OSDev.org

The Place to Start for Operating System Developers
It is currently Tue Sep 17, 2019 3:15 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 41 posts ]  Go to page Previous  1, 2, 3
Author Message
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Wed Sep 04, 2019 5:34 am 
Offline
Member
Member
User avatar

Joined: Tue Mar 06, 2007 11:17 am
Posts: 1146
Or leave guest posting on with special requirements that only genuinely interested persons will meet to avoid registration. The same would work for registered users.

See my forum for an example and see if you can post with a fully automated spambot. I'm certain it won't happen (it has guest posts enabled by the way):

http://190.53.3.113/forum/

http://devel.archefire.org/forum/

_________________
http://190.53.3.113/api (My OS compatible with DOS)

(udocproject@yahoo.com)
-----------------------------
IP for hosts file (all domains):
190.53.3.113 api.exe


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Wed Sep 04, 2019 9:23 am 
Offline
Member
Member
User avatar

Joined: Thu Oct 13, 2016 4:55 pm
Posts: 370
Dear Moderators,

When I said I'm willing to help for free by creating a better captcha, I meant it. I can install phpBB myself, implement the captcha on it and send you the diff, I don't need access to the server. It will only depend on php-gd (which is probably already installed), nothing else. I can make it so that it can't be solved by scripts nor proxyied over pron sites. The only attack I can't provide protection against is the chinese clicking farms (which use cheap human labor for spamming).

Either you decide to introduce moderator approval for newcomers or not, I think replacing the captcha with a proper one as a quick fix would reduce the spam load considerably.

Let me know if you want my help.

Cheers,
bzt


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Wed Sep 04, 2019 9:45 am 
Offline
Member
Member
User avatar

Joined: Tue Mar 06, 2007 11:17 am
Posts: 1146
bzt wrote:
Dear Moderators,

When I said I'm willing to help for free by creating a better captcha, I meant it. I can install phpBB myself, implement the captcha on it and send you the diff, I don't need access to the server. It will only depend on php-gd (which is probably already installed), nothing else. I can make it so that it can't be solved by scripts nor proxyied over pron sites. The only attack I can't provide protection against is the chinese clicking farms (which use cheap human labor for spamming).

Either you decide to introduce moderator approval for newcomers or not, I think replacing the captcha with a proper one as a quick fix would reduce the spam load considerably.

Let me know if you want my help.

Cheers,
bzt
You could write an installable phpBB reCAPTCHA MOD for this forum's phpBB version (phpBB 2.x) to avoid things like changing the database's format, like this one or base on it:
https://blog.eamster.tk/?p=400
https://www.phpbb.com/community/viewtop ... p=14702536

I have phpBB 3.0.14 so I could install it, but I prefer making spammers work to post (their bots like xrumer can't give me the data I ask for so I just save the stuff/clipart I like from them for reusing in my projects from my custom logs).

_________________
http://190.53.3.113/api (My OS compatible with DOS)

(udocproject@yahoo.com)
-----------------------------
IP for hosts file (all domains):
190.53.3.113 api.exe


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Wed Sep 04, 2019 10:07 am 
Offline
Member
Member
User avatar

Joined: Thu Oct 13, 2016 4:55 pm
Posts: 370
~ wrote:
You could write an installable phpBB reCAPTCHA MOD
Recaptcha is the worst. It requires cross-site scripting (http allowed domain configuration at least, so not easily installable), and spammers already have ready-to-use utilities to proxy the tests to porn sites. If you want real protection, you'll have to write it yourself so that there will be no third-party involved and no ready-to-use solutions to circumvent the test. Check out https dblpunct per per atcproxys dot com per anti-captcha. I don't know if this is valid, I just did a quick search. I have deepweb links that known to be working for 99% of the captchas out there.

But I only give advice as a web security expert, it's not up to me to decide.

Cheers,
bzt


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Wed Sep 04, 2019 10:55 am 
Offline
Member
Member
User avatar

Joined: Wed Oct 27, 2010 4:53 pm
Posts: 1031
Location: Scotland
Can moderators change the question that people have to answer to join or can that only be done by Chase?

If they can change it, it could simply ask for a password instead. That password could be acquired via a Facebook page in which people ask to join and are invited to explain their reasons. A conversation there would soon show whether they're genuine or not, and any of us could hold conversations with them to help take that burden off the moderators. A moderator could then send them the current password in a PM, and that's them in.

_________________
Help the people of Laos by liking - https://www.facebook.com/TheSBInitiative/?ref=py_c

MSB-OS: http://www.magicschoolbook.com/computing/os-project - direct machine code programming


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Wed Sep 04, 2019 11:10 am 
Offline
Member
Member
User avatar

Joined: Sat Mar 31, 2012 3:07 am
Posts: 3465
Location: Chichester, UK
I need to join Facebook before I can join osdev.org? No thank you.

Members are trusted to edit the Wiki - trust them to delete Spam.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Wed Sep 04, 2019 11:26 am 
Offline
Member
Member
User avatar

Joined: Tue Mar 06, 2007 11:17 am
Posts: 1146
iansjack wrote:
I need to join Facebook before I can join osdev.org? No thank you.

Members are trusted to edit the Wiki - trust them to delete Spam.
It's probably a matter of manual registering with a petition and projects (at leasts attempts of someone learning but working) to prove they are human, instead of a regular forum signup form. It could aid the Projects page in the Wiki in the meantime.

Think that people only earn the privilege of talking about their projects by registering.

Genuinely interested people will.

Something that disconnects registration from spambot technology.

At least it's cheaper than $5.00 via PayPal for an account, but I think that such option and/or making people show actual interest and projects for signing up should be more than enough.

___________________________________________________
Make a captcha asking people to write a very short text with their email and desired user name, but also a link with a project name in GitHub, SourceForge or their website. Then if admins are interested they can easily see which registration petitions are valid.

A captcha could use a textarea instead of a single-line text box.

There's a MOD called ACP Add User MOD for phpBB 3.0.x and 3.1.x that can be used to manually add approved signup petitions if not already built into the current phpBB. It adds an "Add User" menu option for managing users in the forum's Administrator Control Panel (ACP):

https://www.phpbb.com/customise/db/mod/ ... _user_mod/
https://github.com/phpbbmodders/phpbb-3.1-ext-adduser

_________________
http://190.53.3.113/api (My OS compatible with DOS)

(udocproject@yahoo.com)
-----------------------------
IP for hosts file (all domains):
190.53.3.113 api.exe


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Wed Sep 04, 2019 2:22 pm 
Offline
Member
Member
User avatar

Joined: Fri Oct 27, 2006 9:42 am
Posts: 1489
Location: Athens, GA, USA
~ wrote:
Schol-R-LEA wrote:
I am no longer convinced (as I was earlier) that this is simply ordinary spam which the mods were running into trouble stopping. This has the feeling of a coordinated DDoS (by someone competent, not someone like AndrewThompson666).
It must be people aimed at operating system developers.


I was being facetious. No one is attacking OS developers, because OS development for anything other than Windows, MacOS, or Linux is of zero real-world significance, and no sane human thinks that is going to change in the foreseeable future (not that any sane people come to this group to begin with).

I can - just barely - see it as a raid (i.e., a group in the vein of the old alt.syntax.tactical and 4chan raiding parties, deciding that we'd be a fun group to wreck for the Lulz), but the idea that anyone sees this group as a threat is literally insane. We just don't matter - to anyone.

It is much more likely that the we only just came up on the current spammers' radar recently for some reason, and that we were merely ignored until now because, well, why bother? These sorts pf things take a shotgun approach - they hit every forum they find, until they get shut down. The people running it probably don't even know which fora their spamming software are hitting.

As for the attacks on you personally, I doubt they were targetting you - they were, almost certainly, opportunity attacks for robbery or something unrelated to you as a person, because... well, most attacks on individuals are. You went to the wrong place at the wrong time, took a phishing attack for a real offer, whatever it was, it wasn't about you.

You'd have to be genuinely, psychotically paranoid to think someone is going to target you because you are developing an operating system, and if you are actually thinking that, you need to check yourself into a mental hospital, right now, for your own safety and that of those around you.

And I am not joking about that.

_________________
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
μή εἶναι βασιλικήν ἀτραπόν ἐπί γεωμετρίαν
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Thu Sep 05, 2019 8:36 am 
Offline
Member
Member
User avatar

Joined: Tue Mar 06, 2007 11:17 am
Posts: 1146
Schol-R-LEA wrote:
I was being facetious. No one is attacking OS developers, because OS development for anything other than Windows, MacOS, or Linux is of zero real-world significance, and no sane human thinks that is going to change in the foreseeable future (not that any sane people come to this group to begin with).
I guess it means that you don't come from a PC background since you were born. You were never a PC user with MS-DOS, 8088, Tandy 1000, Windows, Hercules/CGA/EGA/VGA, PS/2 and other standard peripherals easy to program that are now disappearing from many motherboard models (that I would never buy as long as there are PCs with BIOS, VGA, IDE, legacy devices, and all that), but for PC users those things will always matter like the buttons of a minimal calculator.

But if you or anyone feel in their real life that they are being treated worse and worse, you know what's happening, you're being targeted for physical attack just because there are bad people that harvest information on the Internet to find who to attack, even websites with user bases that are low quality but that only know how to attract large groups of people with that specific intention.

The same for the spam, the more it stays, the more it's waiting for real bad people to track user data when they find out where it's being posted.

_________________
http://190.53.3.113/api (My OS compatible with DOS)

(udocproject@yahoo.com)
-----------------------------
IP for hosts file (all domains):
190.53.3.113 api.exe


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Fri Sep 06, 2019 9:23 am 
Offline

Joined: Tue Feb 19, 2019 8:30 pm
Posts: 11
~, I would like to take a moment and try to understand your train of thought.

Are you suggesting that the spam is a group of people trying to gather information for a physical attack? This seems a bit far fetched...

I think the spam issue is really not that difficult to understand: its a group or single person with a bit of an attitude flooding a forum of programmers with porn. It's not malevolent beyond the spam, and its definitely not some large-scale data harvesting. Perhaps the links are tracked and its an IP harvest, but more than likely they are just trying to send links in order to earn ad revenue.

I do not see the problem or the worry that the community is being targeted, nor do I understand your calculator imagery with fading legacy devices. I am sorry to misunderstand but your sentence syntax makes it very difficult to read tone and intention.

Let's just change the admission question... make it a math problem or better yet: ignore the spam.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Fri Sep 06, 2019 5:18 pm 
Offline
Member
Member

Joined: Wed Mar 09, 2011 3:55 am
Posts: 315
pistachio wrote:
I think the spam issue is really not that difficult to understand: its a group or single person with a bit of an attitude flooding a forum of programmers with porn.


It's not even that. Very likely what's really happening is someone, somewhere, wrote a malware payload that scans the web for forums with open registration and weak CAPTCHAs, and, when it finds one, it registers and floods it with porn spam. So some infected PC, phone, or smart-fridge found this forum (and likely a couple thousand others) and started blasting porn links at it, just like all of the PCs, phones, and smart-fridges in its botnet are doing all over the internet. The person that wrote the responsible code probably doesn't even know about this forum, and probably doesn't even know a tenth of the places the code has attacked.

Quote:
It's not malevolent beyond the spam, and its definitely not some large-scale data harvesting. Perhaps the links are tracked and its an IP harvest, but more than likely they are just trying to send links in order to earn ad revenue.


All of this stuff is generally extremely malevolent beyond the spam, but not generally towards any one particular person or organization. Yeah, they're probably going for ad revenue, but the ads are probably running javascript to use the viewer's CPU to mine bitcoin, and the ads and/or the porn site are probably trying to exploit the viewer's browser to drop a rootkit on his machine, which will then add it to at least one botnet, and the porn site may very well be using its user base for CAPTCHA farming (which might actually be how they managed to register here in the first place), *and* even the legitimate ad industry is quite malevolent (once again, generally, not toward anyone in particular) in terms of tracking, data mining, social manipulation, and, and, and...


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 41 posts ]  Go to page Previous  1, 2, 3

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group