Spam botnets

Non release banter
User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Spam botnets

Post#1 by brokenman » 11 May 2013, 23:04

We are currently being attacked by spambots on a massive scale. Many sites are so this is nothing new. These attacks come from many countries and are getting smarter and smarter as time passes. I'd like to reach out to the community and ask for advice, suggestions and feedback on what you think the best way to prevent/minimize these attacks is.

They are attacking our registration page and occasionally bypassing all layers of security and registering, then posting spam. With a really smart botnet, there could potentially be a lot of spam posted overnight before an admin can get to remove them. Any suggestions on prevention/cure/minimization?

Is anybody dead against using captcha?
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
francois
Contributor
Contributor
Posts: 6434
Joined: 28 Dec 2010, 14:25
Distribution: xfce plank porteus nemesis
Location: Le printemps, le printemps, le printemps... ... l'hiver s'essoufle.

Re: Spam botnets

Post#2 by francois » 12 May 2013, 01:21

I am still alive using captcha. I have survived. This might be a good method for registration of real users. : 8)
Prendre son temps, profiter de celui qui passe.

sean
Contributor
Contributor
Posts: 166
Joined: 08 Jul 2012, 02:30
Distribution: Porteus v3.0 LXDE i486
Location: South Central PA, USA

Re: Spam botnets

Post#3 by sean » 12 May 2013, 01:28

I'm not opposed to using captcha.

Sean

crashman
Contributor
Contributor
Posts: 118
Joined: 28 Dec 2010, 17:03
Location: Poland

Re: Spam botnets

Post#4 by crashman » 12 May 2013, 06:00

captcha does not prevent intrusion, the spammers for this purpose have a script in php, but if use logical captcha type

"3+6=?" or "or how are is day today ?" is better method.

regards

User avatar
Hamza
Warlord
Warlord
Posts: 1908
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Spam botnets

Post#5 by Hamza » 12 May 2013, 13:03

Please note that the attacks was at a level where the nullroute (drop requests) of whole countries was necessary to stop them. Fortunately, all countries are now able to access porteus.org without restrictions.

Here is a short list of countries used to bounce the attacks:
  1. China
  2. Ukraine
  3. United States
  4. Poland
  5. France
  6. Spain
  7. Canada
Thanks :)
NjVFQzY2Rg==

crashman
Contributor
Contributor
Posts: 118
Joined: 28 Dec 2010, 17:03
Location: Poland

Re: Spam botnets

Post#6 by crashman » 12 May 2013, 16:46

My proposal add logical captcha in a login area, this method is the best in my opinion.

User avatar
francois
Contributor
Contributor
Posts: 6434
Joined: 28 Dec 2010, 14:25
Distribution: xfce plank porteus nemesis
Location: Le printemps, le printemps, le printemps... ... l'hiver s'essoufle.

Re: Spam botnets

Post#7 by francois » 14 May 2013, 00:45

The proposition of crashman seems to be the good one. I think that Tomas uses that procedure. There was a lot of spam on the slax site.
Prendre son temps, profiter de celui qui passe.

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: Spam botnets

Post#8 by brokenman » 14 May 2013, 01:05

I should mention that the present system cross checks IP's signing up against a database of known bots and abusers. If they are on this list they are presented with another layer of security captcha. If not then no captcha is shown. Bots are getting smarter and are now able to bypass or answer many simple captcha techniques.

Personally I'd hate to see the day when the user bears the work of having to prove themselves to be human by answering questions, scanning an eyeball and then dancing the macarena. I've seen captchas that make the user complete a jigsaw puzzle before being able to post a request. I think security should a users experience without hindering it. Having said that i vote for (the expected) captcha for ALL users, with no discrimination. Bot or human, everybody must answer a question. Thoughts?
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
Ahau
King of Docs
King of Docs
Posts: 1331
Joined: 28 Dec 2010, 15:18
Distribution: LXDE & Xfce 32/64-bit
Location: USA

Re: Spam botnets

Post#9 by Ahau » 14 May 2013, 02:18

I vote for the Electric Slide rather than the Macarena. There's nothing resembling a latin beat in these hips, I'm afraid.
Please take a look at our online documentation, here. Suggestions are welcome!

User avatar
Tonio
Contributor
Contributor
Posts: 276
Joined: 28 Dec 2010, 16:37
Distribution: Slackware,porteus,FreeBSD,Slax
Location: 127.0.0.1

Re: Spam botnets

Post#10 by Tonio » 14 May 2013, 12:17

A captcha may be good, but the spam bots have figured things out?
Some transcendental numbers, i.e, pi, e and the euler macheroni constant or the Golden Ratio to a certain decimal place? at random. So having combinations that are hard for the spambots to defeat is what is needed in my opinion, but random numbers are not so random after a while :( Computer algorithms defeat the purpose. Maybe spam removal by regular users to help out? if the spam bots hit the site.

Anyone else propose something else?

User avatar
Hamza
Warlord
Warlord
Posts: 1908
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Spam botnets

Post#11 by Hamza » 14 May 2013, 14:39

Open all doors.
NjVFQzY2Rg==

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: Spam botnets

Post#12 by brokenman » 15 May 2013, 01:15

open all doors
Not such a good idea. Did this once at a party with no authentication at the door ... the house got trashed.
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
Hamza
Warlord
Warlord
Posts: 1908
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Spam botnets

Post#13 by Hamza » 15 May 2013, 05:03

Yes but I didn't says that nothing will be behind the doors.
NjVFQzY2Rg==

User avatar
Blaze
DEV Team
DEV Team
Posts: 3869
Joined: 28 Dec 2010, 11:31
Distribution: ⟰ Porteus current ☯ all DEs ☯
Location: ☭ Russian Federation, Lipetsk region, Dankov
Contact:

Re: Spam botnets

Post#14 by Blaze » 15 May 2013, 17:39

Try to block spam bot via IP on phpbb3
Linux 6.6.11-porteus #1 SMP PREEMPT_DYNAMIC Sun Jan 14 12:07:37 MSK 2024 x86_64 Intel(R) Xeon(R) CPU E3-1270 v6 @ 3.80GHz GenuineIntel GNU/Linux
MS-7A12 » [AMD/ATI] Navi 23 [Radeon RX 6600] [1002:73ff] (rev c7) » Vengeance LPX 16GB DDR4 K2 3200MHz C16

User avatar
Hamza
Warlord
Warlord
Posts: 1908
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Spam botnets

Post#15 by Hamza » 15 May 2013, 17:46

Why wait until they reach phpBB? I'm looking to blocks them at Ethernet port directly :D
NjVFQzY2Rg==

Post Reply