DEVTOME.COM HOSTING COSTS HAVE BEGUN TO EXCEED 115$ MONTHLY. THE ADMINISTRATION IS NO LONGER ABLE TO HANDLE THE COST WITHOUT ASSISTANCE DUE TO THE RISING COST. THIS HAS BEEN OCCURRING FOR ALMOST A YEAR, BUT WE HAVE BEEN HANDLING IT FROM OUR OWN POCKETS. HOWEVER, WITH LITERALLY NO DONATIONS FOR THE PAST 2+ YEARS IT HAS DEPLETED THE BUDGET IN SHORT ORDER WITH THE INCREASE IN ACTIVITY ON THE SITE IN THE PAST 6 MONTHS. OUR CPU USAGE HAS BECOME TOO HIGH TO REMAIN ON A REASONABLE COSTING PLAN THAT WE COULD MAINTAIN. IF YOU WOULD LIKE TO SUPPORT THE DEVTOME PROJECT AND KEEP THE SITE UP/ALIVE PLEASE DONATE (EVEN IF ITS A SATOSHI) TO OUR DEVCOIN 1M4PCuMXvpWX6LHPkBEf3LJ2z1boZv4EQa OR OUR BTC WALLET 16eqEcqfw4zHUh2znvMcmRzGVwCn7CJLxR TO ALLOW US TO AFFORD THE HOSTING.

THE DEVCOIN AND DEVTOME PROJECTS ARE BOTH VERY IMPORTANT TO THE COMMUNITY. PLEASE CONTRIBUTE TO ITS FURTHER SUCCESS FOR ANOTHER 5 OR MORE YEARS!

SMF : Search Engine Placement Spammers : The Sky Opens

01/17/14

Spam comes in many forms. My run in with it was on a SmartMachines Forum in the role of forum Administrator.

It came like a raging storm about the middle of December 2014. In hindsight it probably soon followed an announcement of our forum at a Search Engine Placement Spammers' Convention in <insert your vilest location>, or more realistically on some list posted to a site, deep in the DarkNet, that they all frequent to socialize while their bots do their bidding… yet I digress.

This attack differed from email spam as they seemed uninterested to advertise thier pitch to the community they were attacking. Left to their own means, they would flood the forum with posts, thereby making it vertually unusable as it's intended function. Instead, there goal seems to be to use it as a storage place for countless urls that the search engines bots would, then, cataloge; which in turn would affect the criteria of placement in the Seacrh Engine's listings for the respective sites.

The first reaction, on my part, was knee jerk. Delete postings and banning the offending accounts were happening almost as fast as new ones were registered. One person against so many bots was no match. To give an idea of the volume, on the hieght of the attack there were over 300 unique ip'ed hovering guest vists listed in Userss Online.

Another approach was needed. Something preemptive seemed to be required. Using tools available to an Aministrator on the SimpleMachines Forum patterns were able to be made to make a better educated dicision on the probability of identifying spam accounts. This seemed more affective yet still required daily activity to keep ahead of the attack and opened the door of making the wrong decision thereby potentially banning/blocking legitimate users.

It then occured to me that this need be approached by the same means that was used in the attack. Fighting fire with fire if you will. What was needed was a software solution that would break the bot nature of the attack so that the spammers' techniques could be broken without the need of identifying the actual bot ips themselves.

What follows if my idea of how this could be achieved in any cgi (Common Gateway Interface) that is subject to such attacks.

If one wants to create an account on a SimpleMachines Forum then they could go to the main page and click on the link to Register. Conversly one could just enter into their browser the following link:

coinzen.org?action=register

That is what the bot would do. If the bot coders did not know that the term “register” would be used in that link each time it would make things much more difficult to automate the process. Imagine if instead of using the static term “register” that a system was developed that used a hash instead based on some random occurances like the time of day that the request was being made and the ip that the request was coming from. Let's say that algorithm produced the following hash under that criteria:

9de4a97425678c5b1288aa70c1669a64

Then what the bot would have to enter is:

coinzen.org?action=9de4a97425678c5b1288aa70c1669a64

If they entered from another ip it may look like the following:

coinzen.org?action=5b72e328b5146478475b6d51911027ac

When the request was posted it would then be sent to a translator of that hash to reverse engineer the hash so that it would deduce that the request being made was for the script “register”.

This would have the result that the spammer would either have to do their deeds manually or continually have to try cracking the algorythm used and counter it. Should that algorythm have the ability to change the criteria from time to time from the Administrators, then the spammers will be kept very busy doing what the Devcoin Community supports best, Open Source Programming, on both sides of the issue.

01/18/14

Thinking further a more effecient process would be to have a utility that when run generates the hashes for all the different file names and stores it in a database. The Administrator could have it run as a cron task or manually as the case may be.

01/30/14

Clearance has been given to present a Bounty to the DVC Community those using the SmartMachinesForum Package (which is used on cointzen.org) against spammer postings. This will be primarily focused on tools to aid Administrators to determined bot accounts.

Account Maintenance Bounty

My experience has shown that there is a long delay, and indeed an infinite one in some cases, by some users to reply to the account confirmation email on our SimpleMachines Forum. This is at best an odd behavior, yet more than not tends to identify potential spammer bot accounts. As no harm is done to delete such accounts it is proposed that an option should be available in the Administration area to set a time limit to respond to the confirmation emails and if that time is exceeded to cull such accounts. This bounty will also require the option to send an email to the registered address of the account; the content of which would be a form letter that should be composable in the same Administration area of SMF.

The second part of this bounty is to deal with accounts which have been verified yet have never logged on. Again this should be a configurable value in the Administration area for the amount of time to give the account to log in before being culled, as well as a configurable email alert of the culling.

02/15/15

The Account Maintenance Bounty was proposed on http://coinzen.org/index.php/topic,150.msg39744.html#msg39744

Tsquared came up with a wonderful suggestion, directing the thread of an almost identical project at http://www.simplemachines.org/community/index.php?topic=383900.0

The Account Maintenance Bounty was withdrawn.

07/15/15

It has become obvious that the intent of most of the spammers are to place their relavent links in their account profile to have search engines find it in the members' listing. To cut this down a time limit need be imposed to delete newly created accounts if they are not validated in a set period of time. This has been mimiced manually and has cut the amount of accounts created by the spammers by a fraction.

Works has started on a Perl script employing the Mechainze module to do just that.

09/27/15

It ended up that a new forum was put in place before being able to reach the end point on this project. Hopefully some of the points may prove helpful to others with a simular problem.


QR Code
QR Code spam (generated for current page)
 

Advertise with Anonymous Ads