LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback
User Name
Password
LQ Suggestions & Feedback Do you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.

Notices


Reply
  Search this Thread
Old 01-21-2016, 05:21 PM   #46
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886

Quote:
Originally Posted by astrogeek View Post
I think it needs more than a tighter signup process though. There must be some madatory, dead end, moderation process for new members - something effective that they simply cannot bypass.
Won't happen, at least not with me onboard. Having some spammer's actions restrict access for legitimate users doesn't fly with me.
Quote:
Obviously that means the end of the truly open forum model, but I think that is where we are as a global society at this time, in more ways than internet access controls. The game as we have tried to play it is simply over.

Until the nature of man can be changed, we need a better model.
I think you are giving this incident too much weight. The battle against spammers is normal and comes down to a simple "Who is better, the person writing the filter rules or the person trying to circumvent them". For countless times Jeremy was the winner, implementing filter rules that prevented thousands of spam threads. This one time the spammers have won, and of course it looks massive, but only because we usually don't see the the masses of spam filtered out. So, for me it is: Jeremy has adapted the filters, the incident is over, the forum has been cleaned, so let's just move on. Yes, this was annoying, but since I became a mod that was the first time that something like this happened and I seriously doubt that it will happen again soon, so I see no need to restrict anything for legitimate users.

Last edited by TobiSGD; 01-21-2016 at 05:22 PM.
 
4 members found this post helpful.
Old 01-21-2016, 05:34 PM   #47
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,258
Blog Entries: 24

Rep: Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193
I hope that you are right TobiSGD.

And I agree that Jeremy has done an amazing job of keeping the site clean and open. He deserves all the credit that we can give him, and the mods, for that! My hat is off, especially because I have had to fight my own battles on this front (not so much spam, but targeted, massive intrusion and DDOS attempts).

I also agree with your sentiment about keeping the site open, despite my deep cynicism.

But I know there is a fundamental difference between filtering "normal" attacks that any open site endures, and doing battle with sustained targeted attacks, which must ultimately go beyond anything termed "filters".

This one looked more organized than the normal category (from my admittedly limited perspective) which may be why it was more successful. If so, it will probably adapt and grow...

Anyway, hats off to Jeremy and the mods - and as others have said, if we can help in any way please let us know!

Last edited by astrogeek; 01-21-2016 at 05:35 PM. Reason: typos
 
Old 01-21-2016, 09:03 PM   #48
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 11,198

Rep: Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307Reputation: 5307
The timing of these attacks is making me wonder if the attackers are all in the same time zone.
 
Old 01-21-2016, 09:14 PM   #49
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,597

Rep: Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080Reputation: 4080
It was quite clearly an automated attack, most likely by a botnet.

--jeremy
 
Old 01-22-2016, 08:19 AM   #50
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
I think Tobi is right. I have seen some level of spamming here occasionally over the years since I first joined years ago but nothing at yesterday's level so I think generally Jeremy has been filtering most of it out successfully.

I don't like the idea of making a mod approve someone before they can post. Many users (including me) come here the first time because they are in the middle of a problem.
 
Old 01-22-2016, 09:27 AM   #51
Ihatewindows522
Member
 
Registered: Oct 2014
Location: Fort Wayne
Distribution: Ubuntu 16.04 LTS
Posts: 616
Blog Entries: 2

Rep: Reputation: 166Reputation: 166
My question is how did it get past the CAPTCHA? That's what it's there for.
 
Old 01-22-2016, 11:37 AM   #52
malekmustaq
Senior Member
 
Registered: Dec 2008
Location: root
Distribution: Slackware & BSD
Posts: 1,669

Rep: Reputation: 498Reputation: 498Reputation: 498Reputation: 498Reputation: 498
Good work and thank you Jeremy & TobiSGD.
I happened to see it yesterday when I came, it appeared a shallow trouble-mongering.
Thanks again gentlemen.
 
Old 01-22-2016, 12:19 PM   #53
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by TobiSGD View Post
Quote:
Originally Posted by astrogeek
I think it needs more than a tighter signup process though. There must be some madatory, dead end, moderation process for new members - something effective that they simply cannot bypass.
Won't happen, at least not with me onboard. Having some spammer's actions restrict access for legitimate users doesn't fly with me.
I agree totally with the kudos being passed around to the moderators and Jeremy, totally.

But sorry, TobiSGD, but this doesn't make sense to me, and no amount of spin is going to.

You phrase it as "restrict access"...yet by changing it to "user verification", it doesn't sound as bad, does it? Yes, the moderators and Jeremy have done (and CONTINUE to do), a great job with filters, and user moderation/control. But we've all seen other users banned over the years...and I'm fairly positive that they would ALL argue that they were 'legitimate' users, even though their behavior spoke otherwise.

But it's OK to ban them AFTER they get here, but not ask them BEFOREHAND to show due-diligence?? That's a reactive stance, rather than a proactive stance. This is what makes no sense to me.

I've been a proponent of having new users having their first 5 posts moderated when they join. ONLY five...after that, game on. It would not only make it much, MUCH harder for spammers to do what they did, but also clean up a good bit of 'post spam', like the ones we see by the dozens each week:
  • Where to download xxx distro?
  • Give links for yyy
  • I need a script
Pointing people to stick posts/guidelines/whatever, does no good...it hasn't slowed down posters like this one tiny bit, and never will.
 
Old 01-22-2016, 12:27 PM   #54
rtmistler
Moderator
 
Registered: Mar 2011
Location: USA
Distribution: MINT Debian, Angstrom, SUSE, Ubuntu, Debian
Posts: 9,876
Blog Entries: 13

Rep: Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930Reputation: 4930
In the last 2-3 years I've only witnessed two occurrences of large spam which affected the forums. And they've never been shut down either, just invaded. Both times it lasted a very short time.
 
Old 01-22-2016, 01:53 PM   #55
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by rtmistler View Post
In the last 2-3 years I've only witnessed two occurrences of large spam which affected the forums. And they've never been shut down either, just invaded. Both times it lasted a very short time.
Agreed, and that's only due to the moderators/Jeremy.
 
Old 01-22-2016, 03:57 PM   #56
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886Reputation: 4886
Quote:
Originally Posted by TB0ne View Post

You phrase it as "restrict access"...yet by changing it to "user verification", it doesn't sound as bad, does it?
Changing the name does not make the procedure any different. Sending all posts from a new member to the moderation queue and forcing them to wait for a mod to become available (after all, we are all humans, we have a life beyond LQ and are not here 24/7) is nothing else than restricting access.
Quote:
Yes, the moderators and Jeremy have done (and CONTINUE to do), a great job with filters, and user moderation/control. But we've all seen other users banned over the years...and I'm fairly positive that they would ALL argue that they were 'legitimate' users, even though their behavior spoke otherwise.

But it's OK to ban them AFTER they get here, but not ask them BEFOREHAND to show due-diligence?? That's a reactive stance, rather than a proactive stance. This is what makes no sense to me
I am sorry, but I prefer "innocent until proven guilty". Nothing more to say.
 
Old 01-22-2016, 04:31 PM   #57
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by TobiSGD View Post
Changing the name does not make the procedure any different. Sending all posts from a new member to the moderation queue and forcing them to wait for a mod to become available (after all, we are all humans, we have a life beyond LQ and are not here 24/7) is nothing else than restricting access.
Incorrect. Restricting access is "You aren't allowed to join/post/do something else"....WAITING is not restricting anyone. And honestly, so what if there is a delay? This isn't the emergency room at the hospital, and as has been pointed out to countless people before, there are no 'urgent' threads here.
Quote:
I am sorry, but I prefer "innocent until proven guilty". Nothing more to say.
..and no one is saying ANYONE is guilty, are they? This is a safety measure, nothing more.

Do you leave your doors unlocked, and windows open when you leave your house? Hand random people keys with your address? After all...people are INNOCENT until proven guilty, right? Or do you use common-sense, and give keys to people you know can be trusted, and make everyone else wait until you get home, to determine whether they get in or not?

Yesterday's festivities skew things, whether you like it or not. Would this have been an issue if there was a five-post mod limit? Nope...ALL of those 'users' would have been shoved somewhere unseen, along with the many "plz to be giving the links" people. Spammers get deleted easily, others get an auto-response about question guidelines.

Still not seeing how this is bad. This, from some time ago:
http://www.linuxquestions.org/questi...ml#post5260949

...remains valid. While you may come from an academia background, and I understand how environments can color your views, I do not, although I have spent quite some time in schools, pursing my degrees.

I also firmly believe that people will rise to whatever expectations are set of them. There are NO SHORTCUTS, EVER for anything, be it knowledge, skills, or strength. You will either suffer the pain of discipline, or the pain of regret, the latter being FAR worse. Someone might want bigger muscles, and it's for damned sure they won't get them sitting on the couch...they have to actually DO something. Want to learn how to write scripts/program?? There is NOTHING stopping anyone in this day and age, except lack of drive. Giving people handouts only spurs them on to do the bare minimum they have to, and you'll be doing it for them, for as long as you LET THEM get away with it.

I have seen posters here play what I call 'forum tennis'...they beg/whine for a sample script, and someone hands them one at another forum. They come HERE, and post it VERBATIM, saying "plz to be helping", and someone does more...which they take to ANOTHER forum, where someone completes it. What's missing? Effort on their part..they have learned and done NOTHING. They will be back, and do the same thing for EVERY assignment they get, until someone, somewhere, puts foot to ass and tells them to stand on their own two feet.

I don't ask anything of anyone, that I don't expect of and demand from myself. I ask for help, but I'm damned sure I'm out of options when I do, and that I've researched/done/tried EVERYTHING I can think of first.
 
Old 01-22-2016, 06:37 PM   #58
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-15.0 Multilib
Posts: 6,554

Original Poster
Blog Entries: 15

Rep: Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097
CAPTCHA isn't perfect. If it has audio feedback there are text-to-speech converters. Either that or they preregistered a few accounts manually and then just let to the bot go.
 
Old 01-22-2016, 06:59 PM   #59
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,258
Blog Entries: 24

Rep: Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193
Watching this last attack I think it should not be very difficult to greatly mitigate this type with a simple algorithm or two.

A continuously updated aggregate value such as...

Code:
unreplied-new-user-posts
------------------------ > threshold = activate mandatory moderation for new users
         hour
... would at least prevent a successful bot attack from progressing until a moderator could investigate. Small inconvenience for most users.

Or something even simpler per-user would have stopped the recent abuse - for example, user with less than 100 posts exceeding 5 unreplied posts per hour is temporarily suspended pending moderation.

In the first couple of hours of this attack there were at least a few of those new users hitting the 100 posts point - that should raise a red flag in any environment! Stopping only those in their tracks would prevent the wall-of-spam without affecting any legitimate users.

Last edited by astrogeek; 01-22-2016 at 07:02 PM.
 
Old 01-22-2016, 10:00 PM   #60
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=15, FreeBSD_12{.0|.1}
Posts: 6,258
Blog Entries: 24

Rep: Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193Reputation: 4193
Friday night and here we go again...

This one is different, targeted and persistent, or looks that way to me anyway.

Looks like a long weekend for the mods, good luck and all the sympathy I can offer.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Auto deleting spam assasins spam box via cronjob and Roundcube Junk Folder osmy Linux - Newbie 8 01-23-2012 04:22 PM
Move SA Marked Spam to Junk/Spam Folder Using Procmail, Postfix, and Virtual Users alden_pease Linux - Server 0 01-05-2012 12:29 AM
some threads are become unnoticed because of large number of continious threads deepak_cucek LQ Suggestions & Feedback 9 08-20-2009 11:21 PM
spam filter that puts spam into spam folder? paul_mat Linux - Software 3 03-31-2009 04:18 AM
Java threads listed using kill -3 does not contain all threads found using ps -auxww coneheed Programming 2 11-14-2005 08:57 AM

LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback

All times are GMT -5. The time now is 09:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration