mess, but why not solve the problem.

Erik Basil
(EBasil) - M

Locale: Atzlan
Start Deleting, ASAP on 10/15/2012 07:29:05 MDT Print View

The proliferation of new spam attacks is directly related to the maintenance of the first wave of posts without deletion.

It may be a PITA to delete posts, one by one, but I strongly suggest whoever has that capability being doing that in batches of time you can tolerate, immediately. Wait another week without action and the forums will be obliterated.

BTW, I am aware of the shortcomings in the CMS and BBS software, but the point here is that -- so are others. (In the event owner/admins read here, I renew my free offer from the mega thread about M...)

jerry adams
(retiredjerry) - MLife

Locale: Oregon and Washington
Re: Re: Re: site being hacked on 10/15/2012 07:33:35 MDT Print View

Since the messages remain, if the intention is to Optimize Serach Engine results, well, they've succeeded.

Maybe Ryan could even get a volunteer to create a one click method to delete user and all their posts.

Dena Kelley
(EagleRiverDee) - M

Locale: Eagle River, Alaska
Re site being hacked - Do you need volunteers? on 10/15/2012 10:50:59 MDT Print View

Does BPL need some volunteer mods? I would volunteer. I am online most days for many hours and have time to delete some of these SPAM posts. I would agree to only address the SPAM posts and to relinquish moderator status after the spam attacks stop. If that would help. I do have experience as a moderator, I am an admin on another forum although I believe the software is somewhat different but probably has similar functions that I could learn quickly.

jerry adams
(retiredjerry) - MLife

Locale: Oregon and Washington
Re: Re site being hacked - Do you need volunteers? on 10/15/2012 10:54:22 MDT Print View

I'll volunteer to be a moderator.

And delete any posts I disagree with : )

Harald Hope
(hhope)

Locale: East Bay
fixing it on 10/15/2012 14:05:01 MDT Print View

bpl is getting hit by not running its own forum software. These are all fully automated attacks, it's useful to stop thinking of spammers as people, the stuff is done by tools running automatically through lists of targets, and other lists of targetted links and search phrases, with some customization possible. The spamming software tools used just saw a huge improvement in quality, far more robust than they used to be, Russians tend to be very good at this game.

By allowing posts to remain, you are providing a high quality target in terms of seo (search engine optimization, aka, spammers) with high value pages, about the best they could hope for. You need to remove all spam postings as soon as you humanly can, deputize a few people if you need to, otherwise you going to have even worse problems. Remember, a spam posting is NEVER made by a real person, so the procedure should always be this: detect new spammer username, get list of all posts done by user, freeze user asap, but do not delete yet, then delete all postings by that user, then delete the user, tedious, but if you do it fast enough, not too bad usually. Also, they don't usually post too much until they think they can get away with it.

I've pm'ed roger about some technical issues that don't benefit from public discussion, but if you don't get a handle on this quickly you may have bigger problems.

Flagging postings etc does little good, though it can help find postings that the mods may have missed. Ignoring or leaving up spam postings, as bpl has been doing, is NOT one your options, unless you want to terminate this site and move on with life.

Greg Mihalik
(greg23) - M

Locale: Colorado
Re: Capcha on 10/15/2012 14:35:31 MDT Print View

Captcha, or "challenge-response", would do the trick...
PITA, but so was last night.



"Get a Free CAPTCHA For Your Site"

"A free, secure and accessible CAPTCHA implementation is available from the reCAPTCHA project. Easy to install plugins and controls are available for WordPress, MediaWiki, PHP, ASP.NET, Perl, Python, Java, and many other environments. reCAPTCHA also comes with an audio test to ensure that blind users can freely navigate your site. reCAPTCHA is our officially recommended CAPTCHA implementation."

CAPTCHA

Edited by greg23 on 10/15/2012 14:41:23 MDT.

Harald Hope
(hhope)

Locale: East Bay
nope on 10/15/2012 14:40:07 MDT Print View

nothing you believe will work works, trust me on this. Captcha's make them laugh. Google did some very advanced ones and they had them cracked, full automation, within weeks, maybe days. That's why spammers like using automatically generated gmail accounts so much. Even when captchas did work, briefly, they just would pass it to a low paid drone somewhere to fill the stuff out, then pass it back, but they don't need to do that anymore. Most turing test type question/answer stuff also doesn't work anymore, though some does if done right, at least for automated attacks.

The takeaway when dealing with spammer and virus authors and so on is to realize that they are really far ahead of you, always. That's because they do it for a living, and have more incentive to stay ahead.

...
Yes, recaptcha was what was cracked in the latest versions of the spamming software, again, using those methods doesn't work. Hasn't for years. Might work until the next software update is released for new stuff, but recaptcha was specifically noted as a feature that was cracked.

The ways that work, by the way, have also been known for years, and they don't include relying on captchas.

Edited by hhope on 10/15/2012 14:51:53 MDT.

David Thomas
(DavidinKenai) - MLife

Locale: North Woods. Far North.
Do you need volunteers? on 10/15/2012 15:57:05 MDT Print View

I too, moderate on other forums and would be happy to have a "delete" button for these clear-cut cases. I DON'T want to police other issues, but as has been pointed out, there's sort of yeast-growth law to these attacks and there's much less clean-up the sooner you get started. Ideally you'd have people throughout the time zones - Roger is obviously up while most of us sleep. Here in Alaska, I'm often up when the forum has quieted down between 48-state and Aussie waking hours.

Ken Helwig
(kennyhel77) - MLife

Locale: Scotts Valley CA via San Jose, CA
Re: Do you need volunteers? on 10/15/2012 18:36:09 MDT Print View

So here's a question....if we were to have a few moderators and as moderators do, they police the site. If someone gets snippy or downright awfully rude.....And that person was a subscriber or a MLIFE person, and they had to be banned. How would that happen. Do you refund the person? Dunno I don't like the idea of others defining behavior on here. I feel we do a good enough job self policing. As for the spam? That is quite disheartening to see. But how often does this happen? Moderator? No

Edited by kennyhel77 on 10/15/2012 20:31:22 MDT.

drowning in spam
(leaftye) - F

Locale: SoCal
Re: Re: Do you need volunteers? on 10/15/2012 18:56:49 MDT Print View

People have been recommending and volunteering for moderators for at least the past year. Most of the recommendations here have been recommended in other threads as well. Some of the recommendations may cost more or require more technical prowess than Ryan or Addie can provide. Extra moderation is free.

For new guests and guests that were once paying members, how would you feel about paying for MLIFE membership on a site that won't even take easy free steps to keep it viable? With the payoff being 5 years, I can't see this site lasting that long regardless of membership.

With this kind of response to spam, a malicious attack by an amateur may be all it takes to end this site permanently.

The point is, the response to spam doesn't inspire confidence. It makes me regret that I paid BPL with a credit card in the past. I've since had to cancel that credit card. I'm not saying the fraudulent activity on my credit card was the fault of BPL due to lax security as I simply don't know, but it wouldn't surprise me if it was. There's no way I'm renewing my membership unless I can pay via Paypal or some other reputable intermediary.