Betsy Speicher

Spam Attacks on THE FORUM

41 posts in this topic

If you are reading this on THE FORUM and are logged in DO NOT LOG OFF. You may not be able to log in for a while.

Part of my job as FORUM Administrator is to prevent spam, but lately it has not been easy. Since the beginning of this year THE FORUM -- and most other internet forums -- have be bombarded with huge numbers of bogus registrations. I now get about 50 - 100 a day and I have to identify and delete each one manually. I have been doing so, but two days ago the spammers began attacking THE FORUM in a new way.

They are now trying to log into existing member accounts, particularly the accounts of frequent posters, making attempts on each account dozens of times from different IP addresses from all over the world. While none of the spammers have succeeded in logging in, after three unsuccessful attempts, the accounts are locked out and a frequent poster may find he can no longer log in. alann and I are checking the list of locked accounts and unlocking them several times a day, but I have also set the session time for several days. If you do not log out, you can access THE FORUM and post without having to log in again and you won't be locked out.

Until I can come up with a better solution, try to stay logged in.

Share this post


Link to post
Share on other sites

Are you using a "Captcha" system to at least ensure that it's a human being doing the registration and not a bot?

Share this post


Link to post
Share on other sites
Are you using a "Captcha" system to at least ensure that it's a human being doing the registration and not a bot?

We are using a state-of-the art captcha but that does not stop the armies of drones in Russia and Red China nor the spambots trying to log in as existing posters.

Share this post


Link to post
Share on other sites

I keep getting locked out. :) Twice in the past three days (including yesterday). But just a moment ago I changed my very-easy password to something relatively hard -- so maybe that'll help!

Share this post


Link to post
Share on other sites
I keep getting locked out. :) Twice in the past three days (including yesterday). But just a moment ago I changed my very-easy password to something relatively hard -- so maybe that'll help!
That won't solve this particular problem, but it's a good thing, in general. Betsy set the login/lockout limit high and I've been covering, watching for lockouts while she's catching the Tea Party Patriots event, so the problem looks to be subsiding. What was happening is that someone was repeatedly logging in using regular members' accounts with no password or a wrong password (maybe they were hacking the password, who knows?), hitting the bad login limit, and locking the account. It was because they didn't have your password that they were causing the board to lock your account, as hack protection. I think the worst is over, but the Forces of Good are watching over your account against the Robot Armies of Evil.

Share this post


Link to post
Share on other sites
...against the Robot Armies of Evil.

In best Dave Bary tradition, I'll add that "Robot Armies of Evil" would be a good name for a rock band.

Share this post


Link to post
Share on other sites

I feel your pain Betsy. I have a guestbook for a friends site that I maintain and the amount of spam has been ridiculous lately.

Share this post


Link to post
Share on other sites
I feel your pain Betsy. I have a guestbook for a friends site that I maintain and the amount of spam has been ridiculous lately.

Any thoughts on why so much is going on lately?

Share this post


Link to post
Share on other sites
Is there a way to fingerprint the computer or computers a legitimate person would log in from?

The IP address of the server the user logs in from includes the legitimate user and excludes most of the rest of the world, but a legitimate user can move to a different IP address with a different connection (router reconnection, wireless, etc.). He may, however, have a small collection of IP addresses he uses, but it's still hard to predict what they may be over time. A user's whitelisted IP address, however, can be monitored differently from an unpredicted one, and many blocks of IP addresses may be regarded as permanently suspicious by country code or possibly spam blacklists.

Share this post


Link to post
Share on other sites
I keep getting locked out. :) Twice in the past three days (including yesterday). But just a moment ago I changed my very-easy password to something relatively hard -- so maybe that'll help!
That won't solve this particular problem, but it's a good thing, in general. Betsy set the login/lockout limit high and I've been covering, watching for lockouts while she's catching the Tea Party Patriots event, so the problem looks to be subsiding. What was happening is that someone was repeatedly logging in using regular members' accounts with no password or a wrong password (maybe they were hacking the password, who knows?), hitting the bad login limit, and locking the account. It was because they didn't have your password that they were causing the board to lock your account, as hack protection. I think the worst is over, but the Forces of Good are watching over your account against the Robot Armies of Evil.

Thank, Alann! I'm a fearsome, formidable "Force of Good" myself!

Although I was evidently logged out by someone or something since yesterday. But I was still able to log back in today (as you can see).

Share this post


Link to post
Share on other sites

I just heard an interesting issue discussed on the radio about this type of spamming. The spammers are actually trying to get your password because they know that, for about 50% or more of online work, most people use the same password or slight variations of it for other accounts, such as online banking, financial issues, etc. Once they get a password from a blog or similar type website, the spammers track down other sites used by the same people to get into those accounts. So I'd suggest if your account has been compromised here, better change your password on other accounts if they use the same one.

Share this post


Link to post
Share on other sites
I feel your pain Betsy. I have a guestbook for a friends site that I maintain and the amount of spam has been ridiculous lately.

Any thoughts on why so much is going on lately?

The world economy is in ruins lately. One could imagine soaring cyber crime under such circumstances. I know that robberies in my state are up by staggering amounts for the past few months. It's all because people have no jobs and are going hungry.

Share this post


Link to post
Share on other sites

Regarding spam, several security circles noted an increase ever since Brazil joined the world economy. Whilst Nigeria retains the crown for the most volume, it is mostly unsophisticated social engineering types of scams. Brazil, with its large population of educated college kids, coupled with a fairly unmeritocratic environment (thank you, mixed economy!) leads many to wander down the road of sophisticated technical crime, and obtaining bank details is their favourite (as you can make an absolute fortune siphoning very small amounts of funds from a very large number of accounts, with very low risk as banks will prefer to take the hit than waste money hunting $40).

Share this post


Link to post
Share on other sites

For what it's worth, even though I never log out myself, I've been logged out about 3 times in 5 days. Curious.

Share this post


Link to post
Share on other sites

The fake login attempts seemed to have ceased, probably because none of them succeeded in accessing THE FORUM. Now all I have are the usual hundreds of people who want to join THE FORUM so that they can peddle Viagra, casinos, pictures of nude celebrities, and multi-million dollar business deals in Nigeria.

Share this post


Link to post
Share on other sites

We just got hit with another attempt by spammers to log in as frequent posters. This resulted in automatic lock-outs of those posters, but I fixed it.

At the recommendation of other forum administrators, I have made some changes to THE FORUM's settings. As before, an account will be locked after three unsuccessful login attempts. I have changed it, however, to automatically unlock an account when there is one valid login so you won't have to wait for me to do it manually.

Just be sure you have a good, non-obvious password and it will keep the nogoodniks from logging on as you.

Share this post


Link to post
Share on other sites
[. . . ] and multi-million dollar business deals in Nigeria.

Here's one way to have some fun with scammers.

Share this post


Link to post
Share on other sites

I noticed that Facebook has this in its security area:

When a new computer or mobile device logs into this account:

Send me an email

Can you do something like this so that we'd be aware that something is amiss?

Share this post


Link to post
Share on other sites
I noticed that Facebook has this in its security area:

When a new computer or mobile device logs into this account:

Send me an email

Can you do something like this so that we'd be aware that something is amiss?

I don't think so, but I'll look into it.

Share this post


Link to post
Share on other sites
The fake login attempts seemed to have ceased, probably because none of them succeeded in accessing THE FORUM. Now all I have are the usual hundreds of people who want to join THE FORUM so that they can peddle Viagra, casinos, pictures of nude celebrities, and multi-million dollar business deals in Nigeria.

Well, shoot. I got on here at the beginning in order to peddle pictures of nude celebrities in Nigerian casinos. That didn't work out too well. :)

Share this post


Link to post
Share on other sites
Well, shoot. I got on here at the beginning in order to peddle pictures of nude celebrities in Nigerian casinos. That didn't work out too well. :)

You forgot to include the Viagra. That was where your evil scheme went awry.

Share this post


Link to post
Share on other sites

My fix to unlock accounts with a valid login seems to be working because I haven't had any complaints yet the spammers continually target THE FORUM's frequent posters. I just manually unlocked Abaco, Bill Bucko, Ed from OC, ewv, Jolie, Joss Delage, Laars, Paul's Here, PhilO, realitycheck44, Vespasiano, and ME.

Make sure you have a good, non-obvious, and hopefully unique password.

Share this post


Link to post
Share on other sites
My fix to unlock accounts with a valid login seems to be working because I haven't had any complaints yet the spammers continually target THE FORUM's frequent posters. I just manually unlocked Abaco, Bill Bucko, Ed from OC, ewv, Jolie, Joss Delage, Laars, Paul's Here, PhilO, realitycheck44, Vespasiano, and ME.

Make sure you have a good, non-obvious, and hopefully unique password.

Just changed mine.

Share this post


Link to post
Share on other sites