Fogbow is under attack by Russians too also ...

User avatar
boots
Posts: 2755
Joined: Sat May 16, 2015 5:23 pm

Re: Fogbow is under attack by Russians too also ...

#76

Post by boots » Mon May 28, 2018 5:08 pm

webhick wrote:
Sun May 27, 2018 9:51 pm
On Quatloos we use ZBBlock, the SFS plugin, and Google's reCaptcha 2. It cut back a lot on Russian spammers and other unsavory types.
It also blocks all use of vpn services, which is sort of a bummer for the user who wishes to do so.



User avatar
Reality Check
Posts: 14642
Joined: Fri Feb 20, 2009 8:09 pm
Location: USA
Contact:

Re: Fogbow is under attack by Russians too also ...

#77

Post by Reality Check » Mon May 28, 2018 6:07 pm

For the past several months I have noticed an increase in what appear to be bots following my Wordpress.com blog. They are nearly always from the @outlook.com domain. For example, fennellscorinnac@outlook.com just popped up in my inbox. I have seen a discussion on these at the Wordpress support blog but no one has provided a decent answer as to what they hope to accomplish. I just delete the emails. :confused:


"“If you’re not outraged, you’re not paying attention.”

Heather Heyer, November 2016

Danraft
Posts: 331
Joined: Fri Jan 27, 2012 8:45 pm

Re: Fogbow is under attack by Russians too also ...

#78

Post by Danraft » Mon May 28, 2018 6:10 pm

Hmm. Hacker Questions...
"What is the best way to gain access to an account - backdoors, rootkits or trojans?"


"He that never compares his notions with those of others...seldom discovers the objections which may be raised...therefore often thinks himself in possession of truth, when he is only fondling an error long since exploded."
Samuel Johnson 1754

User avatar
webhick
Posts: 10
Joined: Wed Feb 21, 2018 6:57 pm

Re: Fogbow is under attack by Russians too also ...

#79

Post by webhick » Mon May 28, 2018 6:17 pm

boots wrote:
Mon May 28, 2018 5:08 pm
webhick wrote:
Sun May 27, 2018 9:51 pm
On Quatloos we use ZBBlock, the SFS plugin, and Google's reCaptcha 2. It cut back a lot on Russian spammers and other unsavory types.
It also blocks all use of vpn services, which is sort of a bummer for the user who wishes to do so.
Not all, just problematic ones (or IP blocks, I can't remember)...which happen to be a lot of VPNs.



User avatar
boots
Posts: 2755
Joined: Sat May 16, 2015 5:23 pm

Re: Fogbow is under attack by Russians too also ...

#80

Post by boots » Mon May 28, 2018 8:55 pm

webhick wrote:
Mon May 28, 2018 6:17 pm
boots wrote:
Mon May 28, 2018 5:08 pm
webhick wrote:
Sun May 27, 2018 9:51 pm
On Quatloos we use ZBBlock, the SFS plugin, and Google's reCaptcha 2. It cut back a lot on Russian spammers and other unsavory types.
It also blocks all use of vpn services, which is sort of a bummer for the user who wishes to do so.
Not all, just problematic ones (or IP blocks, I can't remember)...which happen to be a lot of VPNs.
I've had problems accessing Q with two different very well known vpn services...As I have been the victim of hacking I don't do anything on line without using a vpn.



User avatar
webhick
Posts: 10
Joined: Wed Feb 21, 2018 6:57 pm

Re: Fogbow is under attack by Russians too also ...

#81

Post by webhick » Mon May 28, 2018 9:53 pm

boots wrote:
Mon May 28, 2018 8:55 pm
webhick wrote:
Mon May 28, 2018 6:17 pm
boots wrote:
Mon May 28, 2018 5:08 pm


It also blocks all use of vpn services, which is sort of a bummer for the user who wishes to do so.
Not all, just problematic ones (or IP blocks, I can't remember)...which happen to be a lot of VPNs.
I've had problems accessing Q with two different very well known vpn services...As I have been the victim of hacking I don't do anything on line without using a vpn.
Well-known VPN services are not immune from abuse. Bad behavior can get a service or IP block crappy ratings on Google Malware Dashboard, CleanTalk.org and Stop Forum Spam. Crappy ratings get you blacklisted by things like ZBBlock and SFS. I've seen IP blocks get removed from the signature file for ZBBlock, so if they've curbed the abuse they can get un-blacklisted...gray-listed...whited out? I don't know. I've seen blocks disappear from the signature files, though.

Q has been hacked a few times in the past, but we've been hack-free since ZBBlock. The server also runs faster because it blocks malicious behavior before it slows down our server. Malicious behavior from things like Ahrefs or baidu bots, who unleash an army of screen-scrapers four hundred times an hour. If hackers and d***faces would ever-so-politely put down their sawed-offs, I wouldn't have to castrate people at the door.

Even if FogBow implemented just the Stop Forum Spam plugin and Google reCaptcha 2, that should help.



User avatar
Dr. Blue
Posts: 854
Joined: Sat Jan 07, 2012 10:01 am
Occupation: Call the doctor!

Re: Fogbow is under attack by Russians too also ...

#82

Post by Dr. Blue » Tue May 29, 2018 8:36 am

Suranis wrote:
Mon May 28, 2018 12:52 pm
Hmm, what Altitude do Sparrows fly...
Would that be an African sparrow or a European sparrow?



User avatar
Tiredretiredlawyer
Posts: 6297
Joined: Tue May 10, 2016 2:56 pm
Location: Animal Planet
Occupation: Permanent probationary slave to 2 dogs, 1 cat, and 1 horse

Re: Fogbow is under attack by Russians too also ...

#83

Post by Tiredretiredlawyer » Tue May 29, 2018 8:52 am

Dr. Blue wrote:
Tue May 29, 2018 8:36 am
Suranis wrote:
Mon May 28, 2018 12:52 pm
Hmm, what Altitude do Sparrows fly...
Would that be an African sparrow or a European sparrow?
With or without coconuts?


"The people must know before they can act, and there is no educator to compare with the press." - Ida B. Wells-Barnett, journalist, newspaper editor, suffragist, feminist and founder with others of NAACP.

User avatar
Foggy
Posts: 25766
Joined: Tue Jan 20, 2009 12:00 pm
Location: Fogbow HQ
Occupation: Dick Tater

Re: Fogbow is under attack by Russians too also ...

#84

Post by Foggy » Tue May 29, 2018 9:10 am



... and how does that make you feel?
What is it you are trying to say?
:think:

User avatar
RoadScholar
Posts: 6722
Joined: Wed Jan 26, 2011 10:25 am
Location: Baltimore
Occupation: Historic Restoration Woodworker
Contact:

Re: Fogbow is under attack by Russians too also ...

#85

Post by RoadScholar » Tue May 29, 2018 9:15 am

"Threads?" Is that hip slang for your cat costume? 8-)

Sorry.


The bitterest truth is healthier than the sweetest lie.
X3

User avatar
Foggy
Posts: 25766
Joined: Tue Jan 20, 2009 12:00 pm
Location: Fogbow HQ
Occupation: Dick Tater

Re: Fogbow is under attack by Russians too also ...

#86

Post by Foggy » Tue May 29, 2018 9:20 am

.

Image


... and how does that make you feel?
What is it you are trying to say?
:think:

User avatar
JohnPCapitalist
Posts: 1095
Joined: Tue Feb 16, 2016 10:29 pm
Location: Wall Street
Occupation: Investment management in the financial industry. Deep knowledge of stocks, tech and economics.

Re: Fogbow is under attack by Russians too also ...

#87

Post by JohnPCapitalist » Tue May 29, 2018 9:21 am

Foggy wrote:
Sun Feb 18, 2018 5:47 am
... in that there has been a noticeable uptick in registered users, active and inactive, using Russian email addresses.

Usually there are 5 to 15 inactive users who register each week. This week there were more than 120. In a week. :shock:

Now, the reason they're inactive is that -- as each of you personally experienced -- when you register here, the board sends you an activation email and you have to click a link in that email to activate your membership. But if you register using a fake email address, then -- this is not rocket surgery -- the board is going to send the activation link to the fake email address, which makes it difficult to activate your membership. Otherwise we'd have 120+ new members this week, all of them Russians.
I missed this thread when it was new a couple months ago so this response to the initial post is less than timely. Around the same time, I saw a similar massive uptick in Russian registrations to my WordPress site (http://www.reasoned.life, if any of you are interested in long-form research on Scientology and other cults), all using Russian characters, all using fake e-mail addresses and all with unconfirmed e-mails as you suggest.

Given the need for confirmation e-mails that inherently stops them from becoming members of the board, I can't understand why they would attempt this sort of hack. In WordPress, the subscriber mailing list is not publicly visible at any time, so it's not clear why they would engage in this hack. It's easily deleted, as I could sort by subscriber name. Russian characters sort to the bottom, so it was the work of a few seconds to select all of them and nuke them.

But it appears that PHP BB software does publish a subscriber list. Is it possible that they're doing this at TheFogbow in some sort of attempt to get names-as-links published in search engine rankings and boost the search ranking of the site they're trying to push via information in the profile?

In my case, the attacks got steadily more frequent for about 2 months, with a couple dozen bogus subscribers per day, until they finally just stopped entirely. Not sure if that was due to the subscription plug-in maker adding spam filtering capability of some sort (they don't document it) or that the spammers just gave up.



User avatar
boots
Posts: 2755
Joined: Sat May 16, 2015 5:23 pm

Re: Fogbow is under attack by Russians too also ...

#88

Post by boots » Tue May 29, 2018 2:49 pm

webhick wrote:
Mon May 28, 2018 9:53 pm

Well-known VPN services are not immune from abuse. Bad behavior can get a service or IP block crappy ratings on Google Malware Dashboard, CleanTalk.org and Stop Forum Spam. Crappy ratings get you blacklisted by things like ZBBlock and SFS. I've seen IP blocks get removed from the signature file for ZBBlock, so if they've curbed the abuse they can get un-blacklisted...gray-listed...whited out? I don't know. I've seen blocks disappear from the signature files, though.

Q has been hacked a few times in the past, but we've been hack-free since ZBBlock. The server also runs faster because it blocks malicious behavior before it slows down our server. Malicious behavior from things like Ahrefs or baidu bots, who unleash an army of screen-scrapers four hundred times an hour. If hackers and d***faces would ever-so-politely put down their sawed-offs, I wouldn't have to castrate people at the door.

Even if FogBow implemented just the Stop Forum Spam plugin and Google reCaptcha 2, that should help.

Ah thanks, sorry for thread jack...



User avatar
webhick
Posts: 10
Joined: Wed Feb 21, 2018 6:57 pm

Re: Fogbow is under attack by Russians too also ...

#89

Post by webhick » Sun Jun 03, 2018 11:30 am

JohnPCapitalist wrote:
Tue May 29, 2018 9:21 am
Given the need for confirmation e-mails that inherently stops them from becoming members of the board, I can't understand why they would attempt this sort of hack. In WordPress, the subscriber mailing list is not publicly visible at any time, so it's not clear why they would engage in this hack. It's easily deleted, as I could sort by subscriber name. Russian characters sort to the bottom, so it was the work of a few seconds to select all of them and nuke them.
They're harvesting data. Namely, the email you used for your WP administration, the permissions that a new subscriber has, whether subscribers can post comments, your WP version, etc.

Also, these guys do respond to the confirmation emails. But here's the trick. If they immediately spammed after registering their address would get blacklisted at SFS which would make their address unusable for future registrations. So, to get more mileage out of the address, they do a bunch of registrations and then let the accounts sit for a few days/weeks. Their first few posts might be relatively innocuous. They'll come back later and edit the posts or change their signatures when no one is paying attention to them anymore.



User avatar
JohnPCapitalist
Posts: 1095
Joined: Tue Feb 16, 2016 10:29 pm
Location: Wall Street
Occupation: Investment management in the financial industry. Deep knowledge of stocks, tech and economics.

Re: Fogbow is under attack by Russians too also ...

#90

Post by JohnPCapitalist » Sun Jun 03, 2018 11:53 am

webhick wrote:
Sun Jun 03, 2018 11:30 am
JohnPCapitalist wrote:
Tue May 29, 2018 9:21 am
Given the need for confirmation e-mails that inherently stops them from becoming members of the board, I can't understand why they would attempt this sort of hack. In WordPress, the subscriber mailing list is not publicly visible at any time, so it's not clear why they would engage in this hack. It's easily deleted, as I could sort by subscriber name. Russian characters sort to the bottom, so it was the work of a few seconds to select all of them and nuke them.
They're harvesting data. Namely, the email you used for your WP administration, the permissions that a new subscriber has, whether subscribers can post comments, your WP version, etc.

Also, these guys do respond to the confirmation emails. But here's the trick. If they immediately spammed after registering their address would get blacklisted at SFS which would make their address unusable for future registrations. So, to get more mileage out of the address, they do a bunch of registrations and then let the accounts sit for a few days/weeks. Their first few posts might be relatively innocuous. They'll come back later and edit the posts or change their signatures when no one is paying attention to them anymore.
Thanks for the explanation, but fortunately, it's not relevant in my case. I use Disqus as the comment engine on my WP comment site, which is different from the WP standard comment engine. It's heavily Ajax-driven so it's very hard to spam mechanically unlike the generic WordPress engine.

All they get for registering is inclusion on my subscriber e-mail list, and I delete them immediately. If they make a comment, it gets immediately deleted via the Akismet spam assassin plug-in and is never seen because Disqus overrides it anyway. So it's completely futile. This architecture is not 99.999% effective at preventing bogus comments, but 100.00% effective, a big difference qualitatively.



User avatar
Sam the Centipede
Posts: 5698
Joined: Thu Aug 30, 2012 3:25 pm

Re: Fogbow is under attack by Russians too also ...

#91

Post by Sam the Centipede » Sun Jun 03, 2018 2:21 pm

JohnPCapitalist wrote:
Sun Jun 03, 2018 11:53 am
:snippity: This architecture is not 99.999% effective at preventing bogus comments, but 100.00% effective, a big difference qualitatively.
Oh. So I shouldn't go to your site to find out how I can earn $$$$$ from home for only two hour's work a week, nor to get recommendations for how to lose weight or to hide my wrinkles? That's a disappointment. :(



User avatar
JohnPCapitalist
Posts: 1095
Joined: Tue Feb 16, 2016 10:29 pm
Location: Wall Street
Occupation: Investment management in the financial industry. Deep knowledge of stocks, tech and economics.

Re: Fogbow is under attack by Russians too also ...

#92

Post by JohnPCapitalist » Sun Jun 03, 2018 2:34 pm

Sam the Centipede wrote:
Sun Jun 03, 2018 2:21 pm
JohnPCapitalist wrote:
Sun Jun 03, 2018 11:53 am
:snippity: This architecture is not 99.999% effective at preventing bogus comments, but 100.00% effective, a big difference qualitatively.
Oh. So I shouldn't go to your site to find out how I can earn $$$$$ from home for only two hour's work a week, nor to get recommendations for how to lose weight or to hide my wrinkles? That's a disappointment. :(
I can't claim it's 100% effective because of anything I am selling. If I were a super-slick internet salesman, I wouldn't be hanging out here. I'd be out hawking my miracle cure for spam to poots so I could retire in a motorhome like the one Randy Beane almost stole.

It's simply an artifact of the comment system I used, which the spammers aren't sophisticated enough to detect and adapt to. Their attempted spam goes into the spam filter for regular comments, which has an abundant crowdsourced data set and makes it all go away. But it never would be seen even if the spam filter failed to get it because the comment section is powered by a third-party service, not core WordPress.

I mentioned what I did out of sheer astonishment at how easy it's been to have a spam-free blog. I can't take credit for any of it. In 4 years, I only had the one wave of Russian spammers, and all I had to do was delete them from the subscriber list. I never had to chase down spammed posts to delete them manually.



Post Reply

Return to “Announcements”