Skip navigation
Sidebar -

Advanced search options →
CEMB → Forum → Welcome to the forum → Forum Announcements → Spambot attacks (read it: this means you)

Welcome

Welcome to CEMB forum.
Please login or register. Did you miss your activation email?

Donations

Help keep the Forum going!
Click on Kitty to donate:

Kitty is lost

Recent Posts

ماذا يحدث هذه الايام؟؟؟.
by akay
Today at 08:47 AM
What music are you listen...
by zeca
June 04, 2024, 03:00 AM
Lights on the way
by akay
June 03, 2024, 04:08 AM
New Britain
June 02, 2024, 05:11 PM
What's happened to the fo...
June 02, 2024, 02:12 AM
Qur'anic studies today
by zeca
June 01, 2024, 03:35 PM
General chat & discussion...
May 31, 2024, 08:51 AM
Do humans have needed kno...
May 26, 2024, 09:19 AM
اضواء على الطريق ....... ...
by akay
May 25, 2024, 05:42 AM
Is Iran/Persia going to b...
by zeca
May 20, 2024, 11:23 AM
Best Quran translation ev...
May 19, 2024, 02:20 PM
Gaza assault
May 18, 2024, 03:37 PM

Theme Changer

 Topic: Spambot attacks (read it: this means you)

 (Read 12004 times)
  • 12 Next page « Previous thread | Next thread »
  • Spambot attacks (read it: this means you)
     OP - February 17, 2011, 01:40 AM
    Anyone using weak passwords? You may want to change them if you are.

    Currently, this forum and a lot of other forums are under sustained attack by spambots that are attempting to brute force logins to accounts. What they are doing is rocking up at a site, scanning posts for a bunch of usernames, and then attempting to guess the passwords so they can gain control of the accounts.

    They are doing this by randomly running a variety of fairly simple possible passwords for all the account names they have scanned. Actual examples are: baseball1, master, princess, asdfg, asdf1 and lkjhg.

    These attacks are coming from all over the world, and the real IP's cannot be traced because they are being hidden behind Tor proxies. There are a lot  of bots involved in this and they are being persistent.

    It's always good practice to not use basic passwords that can be guessed by a dictionary attack, or very short strings of random characters. If anyone is using a fairly weak password they should think very seriously about changing it now.

    This thing is rather handy if you want real security: GRC | Ultra High Security Password Generator

    I use that gizmo to generate the passwords for our server. Wink


    ETA: Oh and to give an idea of the scale of the problem, we have had over 70 attempts on accounts here in the last five hours.
    Devious, treacherous, murderous, neanderthal, sub-human of the West. bunny
  • Re: Spambot attacks (read it: this means you)
     Reply #1 - February 17, 2011, 05:36 AM
    Is that a total of 70 login attempts? or 70 bots trying to bruteforce? or 70 accounts each being bruteforced?
    Join us on chat. Click here.
  • Re: Spambot attacks (read it: this means you)
     Reply #2 - February 17, 2011, 06:03 AM

    Cheers for the heads up Os
    "we can smell traitors and country haters"


    Quote from: arX on April 30, 2011, 11:33 PM
    God is Love.
    Love is Blind. Stevie Wonder is blind. Therefore, Stevie Wonder is God.

  • Re: Spambot attacks (read it: this means you)
     Reply #3 - February 17, 2011, 07:55 AM
    so what do these spambots achieve once they manage to gain access to a members password?
    My Book     news002       
    My Blog  pccoffee
  • Re: Spambot attacks (read it: this means you)
     Reply #4 - February 17, 2011, 08:45 AM
    Wtf. I keep getting 'hacking attempt' when I try to change settings or pages :/
    Blind faith is an ironic gift to return to the Creator of human intelligence

  • Re: Spambot attacks (read it: this means you)
     Reply #5 - February 17, 2011, 08:48 AM
    Are they using trial and error aproach?

    If yes, can you implent like 3 consecutive incorrect attempts within a day rule?
    Admin of following facebook pages and groups:
    Islam's Last Stand (page)
    Islam's Last Stand (group)
    and many others...
  • Re: Spambot attacks (read it: this means you)
     Reply #6 - February 17, 2011, 08:49 AM
    What do I do :(
    I can't even get into my own profile to change my password even if I wanted to
    Blind faith is an ironic gift to return to the Creator of human intelligence

  • Re: Spambot attacks (read it: this means you)
     Reply #7 - February 17, 2011, 09:02 AM
    Quote from: zooby on February 17, 2011, 05:36 AM
    Is that a total of 70 login attempts? or 70 bots trying to bruteforce? or 70 accounts each being bruteforced?

    70 login attempts.* It's not enough to be a ddos problem for us but they are continual. We've been getting them for a week or so now. Some people may have noticed they were getting logged out unexpectedly. This was due to the spambot logins being attempted on their accounts. The latest software update has fixed that problem but the attacks are ongoing.


    Quote from: IsLame on February 17, 2011, 07:55 AM
    so what do these spambots achieve once they manage to gain access to a members password?

    Access for spamming on that account, for one thing. They would also be banking on the fact that a lot of people tend to share passwords between accounts, so they would look for the same username and email elsewhere and try to grab those accounts as well. I say email because, of course, once they have login to an account they can harvest the email that was used to register that account.


    Quote from: muddy on February 17, 2011, 08:48 AM
    Are they using trial and error aproach?

    If yes, can you implent like 3 consecutive incorrect attempts within a day rule?

    Could, but don't really want to. If we do that, then anyone whose account is attacked is likely to find themselves locked out. Better to just let the bots go for it as long as they aren't actually overloading our connections.


    *ETA: although almost as many accounts.
    Devious, treacherous, murderous, neanderthal, sub-human of the West. bunny
  • Re: Spambot attacks (read it: this means you)
     Reply #8 - February 17, 2011, 09:05 AM
    Quote from: Loki on February 17, 2011, 08:45 AM
    Wtf. I keep getting 'hacking attempt' when I try to change settings or pages :/

    The only errors in the log for you are for the shoutbox. What exactly are you trying to do?
    Devious, treacherous, murderous, neanderthal, sub-human of the West. bunny
  • Re: Spambot attacks (read it: this means you)
     Reply #9 - February 17, 2011, 09:30 AM
    Ha, they'd never get mine, its Marshmello5151362, no one can guess that. grin12


    .....f**k!
  • Re: Spambot attacks (read it: this means you)
     Reply #10 - February 17, 2011, 10:15 AM
    Quote from: osmanthus on February 17, 2011, 09:02 AM
    Could, but don't really want to. If we do that, then anyone whose account is attacked is likely to find themselves locked out. Better to just let the bots go for it as long as they aren't actually overloading our connections.

    How about location filter as facebook does? As soon as you login from an unknown location, it blocks your account and ask you to login from home. Once you login from home/work, it ask you to verify the location you logged in from.

    I know some times it sux specially for smart phones because smart phones sometimes use IP address from entirely different region of the country, but anyways facebook don't let you login, why can't we?
    Admin of following facebook pages and groups:
    Islam's Last Stand (page)
    Islam's Last Stand (group)
    and many others...
  • Re: Spambot attacks (read it: this means you)
     Reply #11 - February 17, 2011, 10:27 AM
    Yeah but why should we bother? It just screws people around and as long as they have decent password strength the bots wont do any harm.

    TBH the best way of dealing with this is to use a different login name and display name. I should probably add a recommendation for that to the registration form so that new accounts can be hidden from the bots.

    There's no point people with existing accounts changing their displayed name now because the bots already have already scanned existing display names, so if they are the same as the username they already have that too.

    Oh and before you suggest IP blocking, the problem with that is that since they're hiding behind Tor the IP's are tricky. Tor nodes are always changing, so what is a Tor node one hour can be a perfectly normal (and therefore botless) IP the next hour. Also, I don't really want to start blocking Tor if it isn't completely necessary, because it's a very handy resource for people in dodgey situations.

    I reckon we just sit tight for now and keep an eye on the situation.  Afro
    Devious, treacherous, murderous, neanderthal, sub-human of the West. bunny
  • Re: Spambot attacks (read it: this means you)
     Reply #12 - February 17, 2011, 10:31 AM
    Assassinate the malicious hackers-- simple.
    fuck you
  • Re: Spambot attacks (read it: this means you)
     Reply #13 - February 17, 2011, 10:35 AM
    Or we could get them to convert to hackersforcharity.org

    Or at the very least hackersforjesus.

  • Re: Spambot attacks (read it: this means you)
     Reply #14 - February 17, 2011, 11:24 AM
    Quote from: muddy on February 17, 2011, 10:15 AM
    How about location filter as facebook does? As soon as you login from an unknown location, it blocks your account and ask you to login from home. Once you login from home/work, it ask you to verify the location you logged in from.

    I know some times it sux specially for smart phones because smart phones sometimes use IP address from entirely different region of the country, but anyways facebook don't let you login, why can't we?

    But there might be ex-muslims who want to join, worried about their safety & want to remain anonymous?
    My Book     news002       
    My Blog  pccoffee
  • Re: Spambot attacks (read it: this means you)
     Reply #15 - February 17, 2011, 12:24 PM
     Huh?  hackers for jesus?   Cheesy Cheesy Cheesy

    I wonder if they try multi languages, or is it just english?
    *JnT has a few "foreign" words up her sleeve snickers*
    When one door of happiness closes, another opens; but often we look so long at the closed door that we do not see the one which has been opened for us.
    Helen Keller
  • Re: Spambot attacks (read it: this means you)
     Reply #16 - February 17, 2011, 02:23 PM
    Add some annoying captcha for login?
    Do not look directly at the operational end of the device.
  • Re: Spambot attacks (read it: this means you)
     Reply #17 - February 17, 2011, 02:36 PM
    I forgot my password. It's saved in the auto complete forum. lol
    Left the forum: http://www.councilofexmuslims.com/index.php?topic=22997
  • Re: Spambot attacks (read it: this means you)
     Reply #18 - February 17, 2011, 03:11 PM
    I agree with Tlaloc Captcha would be best solution to prevent the bots, maybe implement it after 3 failed logins.
    Join us on chat. Click here.
  • Re: Spambot attacks (read it: this means you)
     Reply #19 - February 17, 2011, 05:08 PM
    Cheers for the heads up and the cool password generator. My password isn't in a dictionary, but I'll change it anyway to something random just in case  Tongue
  • Re: Spambot attacks (read it: this means you)
     Reply #20 - February 17, 2011, 05:09 PM
     Cheesy And what makes you think catpcha is any use against bots these days? It isn't. In the war against spambots captcha is obsolete. Just about any bot can read any captcha a human can manage to read, and for the bots it isn't annoying. I have deliberately left the captcha turned down to a low level on this site and have even thought seriously about removing it entirely.
    Devious, treacherous, murderous, neanderthal, sub-human of the West. bunny
  • Re: Spambot attacks (read it: this means you)
     Reply #21 - February 17, 2011, 07:48 PM
    Oh if anyone wants their login name (not their displayed name) changed then shoot me* a PM. This will stop the bots being able to harvest the new username, as long as you keep the displayed name different.

    Note that if your login name is edited (only teh adminz can do that) you'll be logged out and will receive an email with the new login name and a new password. That's just how the software works. Smiley


    *Well me or Allat or Stinky. Not all three at once though because we don't want to be tripping over each other.
    Devious, treacherous, murderous, neanderthal, sub-human of the West. bunny
  • Re: Spambot attacks (read it: this means you)
     Reply #22 - February 17, 2011, 09:40 PM
    I want cool username change.
    Left the forum: http://www.councilofexmuslims.com/index.php?topic=22997
  • Re: Spambot attacks (read it: this means you)
     Reply #23 - February 18, 2011, 02:12 PM
    Quote from: muddy on February 17, 2011, 08:48 AM
    Are they using trial and error aproach?

    If yes, can you implent like 3 consecutive incorrect attempts within a day rule?

    +1, make it 3 consecutive attempts per day per ip.
    http://www.urbandictionary.com/define.php?term=L2pk
    --
    Previously donatelo
    --
    Watch Ishina lie and then try to squirm her way out of it like a worm
  • Re: Spambot attacks (read it: this means you)
     Reply #24 - February 18, 2011, 02:15 PM
    Quote from: Tlaloc on February 17, 2011, 02:23 PM
    Add some annoying captcha for login?

    +1
    http://www.urbandictionary.com/define.php?term=L2pk
    --
    Previously donatelo
    --
    Watch Ishina lie and then try to squirm her way out of it like a worm
  • Re: Spambot attacks (read it: this means you)
     Reply #25 - February 18, 2011, 02:16 PM
    Quote from: osmanthus on February 17, 2011, 05:09 PM
    Cheesy And what makes you think catpcha is any use against bots these days? It isn't. In the war against spambots captcha is obsolete. Just about any bot can read any captcha a human can manage to read, and for the bots it isn't annoying. I have deliberately left the captcha turned down to a low level on this site and have even thought seriously about removing it entirely.

    Its fairly effective or it won't be in mass use.
    http://www.urbandictionary.com/define.php?term=L2pk
    --
    Previously donatelo
    --
    Watch Ishina lie and then try to squirm her way out of it like a worm
  • Re: Spambot attacks (read it: this means you)
     Reply #26 - February 18, 2011, 04:49 PM
    It's in mass use because the software using it was mostly coded back when captcha was some use. It's legacy code, in effect. Couple that to the fact that people still think it's effective and therefore expect it to be a feature (and would feel insecure if it wasn't) and you have the reasons for its continued use.
    Devious, treacherous, murderous, neanderthal, sub-human of the West. bunny
  • Re: Spambot attacks (read it: this means you)
     Reply #27 - February 18, 2011, 06:22 PM
    Just threw in a patch which seems to have nobbled them.  Afro

    ETA: Also disabled captcha, just to see what happens. My bet is it wont make a damned bit of difference.
    Devious, treacherous, murderous, neanderthal, sub-human of the West. bunny
  • Re: Spambot attacks (read it: this means you)
     Reply #28 - February 19, 2011, 01:14 AM
    Quote from: osmanthus on February 18, 2011, 04:49 PM
    It's in mass use because the software using it was mostly coded back when captcha was some use. It's legacy code, in effect. Couple that to the fact that people still think it's effective and therefore expect it to be a feature (and would feel insecure if it wasn't) and you have the reasons for its continued use.

    Disagree mate, or there would be massive spam everywhere on sites that use it.
    http://www.urbandictionary.com/define.php?term=L2pk
    --
    Previously donatelo
    --
    Watch Ishina lie and then try to squirm her way out of it like a worm
  • Re: Spambot attacks (read it: this means you)
     Reply #29 - February 19, 2011, 05:26 AM
    Hey when we were relying on captcha we had bot registrations all over the place. Since I stopped relying on it, bot registrations have dropped to almost zero. Go figure. Smiley
    Devious, treacherous, murderous, neanderthal, sub-human of the West. bunny
  • 12 Next page « Previous thread | Next thread »