PDA

View Full Version : 2008-10-20: Serious Spammer / DOS activity



infoxicated
20th October 2008, 10:55 PM
In the last few days the WipEoutZone server has been hit like a trampolinist with narcolepsy would hit the ground - hard and often. :blarg

What we've done to deserve this, I don't know, but I've had to disable searching for non-members and for members awaiting account activation, put in a minimum of 30 seconds between searching, and ramp up the human image verification for new registrations. Until they lose interest and pick on someone else we're also having to ban certain IP addresses at the server level.

Hasn't made a lot of difference to the load the server is being put under right now, though, with spammers hitting the search reqest page like the fist of an angry god. What they're searching for, it's not clear. Probably not inner happiness or a way to get rich via the stock market.

So, if this place is down more often than the kind of date who puts Rohypnol in their own drink, the above is the reason why.

Darkdrium777
20th October 2008, 11:01 PM
ROFL. I can't believe there is someone pathetic enough to do a DOS attack on WipeoutZone.

Seriously, get a life. :-


Do you know if you can fix this permanently Rob?

infoxicated
20th October 2008, 11:08 PM
Dont know - we're just going to keep trying different stuff.

There are over 20 sites that share the server with WipEoutZone - some of them *gasp* are more important than this place, so if we cant bring it under control soon we might need to take some extreme measures.

All those mental usernames you tend to see popping up in the new member thing in the footer are spammers. They put accounts together with usernames and email addresses containing words that would only make sense in the ****ing LOLCATS version of Scrabble.

I manually check then delete or activate every account, so the more they hit us the longer it takes for legitimate user accounts to get activated. Sucks big time. :|

eLhabib
20th October 2008, 11:51 PM
Jeez, do you just come up with all those metaphors or do you have a book with 'cool stuff to say in every situation life may throw at you' ;) I was laughing uncontrollably, anyway :D

_glitch_
21st October 2008, 01:08 AM
Ahhh! That's why it took so long for me to get re-activated when I changed my email address.


hit like a trampolinist with narcolepsy would hit the ground - hard and often

I plan to use this quote as often as possible. ;D

_glitch_

Lance
21st October 2008, 02:43 AM
Rob, I hope you hit the guy from Korea who was hitting us so hard today. His IP range was only a 256 bit block.

Most of these worthless execrable rapist sodomites are trying to read the memberslist as soon as they come on; they're looking for our email addresses so they can be used either directly to send you spam, or indirectly so they can infect your email accounts and use them as zombies in a bot network to send spam to other people.

In your profiles, select the option to HIDE YOUR EMAIL ADDRESS. That way the only people who can see it without compromising the php or sql would be our admin and our mods.

Harvai
21st October 2008, 04:46 AM
****, good idea Lance. Doing this now

mdhay
21st October 2008, 02:34 PM
Do you think it could be anything to do with that advertise for $30 mail, Rob?

infoxicated
21st October 2008, 03:32 PM
Definitely not.


Jeez, do you just come up with all those metaphors or do you have a book with 'cool stuff to say in every situation life may throw at you' ;) I was laughing uncontrollably, anyway :D
I'm a big fan of metaphors and analogies, so I tend to put a bit of time into coming up with entertaining ones when I feel they'd be appropriate. :)

Mad-Ice
21st October 2008, 06:21 PM
Very appropriate! :lol You are a funny guy. I hope you will get these spammers very quickly.

Rapier Racer
22nd October 2008, 10:09 PM
Dirty bastards :evil Deserves castration!

It's a shame foxys book of 'cool stuff to say in every situation life may throw at you' doesn't exist, I'd buy it lol

Worlock
22nd October 2008, 10:28 PM
Hi. I'm new here, but I've been adminning VB3 boards since the original version of VB, and I've been using the "ask a question" method with the most success. There's zero chance a bot is going to get it right, and that way you don't have to spend any time validating any more.

The biggest problem with this method is usually coming up with a question any legitimate visitor would know, but with the specialized nature of this board, it should be easy, and the question can have multiple answers. Something like "Name a Wipeout team from any of the games". There's no way anyone who's ever played any Wipeout game wouldn't remember at least one.

Just a suggestion. I was using CAPTCHA on my board until a few weeks ago, when they suddenly started to get through in huge numbers. I changed to this and haven't had one since (just hundreds of failed attempts daily :) )

infoxicated
22nd October 2008, 10:55 PM
Brilliant idea - I'll try that out. :+

eLhabib
23rd October 2008, 12:44 PM
Nice one! The easiest solutions nobody thinks of are always the best ;)

Asayyeah
23rd October 2008, 03:12 PM
Congrats & welcome aboard Worlock for a 1st post it's truly a great one ! nice contribution : that's gonna made Foxxy more relax :clap

swift killer
23rd October 2008, 08:29 PM
They put accounts together with usernames and email addresses containing words that would only make sense in the ****ing LOLCATS version of Scrabble.

ROFL, Rob, my god you are on form!

Worlock
23rd October 2008, 09:57 PM
Well, there's nothing I hate more on the internet than spam bots, so all attempts to defeat them everywhere are my concern :) I should add that you can also use this method on the search pages, so that guests can still search, but have to answer the question to submit the search.

On the Wipeout front, I played the original and XL religiously, then basically skipped 10 years of console gaming,until my brother told me he just downloaded Wipeout HD on his PS3. I've basically played it every free day with him since, although I still miss some of the feel from XL.

infoxicated
24th October 2008, 12:39 PM
Heh! Dont we all. ;)

I've thought about using the Q&A method before, but just never got round to trying it. Plus I didn't know that you could have a range of answers, so armed with that knowledge I'll try and set it up as soon as I have a free window to tinker with it.

Lance
24th October 2008, 06:48 PM
I'd noticed a moderate slacking-off in the numbers of spambot registrations in the last 36 hours or so, and wondered if you'd already instituted some change, but noticed that some following the usual pattern were still getting through, so I guess it was just down to random luck.

My personal email, on the other hand, has seen about triple the spam in the last 3 or 4 days. arrgh I want to destroy the botnetmasters' computers.

infoxicated
25th October 2008, 10:23 AM
I think banning one of the main ones at IP level on the server itself and barring gmail.com addresses has helped. The gmail.com barring wasn't working for the first 48 hours I had it in the filter, though, because I'd missed out the trailing m in my haste.