Please login or register.

Login with username, password and session length

News:

Author Topic: The Spambot Situation  (Read 1310 times)

0 Members and 1 Guest are viewing this topic.

December 15, 2014, 05:47:25 PM
Hi, everyone.

As some of you are aware, over the past two days EqF has experienced a surge in activity from spambots; a number of these bypassed our built-in anti-spam defences and posted links to potentially-harmful websites. On top of those who did manage to get through, we have received hits from hundreds more which have thankfully been caught and rejected before they could complete their registration.

The spambots who got onto the board have been identified and their accounts deleted. However, we are currently still receiving many hits from spambots, and to be cautious we have temporarily disabled registration to new members. To be more specific, any new member trying to join must have their registration approved by me personally, so I can remain informed of where we stand. We have received 25 attempted spambot registrations in just the last two hours, so we're not out of the woods yet.

We are looking into ways to improve our security for the future; this is only a temporary measure to give us breathing room, as none of us - least of all the staff - want to spend valuable time identifying and dealing with spambots. I've also set this board - Board Info & News - so that it can't be seen by Guests, so only registered members can discuss this issue. Maybe it's meaningless, but an extra layer of protection can't hurt.

Thank you all for your patience and understanding. I'll post more when we know more.

Sorry but you are not allowed to view spoiler contents.

December 15, 2014, 06:28:12 PM
Reply #1
Just thinking aloud here --

1. Is there an easy way to rotate the verification questions on the registration form regularly? I imagine we must have ended up on some spammer's list of SMF forums with known answers to the check questions -- but if the spammer has to invest just 10 minutes in research a couple of times a week to keep abreast of the form, he might not find it worth the trouble.

I've also set this board - Board Info & News - so that it can't be seen by Guests, so only registered members can discuss this issue. Maybe it's meaningless, but an extra layer of protection can't hurt.

2. If that is permanent, some new way for guests to see the forum rules post before they decide to register ought to be found.
OC descriptions here
Using my fancy mathematics to model the issues since 2013.

December 15, 2014, 06:36:32 PM
Reply #2
I've actually just added a few new verification questions - nothing too obscure obviously but still things that are relevant to the board and aren't necessarily going to be common knowledge to just anyone. We had the previous two verification questions for a long time so it was overdue that we updated these anyway.

As for keeping this board private to Guests, that's just a temporary consideration, on the off-chance that anyone behind the attacks might be reading up on how we're dealing with things to look for potential exploits. The rules are in need of a refreshing anyway, but yes, I agree that they should be something that's available to Guests. With any luck this issue will be over before we start needing to think of contingency plans for that, though.

Sorry but you are not allowed to view spoiler contents.

December 15, 2014, 07:19:33 PM
Reply #3
I've actually just added a few new verification questions - nothing too obscure obviously but still things that are relevant to the board and aren't necessarily going to be common knowledge to just anyone.

Oh yes, I see them. Not completely sold on the last one -- I get that we demand a certain minimal literacy from new members, but demanding that they can spell generousity generocity gennerosity unaided may be setting the bar slightly higher than intended.

How about instead, "What is the last name of Twilight?" That is not quite immediately googlable . (And IP ban anyone who tries to answer Swan or Cullen).
« Last Edit: December 15, 2014, 07:42:02 PM by Henning Makholm »
OC descriptions here
Using my fancy mathematics to model the issues since 2013.

December 15, 2014, 08:47:50 PM
Reply #4
best off luck fighting off the spambie horde

Snowy Flanks
Sorry but you are not allowed to view spoiler contents.

December 21, 2014, 09:11:08 AM
Reply #5