GPUGRID CAFE forum

Message boards : Server and website : GPUGRID CAFE forum - Spammer

Author	Message
K1atOdessa Send message Joined: 25 Feb 08 Posts: 249 Credit: 422,195,700 RAC: 994,574 Level Scientific publications	Message 14364 - Posted: 26 Jan 2010 \| 18:30:17 UTC
	Looks like a spammer is hitting the GPUGRID CAFE Forum.
	ID: 14364 \| Rating: 0 \| rate: / Reply Quote

Krunchin-Keith [USA] Send message Joined: 17 May 07 Posts: 512 Credit: 111,288,061 RAC: 0 Level Scientific publications	Message 14404 - Posted: 27 Jan 2010 \| 12:46:26 UTC
	Yes, this was reported to me by another user. I have hidden all the posts, wasting 24 minutes of my time, and reported this to GDF to banish them and take additional measures to stop this.
	ID: 14404 \| Rating: 0 \| rate: / Reply Quote

Richard Haselgrove Send message Joined: 11 Jul 09 Posts: 1626 Credit: 9,376,466,723 RAC: 19,051,824 Level Scientific publications	Message 14449 - Posted: 27 Jan 2010 \| 22:30:32 UTC
	I think the latest batch calls for IP blocking at the very least. Even if the message database is scrubbed clean, all those random user accounts are going to be hanging around for years, clogging up the database.
	ID: 14449 \| Rating: 0 \| rate: / Reply Quote

Krunchin-Keith [USA] Send message Joined: 17 May 07 Posts: 512 Credit: 111,288,061 RAC: 0 Level Scientific publications	Message 14469 - Posted: 27 Jan 2010 \| 22:53:01 UTC - in response to Message 14449.
	I think the latest batch calls for IP blocking at the very least. Even if the message database is scrubbed clean, all those random user accounts are going to be hanging around for years, clogging up the database. Unfortunately that often has little effect. Spammers change ips as often as they post. They often too create virus type robots, the posts can be comming from someone's or more infected computers. If you block the ip, you could be blocking a legitimit user, that doesn't know they are infected of course. I've reported it, and GDF was slow to get back to me, I don't think he took any steps yet as the spamming continues and now in a mass amount, and now the spammer(s) are posting every few seconds. I can't hide the posts that fast. I'll leave it up to GDF to clean up now and take measures to stop this. Another thing too, if you block posting, like making a minimum of 1 credit, the spammers robots still create accounts. This attack is on a lot of boinc projects. There was a problem at MAlariaContol.net also. Something needs to be done to block registration, but then how do legitimate users get in ?
	ID: 14469 \| Rating: 0 \| rate: / Reply Quote

skgiven Volunteer moderator Volunteer tester Send message Joined: 23 Apr 09 Posts: 3968 Credit: 1,995,359,260 RAC: 0 Level Scientific publications	Message 14520 - Posted: 27 Jan 2010 \| 23:52:47 UTC - in response to Message 14469. Last modified: 27 Jan 2010 \| 23:54:02 UTC
	The way forward is to use word recognition when registering. This stops the bots. An IP block list could also be used on the front end server. Perhaps new users could be initially limited to a newbie help thread, and then allowed access to the other threads when they completed one task.
	ID: 14520 \| Rating: 0 \| rate: / Reply Quote

GDF Volunteer moderator Project administrator Project developer Project tester Volunteer developer Volunteer tester Project scientist Send message Joined: 14 Mar 07 Posts: 1957 Credit: 629,356 RAC: 0 Level Scientific publications	Message 14521 - Posted: 27 Jan 2010 \| 23:54:14 UTC - in response to Message 14520.
	I disabled account creation for now. gdf
	ID: 14521 \| Rating: 0 \| rate: / Reply Quote

MarkJ Volunteer moderator Volunteer tester Send message Joined: 24 Dec 08 Posts: 738 Credit: 200,909,904 RAC: 0 Level Scientific publications	Message 14590 - Posted: 29 Jan 2010 \| 7:48:45 UTC Last modified: 29 Jan 2010 \| 8:18:14 UTC
	I've knocked off a bunch more in the Cafe, but the accounts need to get deleted or blocked. Despite account creation being off he/it is still posting. Probably created a whole batch of accounts first and is now posting under each one. Might need to get a dump of all the aocounts created in the last couple of days and if they have no computers listed delete or block them. @ GDF, do you allow account creation from the web site, or can they only create an account through boinc? If both ways you may want to restrict account creation to only be available through boinc. ____________ BOINC blog
	ID: 14590 \| Rating: 0 \| rate: / Reply Quote

MarkJ Volunteer moderator Volunteer tester Send message Joined: 24 Dec 08 Posts: 738 Credit: 200,909,904 RAC: 0 Level Scientific publications	Message 14656 - Posted: 29 Jan 2010 \| 10:43:04 UTC - in response to Message 14521.
	I disabled account creation for now. gdf I'm seeing accounts created on the 29th, so it looks like he/it can still create them. ____________ BOINC blog
	ID: 14656 \| Rating: 0 \| rate: / Reply Quote

Toni Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 9 Dec 08 Posts: 1006 Credit: 5,068,599 RAC: 0 Level Scientific publications	Message 14659 - Posted: 29 Jan 2010 \| 12:00:16 UTC - in response to Message 14656. Last modified: 29 Jan 2010 \| 12:02:53 UTC
	The recaptcha implementation in BOINC currently only protect profiles, not account creation (?). We are trying the akismet system. Luckily added records in the users table don't cause too much of a performance problem - the DB is accustomed to far higher loads :-) Edit: thanks, KK, for the time of cleaning them up.
	ID: 14659 \| Rating: 0 \| rate: / Reply Quote

Krunchin-Keith [USA] Send message Joined: 17 May 07 Posts: 512 Credit: 111,288,061 RAC: 0 Level Scientific publications	Message 14660 - Posted: 29 Jan 2010 \| 12:10:49 UTC
	How was account creation disabled ? I logged out, then whet to log in page. When I click on create an account I get a page not found ? But all that does is hide that page. If the spammer is using a robot, it is sending the result of that page as a submit which your server is still processing, so yes they are still creating accounts. I would suggest adding the captcha method of verification to create an account. Ya know those distorted letter words. See http://en.wikipedia.org/wiki/CAPTCHA Instructions for that had been included somewhere in boinc or the boinc wiki I think. maybe here http://boinc.berkeley.edu/trac/wiki/ProtectionFromSpam Another simple trick would be to turn on the invitation code. Then post the invitation code in the instructions on the front page under, to create an account use invatation code 'GPUgrid' or something like that. I did this on my team's message board. It had the simple scrambled word graphic. This the robots could decode. So I made the word to be entered something different from what was displayed and posted it in plain text instruction under the entry box. This let humans in that could read but kept robots out because the robots were programmed to unscramle the word in the graphic and entered the word displayed next to the invitation code. A few humans could not get in because they too did not read and just automatically entered the word in the graphic, how programmed do we humans become. If you got the word wrong, I did a halt and this stopped 99% of the spammers from ever getting in.
	ID: 14660 \| Rating: 0 \| rate: / Reply Quote

Toni Volunteer moderator Project administrator Project developer Project tester Project scientist Send message Joined: 9 Dec 08 Posts: 1006 Credit: 5,068,599 RAC: 0 Level Scientific publications	Message 14788 - Posted: 29 Jan 2010 \| 14:08:25 UTC - in response to Message 14660.
	We enabled BOINC's implementation of recaptcha and akismet. Let us know if you have problems.
	ID: 14788 \| Rating: 0 \| rate: / Reply Quote

Post to thread

Message boards : Server and website : GPUGRID CAFE forum - Spammer

	About	Science	Volunteers	Performance	Forum	Join us	Donate