OSDev.org

The Place to Start for Operating System Developers
It is currently Thu Mar 28, 2024 11:00 am

All times are UTC - 6 hours




Post new topic Reply to topic  [ 79 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next
Author Message
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Fri Aug 30, 2019 8:10 pm 
Offline
Member
Member
User avatar

Joined: Tue Mar 06, 2007 11:17 am
Posts: 1225
In my forum I just put a task simple enough to solve that I need to implement.

To reduce the load of checking if a registration is valid or not, a keyword needs to be present in the solution so it gets copied automatically by phpBB to a special folder where only potentially valid solutions are stored.

Users need to think the solution (that I don't know), and if it's solved or if it really helps me a bit more I send them back login information.

Spammers will never pass through because they will never make any effort to solve anything.

So spammers (and people in general) need to work at leas a little bit to register, if they are truly interested in developing things publicly.

I could also ask for not less than $5 via PayPal (in the very same form with the real world problem to solve; tell them to include the desired user name) if they don't want to work to get a registered user.

If they are still spammers, their account will be deleted and would need to pay again with PayPal or solve another unsolved real world problem to return.

_________________
Live PC 1: Image Live PC 2: Image

YouTube:
http://youtube.com/@AltComp126/streams
http://youtube.com/@proyectos/streams

http://master.dl.sourceforge.net/projec ... 7z?viasf=1


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Sat Aug 31, 2019 10:43 am 
Offline
Member
Member
User avatar

Joined: Tue Mar 06, 2007 11:17 am
Posts: 1225
Another option would be to require that posts meet a standard format.

For example, resources used, crash type, main topic of task to implement, etc. They all have to be optional and could be predefined. If it's nonstandard, it can be a custom (user-defined) resource type

If not, reject the post and indicate a warning showing the format that it must meet.

Such a standard post could even be automated, could contain code patches, and could be tested for validity.

It will be technical and immediately practical in nature, so spammers will never meet the requirements for posting.

Posts can be saved by custom PHP code and classified in subdirectories by ones that have mages, ones that don't, posts that have no URLs, that have known URLs, that have unknown URLs, and valid posts that don't pass through can still be saved.

_________________
Live PC 1: Image Live PC 2: Image

YouTube:
http://youtube.com/@AltComp126/streams
http://youtube.com/@proyectos/streams

http://master.dl.sourceforge.net/projec ... 7z?viasf=1


Last edited by ~ on Mon Sep 02, 2019 8:28 am, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Sun Sep 01, 2019 1:51 pm 
Offline
Member
Member
User avatar

Joined: Fri Feb 17, 2017 4:01 pm
Posts: 640
Location: Ukraine, Bachmut
Give me, temporarily, moderator rights, so I will wipe this sh1t out and ban these bastards. But I never was a moderator, have no idea what to click on, however doubt it's a rocket science.

_________________
ANT - NT-like OS for x64 and arm64.
efify - UEFI for a couple of boards (mips and arm). suspended due to lost of all the target park boards (russians destroyed our town).


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Sun Sep 01, 2019 6:07 pm 
Offline

Joined: Tue Feb 19, 2019 8:30 pm
Posts: 15
Once again ~ has the best ideas. Am I correct in understanding that you want to charge people $5 in order to register? I am rather disturbed by this.

It could be as simple as a ReCaptcha image or changing the registration question (or maybe creating an array of questions to ask and flipping through them at random).


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Mon Sep 02, 2019 8:48 am 
Offline
Member
Member

Joined: Tue May 13, 2014 3:02 am
Posts: 280
Location: Private, UK
pistachio wrote:
It could be as simple as a ReCaptcha image or changing the registration question (or maybe creating an array of questions to ask and flipping through them at random).


Just upgrading to a version of phpBB that isn't horrifically out-of-date would be a good start. The forum appears to currently be running on 3.0.x, first released in 2007 and end-of-life as of 2015. I strongly suspect that the rest of the server stack is similarly outdated and unmaintained (I'd be surprised if phpBB 3.0.x even runs with up-to-date versions of PHP and other dependencies with their recommended security configurations). The recent outage caused by the site's domain not being renewed in a timely manner also suggests a lack of proactive maintenance. Complex, outdated software will be compromised (as in, fully hacked and added to someone's botnet, not just spammed) eventually.

More recent versions of phpBB have modern anti-spam features and access to various anti-spam extensions which are not compatible with outdated versions. This includes ReCaptcha, various bayesian filtering systems, automatic IP blacklisting, etc.

The "Question and Answer" system used by the current version of the software does support multiple questions, which would be a good stop-gap at least.

_________________
Image


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Mon Sep 02, 2019 9:37 am 
Offline
Member
Member
User avatar

Joined: Tue Mar 06, 2007 11:17 am
Posts: 1225
Only allow formatted topics, store internally everything else without publishing.

Possible topics include:

VGA [register name]
VGA [function name]
VGA [BIOS mode number]
SVGA [BIOS mode number]

VGA [register name] - Code Completion
VGA [function name] - Code Completion
VGA [BIOS mode number] - Code Completion
SVGA [BIOS mode number] - Code Completion

Any topic in the Wiki as single technical words

Any topic known by experienced site users.

- Don't include Re: (delete it from subject)

- Write the subject manually





Message Body

"Hardware Resources:" section
- List of specific hardware resources used by the code
(port numbers, IRQs, CPU models, hardware peripheral models,
error type generated -specific exception, reset, lockup, etc.,
compared to normal expected effects-).

"Software Resources:" section
- List of specific software resources (tool versions,
OS name/version, target platform, compilation command line).



Source code specific to the problem that is runnable
to correct evaluating the whole isssue is required.

Runnable in the selected kernel skeleton
(PE EXE, unformatted 32-bit kernel, unformatted 64-bit kernel,
portable unformatted 32/64-bit kernel, Win9x DirectX application,
Win16 application, DOS COM application, DOS EXE application, etc...)



Include one or more [code][/code] blocks.

Open posting to all world (guests) but with these requirements.
Spammers won't be able to post without passing some actually
useful source code.

_________________
Live PC 1: Image Live PC 2: Image

YouTube:
http://youtube.com/@AltComp126/streams
http://youtube.com/@proyectos/streams

http://master.dl.sourceforge.net/projec ... 7z?viasf=1


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Tue Sep 03, 2019 1:39 am 
Offline
Member
Member

Joined: Tue May 13, 2014 3:02 am
Posts: 280
Location: Private, UK
~ wrote:
Only allow formatted topics, store internally everything else without publishing.


No. Just no. It's a discussion forum, not a bug tracker. There's no way on earth you can enumerate every possible discussion topic; at "best" you'll just limit discussion to topics already covered.

Even if this hairbrained attempt to shut down discussion didn't do more damage than the spam attacks, doing a bunch of custom modification to out-of-date forum software that will inevitably hinder the urgently needed upgrade and thus inexorably lead to the site being hacked is entirely counter-productive.

Upgrade the forum software. Install modern anti-spam extensions. If that doesn't solve the problem (I'm 95% certain it will) then maybe consider more draconian measures (maybe limiting hyperlinks to a whitelist of relevant domains or something).

_________________
Image


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Tue Sep 03, 2019 11:09 am 
Offline
Member
Member
User avatar

Joined: Fri Oct 27, 2006 9:42 am
Posts: 1925
Location: Athens, GA, USA
I am no longer convinced (as I was earlier) that this is simply ordinary spam which the mods were running into trouble stopping. This has the feeling of a coordinated DDoS (by someone competent, not someone like AndrewThompson666).

Maybe I am just being paranoid, though.

As for the upgrade, I agree. In fact, at this point, if Chase doesn't upgrade to a newer forum software (either a newer version of PHPBBS - one younger than all of the current forum members would be a start - or something different (just, please, please, please, not Disco-Horse), the only best alternative is to put Ol' Yeller down for good.

While I am probably leaving the group anyway (for reasons of my own, not related to the spam though that is something of an incentive), it would be a shame for this group to die. Please, Chase, upgrade the forum.

_________________
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
Ordo OS Project
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Tue Sep 03, 2019 2:13 pm 
Offline
Member
Member
User avatar

Joined: Tue Mar 06, 2007 11:17 am
Posts: 1225
Schol-R-LEA wrote:
I am no longer convinced (as I was earlier) that this is simply ordinary spam which the mods were running into trouble stopping. This has the feeling of a coordinated DDoS (by someone competent, not someone like AndrewThompson666).
It must be people aimed at operating system developers.

When my domain expired a week ago, OSDev.org was clean.
When it expired, spammers went from my forum to here.
I currently have no money of my own to pay the ~$15 of Namecheap.
Probably my website keeps these particular spammers busier.
Probably that would make them go away again and return to my forum.
Could they simply be the same spammers of my forum?

I have had spam attacks since around 2012 in my forum. I'm currently controlling it (haven't had a single attack since I implemented it) by asking new users to convert to text a scanned book page that I need, but I will add this idea of asking only for known topics and always working source code per post (or money once per registration) so that spammers and people without enough interest go away knowing that the site is purely about developing software, hardware and related topics only in immediately practical ways not just without reusable discussion texts (http://devel.archefire.org/forum with expired domain added through the hosts file also makes spammers non-existent).

It happened that it was also associated with personally identifying me wherever I went, truly a way of regularly assaulting people from information posted in websites.

It doesn't matter that posts are in Russian, surely somebody local to somebody here is trying to know the identity and home place of people around here for later physically attacking them in places such as public markets, churches, your neighborhoods, anywhere anyone can go alone for leisure.

It was the case with me. I survived the attacks of 6 individuals. I no longer attend to anything that they (random things around me that I know are associated with that) suggest to me. Now I know that a gradual interpersonal degradation like that is just a hard-to-figure way of having a chance of finally harming you that is to be expected and then ignored when going out home. I can now see that this is one of the very best, top-notch ways of leading anyone even to death, but if we all already know this fact, we won't let the small group (normally below 10) behind these spam attacks to mislead any of us in real life as happened with me due to the truly hard nature of figuring that this is a hunting method aimed at an individual.

In that time, Steve Jobs, Pat Villani and probably others died. I got at least 3 programming books worth $75 stolen by strange mail workers. They all must be from the same group, who knows what they do to programmers when near. Probably they are like the people who dedicate themselves to plague DHL with delivery problems and fake emails like those I received recently, there are of those everywhere in the world.

_________________
Live PC 1: Image Live PC 2: Image

YouTube:
http://youtube.com/@AltComp126/streams
http://youtube.com/@proyectos/streams

http://master.dl.sourceforge.net/projec ... 7z?viasf=1


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Tue Sep 03, 2019 7:28 pm 
Offline

Joined: Tue Feb 19, 2019 8:30 pm
Posts: 15
I'll have some of whatever ~ is smoking.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Tue Sep 03, 2019 7:47 pm 
Offline
Member
Member
User avatar

Joined: Tue Mar 06, 2007 11:17 am
Posts: 1225
I think it would suffice to ask a payment of at least $5.00 or more with PayPal for registration, or requiring new users to say something to show their interest before actually registering them to make spammers and uninterested people in general go away from registering without worries from anyone. Something that is also of interest to admins and like-minded people.

For example I only registered after years since 2004, after having working code in a kernel for several things like a floppy boot sector, PIT, PIC, some code for switching standard VGA modes, keyboard, floppy, speaker, Protected Mode, Unreal Mode, and then I developed things like ATA detection that works even in a 386 with ATA-3 laptop hard disks with the help of the forum.

_________________
Live PC 1: Image Live PC 2: Image

YouTube:
http://youtube.com/@AltComp126/streams
http://youtube.com/@proyectos/streams

http://master.dl.sourceforge.net/projec ... 7z?viasf=1


Last edited by ~ on Tue Sep 03, 2019 9:30 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Tue Sep 03, 2019 9:23 pm 
Offline
Member
Member

Joined: Wed Mar 09, 2011 3:55 am
Posts: 509
Schol-R-LEA wrote:
I am no longer convinced (as I was earlier) that this is simply ordinary spam which the mods were running into trouble stopping. This has the feeling of a coordinated DDoS (by someone competent, not someone like AndrewThompson666).

Maybe I am just being paranoid, though.

As for the upgrade, I agree. In fact, at this point, if Chase doesn't upgrade to a newer forum software (either a newer version of PHPBBS - one younger than all of the current forum members would be a start - or something different (just, please, please, please, not Disco-Horse), the only best alternative is to put Ol' Yeller down for good.

While I am probably leaving the group anyway (for reasons of my own, not related to the spam though that is something of an incentive), it would be a shame for this group to die. Please, Chase, upgrade the forum.


Nah, I've seen this happen to plenty of forums, blogs, etc. in the past.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Tue Sep 03, 2019 9:55 pm 
Offline
Member
Member

Joined: Wed Aug 30, 2017 8:24 am
Posts: 1593
Could we maybe just start with a blacklist, to stem the tide? Most of the spam threads seem to have the word "porn" in the title, or are all Cyrillic. As the forum language is English, I think it is reasonable to forbid the word "porn" (in the title) and >50% Cyrillic letters (again, in the title). At least until the tide has passed, or Chase found the time to perform the necessary upgrades.

_________________
Carpe diem!


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Wed Sep 04, 2019 12:50 am 
Offline
Member
Member
User avatar

Joined: Fri Oct 03, 2008 4:13 am
Posts: 153
Location: Ogre, Latvia, EU
Can't we at least change the security question for new member registration?

Even that could fend off spambots, at least the dumbest ones.

_________________
If something looks overcomplicated, most likely it is.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Wed Sep 04, 2019 3:47 am 
Offline
Member
Member
User avatar

Joined: Fri Aug 07, 2015 6:13 am
Posts: 1134
nullplan wrote:
Could we maybe just start with a blacklist, to stem the tide? Most of the spam threads seem to have the word "porn" in the title, or are all Cyrillic. As the forum language is English, I think it is reasonable to forbid the word "porn" (in the title) and >50% Cyrillic letters (again, in the title). At least until the tide has passed, or Chase found the time to perform the necessary upgrades.

Octacone wrote:
Maybe just add some sort of a plugin that blocks Cyrillic and everything that contains "sexual words"?

Close to what I said, :)

I guess we won't be able to do much by suggesting and discussing the problem.
Chase is the only one that can affect this, somebody should contact him and see if he has any free time to deal with the situation.

_________________
OS: Basic OS
About: 32 Bit Monolithic Kernel Written in C++ and Assembly, Custom FAT 32 Bootloader


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 79 posts ]  Go to page Previous  1, 2, 3, 4, 5, 6  Next

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 15 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group