FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS Development

 
 
LinkBack Thread Tools
 
Old 09-14-2011, 03:44 PM
Phil Schaffner
 
Default URGENT: Website and fora at risk due to automated spammer account creation

http://bugs.centos.org/view.php?id=5105

Forum moderators have been battling spammers creating bogus accounts by
the thousands using automated "bots". The only way moderators currently
have to attack the problem is by a laborious process of searching for
such accounts and selecting them for deletion. This has been working,
although at the cost of considerable time to perform the operations;
however, such accounts are currently being created at a rate of
thousands per day making deletion of 50 at a time via the web interface
a practical impossibility.

Our approach has been to delete all "Inactive" accounts more than 7 days
old (these are being created at a rate of about 1 per minute) and
"Active" accounts with no posts and either no logins, or with no logins
in the last 30 days. The latter are the rapidly growing problem, and
more than 40,000 accounts with zero posts created between 7 and 30 days
ago currently exist. Account creation at this rate will likely bring
the site down if the situation is not dealt with soon.

Proposed approach:

1. Implement some automated way of deleting accounts as described above.
2. Implement captcha or some other mechanism in the account creation
process to foil the bots.

Phil
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 09-15-2011, 12:05 AM
Nataraj
 
Default URGENT: Website and fora at risk due to automated spammer account creation

On 09/14/2011 08:44 AM, Phil Schaffner wrote:
> http://bugs.centos.org/view.php?id=5105
>
> Forum moderators have been battling spammers creating bogus accounts by
> the thousands using automated "bots". The only way moderators currently
> have to attack the problem is by a laborious process of searching for
> such accounts and selecting them for deletion. This has been working,
> although at the cost of considerable time to perform the operations;
> however, such accounts are currently being created at a rate of
> thousands per day making deletion of 50 at a time via the web interface
> a practical impossibility.
>
> Our approach has been to delete all "Inactive" accounts more than 7 days
> old (these are being created at a rate of about 1 per minute) and
> "Active" accounts with no posts and either no logins, or with no logins
> in the last 30 days. The latter are the rapidly growing problem, and
> more than 40,000 accounts with zero posts created between 7 and 30 days
> ago currently exist. Account creation at this rate will likely bring
> the site down if the situation is not dealt with soon.
>
> Proposed approach:
>
> 1. Implement some automated way of deleting accounts as described above.
> 2. Implement captcha or some other mechanism in the account creation
> process to foil the bots.
>
> Phil
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel@centos.org
> http://lists.centos.org/mailman/listinfo/centos-devel
While I don't know exactly what these particular attacks look like, I'm
wondering if you could use iptables ability to block ip's that have
excessive incoming connection rates. You might also look at fail2ban.

One other useful thing to look at, which would of course require you to
implement for the forums website is the postscreen technology in the
postfix smtp implementation. postscreen receives the incoming smtp
connection and then has its own algorithms for determining if the
connection is legitimate and then hands of legitimate connections to the
actual smtp agent retransmitting the data that it has already received
on the connection. I'm not sure how useful it would be here or if
something like that would introduce too many delays for a website, but
it is a potentially interesting and effective technology which could
have relevance here.

Nataraj

_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 09-15-2011, 03:19 AM
Nataraj
 
Default URGENT: Website and fora at risk due to automated spammer account creation

On 09/14/2011 05:05 PM, Nataraj wrote:
> On 09/14/2011 08:44 AM, Phil Schaffner wrote:
>> http://bugs.centos.org/view.php?id=5105
>>
>> Forum moderators have been battling spammers creating bogus accounts by
>> the thousands using automated "bots". The only way moderators currently
>> have to attack the problem is by a laborious process of searching for
>> such accounts and selecting them for deletion. This has been working,
>> although at the cost of considerable time to perform the operations;
>> however, such accounts are currently being created at a rate of
>> thousands per day making deletion of 50 at a time via the web interface
>> a practical impossibility.
>>
>> Our approach has been to delete all "Inactive" accounts more than 7 days
>> old (these are being created at a rate of about 1 per minute) and
>> "Active" accounts with no posts and either no logins, or with no logins
>> in the last 30 days. The latter are the rapidly growing problem, and
>> more than 40,000 accounts with zero posts created between 7 and 30 days
>> ago currently exist. Account creation at this rate will likely bring
>> the site down if the situation is not dealt with soon.
>>
>> Proposed approach:
>>
>> 1. Implement some automated way of deleting accounts as described above.
>> 2. Implement captcha or some other mechanism in the account creation
>> process to foil the bots.
>>
>> Phil
>> _______________________________________________
>> CentOS-devel mailing list
>> CentOS-devel@centos.org
>> http://lists.centos.org/mailman/listinfo/centos-devel
> While I don't know exactly what these particular attacks look like, I'm
> wondering if you could use iptables ability to block ip's that have
> excessive incoming connection rates. You might also look at fail2ban.
>
> One other useful thing to look at, which would of course require you to
> implement for the forums website is the postscreen technology in the
> postfix smtp implementation. postscreen receives the incoming smtp
> connection and then has its own algorithms for determining if the
> connection is legitimate and then hands of legitimate connections to the
> actual smtp agent retransmitting the data that it has already received
> on the connection. I'm not sure how useful it would be here or if
> something like that would introduce too many delays for a website, but
> it is a potentially interesting and effective technology which could
> have relevance here.
>
> Nataraj
>
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel@centos.org
> http://lists.centos.org/mailman/listinfo/centos-devel

One further idea that I just ran across is to require that posters have
a confirmed email address on file. The first time they post, or if they
haven't posted for some time, send a confirmation request to the email
address on file and delay the post until it is confirmed. If necessary
the confirmation could require reading a character string from a graphic
image and entering it on the website.

Nataraj

_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 09-15-2011, 10:54 AM
Fabian Arrotin
 
Default URGENT: Website and fora at risk due to automated spammer account creation

On 09/14/2011 05:44 PM, Phil Schaffner wrote:
> http://bugs.centos.org/view.php?id=5105

> Proposed approach:
>
> 1. Implement some automated way of deleting accounts as described above.
> 2. Implement captcha or some other mechanism in the account creation
> process to foil the bots.
>

I guess that someone with access to the machine and the corresponding
mysql db/tables can do that, assuming that such 'research' has to be
done to know what to delete from the xoops db ...
I don't know if captcha is available for that old xoops version. What i
did for the fr.centos.org forum (using captcha by default) was also to
moderate the first post of every new user : spammers not seeing their
posts appearing on the forum stop to post (i guess the bot does a check
and stop after several attempts). That means that the moderator (me) has
to check the first post of each new user, but that's safer and easier
than having to deal with millions of posts from autogenerated accounts

Fabian
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 09-15-2011, 12:40 PM
Ljubomir Ljubojevic
 
Default URGENT: Website and fora at risk due to automated spammer account creation

Време: 09/15/2011 12:54 PM, Fabian Arrotin пише:
> On 09/14/2011 05:44 PM, Phil Schaffner wrote:
>> http://bugs.centos.org/view.php?id=5105
>
>> Proposed approach:
>>
>> 1. Implement some automated way of deleting accounts as described above.
>> 2. Implement captcha or some other mechanism in the account creation
>> process to foil the bots.
>>
>
> I guess that someone with access to the machine and the corresponding
> mysql db/tables can do that, assuming that such 'research' has to be
> done to know what to delete from the xoops db ...
> I don't know if captcha is available for that old xoops version. What i
> did for the fr.centos.org forum (using captcha by default) was also to
> moderate the first post of every new user : spammers not seeing their
> posts appearing on the forum stop to post (i guess the bot does a check
> and stop after several attempts). That means that the moderator (me) has
> to check the first post of each new user, but that's safer and easier
> than having to deal with millions of posts from autogenerated accounts
>
> Fabian

+1


--

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 
Old 09-15-2011, 03:28 PM
Phil Schaffner
 
Default URGENT: Website and fora at risk due to automated spammer account creation

Fabian Arrotin wrote on 09/15/2011 06:54 AM:
...
> I guess that someone with access to the machine and the corresponding
> mysql db/tables can do that, assuming that such 'research' has to be
> done to know what to delete from the xoops db ...
> I don't know if captcha is available for that old xoops version. What i
> did for the fr.centos.org forum (using captcha by default) was also to
> moderate the first post of every new user : spammers not seeing their
> posts appearing on the forum stop to post (i guess the bot does a check
> and stop after several attempts). That means that the moderator (me) has
> to check the first post of each new user, but that's safer and easier
> than having to deal with millions of posts from autogenerated accounts

We are not having a problem (yet) with automated posts. The manual
spammers can be dealt with fairly easily by moderators. The concern is
that the thousands of bogus accounts are sooner or later going to break
Xoops or otherwise bring the site to its knees.

The motivation of the bad guys is not clear to me. Perhaps they are
just expecting to generate hits on their URLs by search engines, or just
want to be disruptive.

Phil
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
http://lists.centos.org/mailman/listinfo/centos-devel
 

Thread Tools




All times are GMT. The time now is 08:40 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org