Skip to main content

News

Topic: An immense effusion of spambots from the great darkness (Read 8874 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.
  • Fat Cerberus
  • [*][*][*][*][*]
  • Global Moderator
  • Sphere Developer
An immense effusion of spambots from the great darkness
I've noticed a lot of spambots seem to have found the forums recently.  I can check Who's Online now and it often shows about 8-10 users "Registering for an account".  Nothing ever comes of it so the spam filters are obviously doing what they're supposed to, but it's weird that the activity has picked up all of a sudden.
neoSphere 5.9.2 - neoSphere engine - Cell compiler - SSj debugger
forum thread | on GitHub

  • N E O
  • [*][*][*][*][*]
  • Administrator
  • Senior Administrator
Re: An immense effusion of spambots from the great darkness
Reply #1
'Tis odd indeed.

  • Fat Cerberus
  • [*][*][*][*][*]
  • Global Moderator
  • Sphere Developer
Re: An immense effusion of spambots from the great darkness
Reply #2
Aww, looks like one finally made it in. :-\
neoSphere 5.9.2 - neoSphere engine - Cell compiler - SSj debugger
forum thread | on GitHub

  • DaVince
  • [*][*][*][*][*]
  • Administrator
  • Used Sphere for, like, half my life
Re: An immense effusion of spambots from the great darkness
Reply #3
What's strange is that this "member" wasn't in the group of verified users (only those users can actually post). Something seems to be up with the permissions...

Reported the account to the global spam database and removed posts.

  • Fat Cerberus
  • [*][*][*][*][*]
  • Global Moderator
  • Sphere Developer
Re: An immense effusion of spambots from the great darkness
Reply #4
These spammers are weird.  The posts are so impenetrable that I have no idea what they're supposed to be selling.  Isn't that counterproductive? ???
neoSphere 5.9.2 - neoSphere engine - Cell compiler - SSj debugger
forum thread | on GitHub

Re: An immense effusion of spambots from the great darkness
Reply #5
Each one has a link in it, though. That's the payload.

  • Fat Cerberus
  • [*][*][*][*][*]
  • Global Moderator
  • Sphere Developer
Re: An immense effusion of spambots from the great darkness
Reply #6
Okay, someone really needs to find out how these guys are getting past the verification.  None of them are Verified, which should mean they can't post either.  Really strange.

One pattern I have noticed is that they're all sleepers--members since Sept-Oct of last year.  Maybe the forum software "forgets" they need verification after a while...
  • Last Edit: May 05, 2016, 02:00:26 am by Lord English
neoSphere 5.9.2 - neoSphere engine - Cell compiler - SSj debugger
forum thread | on GitHub

Re: An immense effusion of spambots from the great darkness
Reply #7
That last one seems to have registered last year.

  • Radnen
  • [*][*][*][*][*]
  • Senior Staff
  • Wise Warrior
Re: An immense effusion of spambots from the great darkness
Reply #8
Ok, so what's happened here is it's sometimes hard to determine who is real and who is not. Every week we get hundreds of 'potential' accounts, yet they verify as positive for spam. So we delete them. Trouble is there's always a few that get through.

A couple weeks ago I just ran the spam-account-finder tool on all verified users and sure enough a good deal of them came back positive. Which means that at the time, they were good to go, but since then, they have been flagged as spam.

As a rule, we can try email activation. But that increases barrier to entry and some bots might be able to beat that. Especially if the bot software sees that an email invite is basically an open door into the forums.
If you use code to help you code you can use less code to code. Also, I have approximate knowledge of many things.

Sphere-sfml here
Sphere Studio editor here

  • Fat Cerberus
  • [*][*][*][*][*]
  • Global Moderator
  • Sphere Developer
Re: An immense effusion of spambots from the great darkness
Reply #9
Ah, I see.  So even though the accounts were flagged as spam (and thus not "Verified"), it didn't revoke their verified status fully and they could still post?  Sounds like a bug.  As for email verification, I thought we already had that?  I thought I remembered having to verify via email when I created my account in 2013... hm.

But yeah, it's always a game of cat and mouse.  I'm just surprised so many bots are finding the forums lately.  We were practically invisible to search engines from ~2013-2014 (after the crash).  Did minisphere improve our visibility? :)
neoSphere 5.9.2 - neoSphere engine - Cell compiler - SSj debugger
forum thread | on GitHub

Re: An immense effusion of spambots from the great darkness
Reply #10
It could also have to do with having different forum software and forum addresses. We used to get some pretty severe spam on the old forums. Maybe it just took this long for the old spammer's data to expire and to begin collecting new info?

  • Rahkiin
  • [*][*][*]
Re: An immense effusion of spambots from the great darkness
Reply #11
My user is not Verified and I can post just fine... maybe something in the configuration needs to be made more strict?

It might also be a good idea to do patches on the forum? 2.0.11 is out, we use 2.0.6.

  • DaVince
  • [*][*][*][*][*]
  • Administrator
  • Used Sphere for, like, half my life
Re: An immense effusion of spambots from the great darkness
Reply #12
The thing is, there's an "Unverified" and a "Verified" group, and you're in neither. As long as you're not in the Unverified group, you can post. I don't even know why the verified group is there if it's like that... :P But something is definitely wrong because accounts aren't being put in either group.

I put you in the Verified group, by the way. Let me know if weird junk happens. (vincentbeers on GMail if you can't seem to contact me here.)

  • Rahkiin
  • [*][*][*]
Re: An immense effusion of spambots from the great darkness
Reply #13
TEST! :P Well that works.

  • Fat Cerberus
  • [*][*][*][*][*]
  • Global Moderator
  • Sphere Developer
Re: An immense effusion of spambots from the great darkness
Reply #14
I think these spammers have found some sort of exploit to get into the forums or something.  It's weird, when you view Who's Online after a spam attack, it shows the bot account's last action as "Logging into the forum", NOT as "Posting in..." like it does with normal members.  Are they accessing the database directly or something?

edit: Yeah, the spam is getting really bad now.  I can't even keep up with them anymore.  Why isn't there a way to delete all posts by a user?  I ban the accounts (because I've seen them log back in and post again otherwise), but then I have to delete all the spam posts, sometimes two pages' worth, one by one... we really do need a better forum system. :P
  • Last Edit: July 05, 2017, 08:47:54 am by Fat Cerberus
neoSphere 5.9.2 - neoSphere engine - Cell compiler - SSj debugger
forum thread | on GitHub