LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   LQ Suggestions & Feedback (http://www.linuxquestions.org/questions/lq-suggestions-and-feedback-7/)
-   -   Spam (http://www.linuxquestions.org/questions/lq-suggestions-and-feedback-7/spam-901817/)

Alien Bob 09-08-2011 05:30 AM

That's not good... the site is vulnerable to spammers. Is the registration process too easy to automate?

nigelc 09-08-2011 06:07 AM

Spam
 
I have just noticed there is a whole load of spam coming in. Is it all from the same place?

Nigel

acid_kewpie 09-08-2011 06:07 AM

yup.

Nylex 09-08-2011 07:31 AM

This is insane! I've never seen such a large amount of spam in one day in all my time on LQ :/.

unSpawn 09-08-2011 08:04 AM

The're all in 163DATA.COM.CN and CNDATA.COM, basically 222.186.24.0/24, 60.169.73.0/24, 117.41.185.0/24 and 122.226.223.0/24 and all account names are easily recognizable as they all have a seemingly-R/L-like {firstname}{surname} handle.

MrCode 09-08-2011 08:13 AM

I was actually thinking of starting a thread on this in LQ S&F, as I had noticed a bunch of profiles "crawling" LQ /General which all had zero posts and the same birth date (Nov 30). I decided against it because I figured that maybe my sample size wasn't big enough and it could have just been a coincidence. :-\

cascade9 09-08-2011 08:21 AM

So much spam that we've probably spammed the mods with spam roports. :D Sorry mods/amins.

BTW, why is it I never seen 'egg sausage and bacon' spam, its always damned handbags/shoes/clothing?

SigTerm 09-08-2011 08:21 AM

Quote:

Originally Posted by Nylex (Post 4465741)
This is insane! I've never seen such a large amount of spam in one day in all my time on LQ :/.

"This too shall pass".

TheIndependentAquarius 09-08-2011 10:23 AM

The surprising part for me was, that this
spammer didn't include any "hyperlinks"!
He expected us to STFW or he was dumb?

the trooper 09-08-2011 10:29 AM

Apologies to the mods from me also.I have reported a number of 'spam-like' posts myself before discovering this thread.

unSpawn 09-08-2011 11:31 AM

...at least Jeremy's on the case now. Should see some progress RSN.

jeremy 09-08-2011 11:37 AM

Quote:

Originally Posted by Alien Bob (Post 4465442)
That's not good... the site is vulnerable to spammers. Is the registration process too easy to automate?

We have quite a few ant-spam measures in place and effectively block thousands of spam messages a day. This recent attack has been cleaned up and is something completely new from what I can tell. We're looking into how to prevent it moving forward now.

--jeremy

dugan 09-08-2011 11:55 AM

Quote:

Originally Posted by unSpawn (Post 4465830)
The're all in 163DATA.COM.CN and CNDATA.COM, basically 222.186.24.0/24, 60.169.73.0/24, 117.41.185.0/24 and 122.226.223.0/24 and all account names are easily recognizable as they all have a seemingly-R/L-like {firstname}{surname} handle.

Really? The spammer (and I'm sure it's one person) didn't bother to have each bot register from a different proxy? I'm shocked.

Also, since most of the spam posts had the same post bodies, programming the forum software to reject those specific strings would have worked temporarily.

jeremy 09-08-2011 12:16 PM

Just a quick note that we've cleaned things up. This was a new type of attack that our current spam filters (which catch an absolutely huge amount of spam) missed. I'd like to thank the mod team for their diligence and the members for their patience during this attack. Moving forward I think we have this one sorted out, but if you notice anything else odd, please let me know. Also, I do have one request. While we *really* appreciate the reported posts, if members could refrain from actually posting in the threads themselves (be it about the spam or responding to the spammer), we'd really appreciate it. While we have automated ways to remove the posts from the spammers, there's no way for us to automatically remove posts from legitimate members about the spam. Thanks again.

--jeremy

Nylex 09-08-2011 12:20 PM

Glad that it's sorted out now. One question: is it better to just report a single post from a spammer, rather than every one? I started doing the former when I realised there was a large scale attack, so as not to fill up people's inboxes.


All times are GMT -5. The time now is 09:16 PM.