Removal of Spam threads.
Slackware's forum, and possibly others got hit tonight fairly hard by spammers in possibly Japanese, Korean, or Chinese language (?) and it's made a mess burying topics way down the list.
I know LQ has a policy about deleting topics, but shouldn't this be an exemption to the rule? |
We are working on that, please be patient.
|
in lqspy i notice most of the spammer user names contain the string
Code:
*[0-9][0-9]shig* |
There's more variation in the user names now. Blocking by name probably won't be effective.
This doesn't seem like normal spamming. Seems more like an attack. And it's still going on. |
I know, I am banning them as they come for now, since I was not able to contact Jeremy for now, which is not surprising, given that timezones still are a thing ;)
As I said please be patient, this issue will be resolved in the not so distant future. |
@TobiSGD:Thanks. Your hard work is appreciated. This must be a real pain for you guys.
|
I sent Jeremy a Tweet earlier. It is rather early in the morning.
What about the IP Tobi? Are all the offending accounts coming from a single source region or is it spread all over the map? |
I haven't had the time for now to look into the regions, I am banning people constantly for about 3 hours now, about 1-3 every minute, all I can tell you so far is that they don't use a single IP block.
Haven't seen a spam flood this large since I am a mod here. |
Thanks for your efforts TobiSGD and anyone else who is at the top level dealing with this.
Clearly appears to be certain forums, but I'm sure they also would proliferate as much as possible unless stopped. This is a good thread to monitor for reports on things, I've been subscribed since post #1 or 2. |
Not sure if it's in your abilities, but what about locking down registrations temporarily until a damage assessment can be made and the mess cleaned up?
To be honest it looks like bots. |
Only root can do that, so until Jeremy is aware of the situation all I can do is to slow them down, swinging the banhammer wildly.
|
Quote:
|
I wonder if maybe you could make this thread a sticky that shows at the top of zero replies view? That should at least help you keep from having everyone send in a report when they first see the issue as I did because I didn't know this thread existed.
|
I am not sure if that is even possible, since the Zero Reply List is actually a search result, not a forum. In any way, that is far beyond my knowledge and like permissions. Regarding reporting posts, I don't really care, for now I am just ignoring reports and just look at new threads. We can clean that up later.
|
Quote:
And I'm aware that since I can't see the posts that were removed or moderated out, the problem is clearly much worse than it looks. |
Quote:
|
Looks like I found a common denominator: all the spammers use Windows 10. No, I'm not joking.
Also, Korean text seems to be pretty common. Maybe setting a filter for that would help. Usernames also sometimes follow a "666" theme. delelonagatha999, Victorprincess66@mail.co... |
thanks, i hope you guys keep us informed how to eradicate the problem once its fixed; i work in systems engineering so i am naturally curious.
is anyone able to translate any of the posts... maybe it will clue us into something ? |
1 Attachment(s)
Quote:
EDIT: Alright, shescrazy8 is using Windows 7, not 10. Still, looks like the Korean crap is coming from 10 users. ANOTHER EDIT: shescrazy8 linked to a domain, and a whois search says that it points to somewhere in Seol. YET ANOTHER EDIT: Interesting: https://translate.google.com/#auto/e...9D%B4%ED%84%B0 YES ALREADY, ANOTHER EDIT: Attached the whois report. Maybe the admins can nab em on that? |
One thing I might suggest for the future is using something like Google Translate's API (or an equivalent, since I know there are users here who won't want all their posts being sent to Google) and sending all posts that get detected as being in a language other than English into a moderation queue.
EDIT: I just saw a spam account whose post count (under its username) reads 183. :/ |
Usually in the past on other forums a controller will post a garbage post or reply to test for a post-flood safety check, and the tune their bots accordingly.
Just do what you can Tobi. Until the offending posts can be moved out, only Sticky topics are going to be more easily accessed. |
1 Attachment(s)
Just realized the link to Google Translate didn't include the text, so I'm attaching a screenshot.
|
FWIW, and that's probably very little:
Tobi, I want to thank you for what you have being doing and to express my sympathy for your current plight (and the last thing that I want to do is to distract you from this task, so maybe I owe you an apology for even posting this). I do wonder what the actor(s) behind this kind of attack get from this? It must take them some time and effort to prepare this attack, mustn't it? |
Could be just random attacks. Could be deliberate attack from someone butthurt. Who knows. It's really pointless to say why. It just is what it is.
|
I wouldn't rule out this site is compromised.
|
Quote:
See also http://www.linuxquestions.org/questi...hp?issueid=205 |
Looks like it stopped, at least for a while.
|
Good work Tobi.
|
Was not caused by me, also, they are back. Looks to me that they just gave me a break to go for a walk with the dog ;)
|
We're aware of the situation and are working to clean it up and prevent future occurrence. Thanks for the patience.
--jeremy |
Quote:
--jeremy |
Cleanup is almost completed now. I apologize for the inconvenience. If any legitimate accounts were banned or legitimate posts removed, please let me know.
--jeremy |
Good job and well done.
|
Well done guys!
|
Thanks for all the hard work admin people.
|
I watched this develop overnight - it was well orchestrated IMO.
There was a definite not-so-subtle signature in most, but not all that I saw early on which I do not want to post visibly here, but use your shell/sed skills on this... Code:
"ZEV.bvg.AlexmW88aRYH91<<0>>-<<X>>JDL(o)T-88HGICleon.Myzik" And yes, thanks to the admins... I know the feeling... |
It started again ...
|
It simply is not possible to win the spam wars with an open forum policy.
I do not know the best way for LQ to handle it, but it will get worse - there are a near infinite number of low-grade morons armed with a potentially infinite number of bots, out there. Ultimately you just have to make it inaccessible to them. And it is a fair bet that more than a few of the sorry b***ards learn their limited skills form LQ... |
Is it from North Korea? Did someone of us insult Kim? ;)
|
Quote:
|
I think jeremy needs to change the registration process. For example, yahoo sends a code to the mobile phone to verify yourself.
Also, the admin for the pclinuxos.com forum disabled the usual registration process. In order to have an account in the pclinuxos.com's forum, you'll have to send the admin an email with the desired username and password. Then the admin sends an email to notify the user the account is now active and to change the password. |
That would leave me out - I have no mobile...
I think it needs more than a tighter signup process though. There must be some madatory, dead end, moderation process for new members - something effective that they simply cannot bypass. Obviously that means the end of the truly open forum model, but I think that is where we are as a global society at this time, in more ways than internet access controls. The game as we have tried to play it is simply over. Until the nature of man can be changed, we need a better model. |
One option that wouldn't eliminate it, but would at least slow it down (and would also slow down some legitimate users who NEED slowing down), is to implement a limit of one new thread per day per user.
|
Quote:
If I could help you I would.-:) Do you foresee Jeremy restricting the registration process? |
Quote:
In other Linux forums when a new member registers you have to wait for a Moderator or and Administrator to approve the new membership. |
Quote:
Quote:
|
I hope that you are right TobiSGD.
And I agree that Jeremy has done an amazing job of keeping the site clean and open. He deserves all the credit that we can give him, and the mods, for that! My hat is off, especially because I have had to fight my own battles on this front (not so much spam, but targeted, massive intrusion and DDOS attempts). I also agree with your sentiment about keeping the site open, despite my deep cynicism. But I know there is a fundamental difference between filtering "normal" attacks that any open site endures, and doing battle with sustained targeted attacks, which must ultimately go beyond anything termed "filters". This one looked more organized than the normal category (from my admittedly limited perspective) which may be why it was more successful. If so, it will probably adapt and grow... Anyway, hats off to Jeremy and the mods - and as others have said, if we can help in any way please let us know! |
The timing of these attacks is making me wonder if the attackers are all in the same time zone.
|
It was quite clearly an automated attack, most likely by a botnet.
--jeremy |
I think Tobi is right. I have seen some level of spamming here occasionally over the years since I first joined years ago but nothing at yesterday's level so I think generally Jeremy has been filtering most of it out successfully.
I don't like the idea of making a mod approve someone before they can post. Many users (including me) come here the first time because they are in the middle of a problem. |
All times are GMT -5. The time now is 04:54 PM. |