• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

Why do we keep being raided by bots?

Ricky

Ricky

Well-Known Member
This site has a lot of exposure for web crawlers.

It has safeguards for Tor, but I'm not sure what is in place for the internet in general.

IIRC, it was a word guess during registration, IDK if that is sufficient.

My guess would be it's bots with a simple latency, I am 98% sure that is the case.

The other problem is there are no active members with permissions to be able to respond when this happens.
 
Simo

Simo

Professional Watermelon Farmer
Ricky said:
It has safeguards for Tor...
Click to expand...

Huh, but Tor hasn't been a popular comic book hero in ages, as far as I know. Plus, would he want here? Plus, he's on the prehistoric side, I dunno if he'd even know about the inter-webs. I guess it is good to safeguard against him, though, just in case.

tor-1954.jpg
 
Saiko

Saiko

GTWT Survivor
Is thread creation protected by CAPTCHA? If not, spamming the site with threads would be trivial. A single person could automate it with no more than twenty minutes of work.
 
Ricky

Ricky

Well-Known Member
Saiko said:
Is thread creation protected by CAPTCHA? If not, spamming the site with threads would be trivial. A single person could automate it with no more than twenty minutes of work.
Click to expand...

No, I don't think so.

It probably should, and maybe even posts in general up to a certain number of posts, at least.
 
Ricky

Ricky

Well-Known Member
Geeze, MORE??? >.<

Even a simple regexp for thread titles with obfuscated URL's in them, or % characters in that UTF-8 range.

People don't usually post threads in Chinese here.

It looks like most just add whitespace to obfuscate the URL.

I'm not behind the wheel, so I can't look at patterns of IP's, posts, etc. but it all looks like a common source and should be pretty easy remediation.
 
Multoran

Multoran

Active Member
Our lord, Cthulhu, is punishing us for our wicked ways!
We must repent!
Take your children, and your children's children, and slit their throats upon the beaches!
Take your neighbor's children, and have your way with them, spilling your seed into the oceans!
Do this, and Cthulhu shall forgive all your sins and your wicked transgressions!
Repent!
 
ArielMT

ArielMT

'Net Help Desk
Pillownose

Pillownose

New Member
Multoran said:
Our lord, Cthulhu, is punishing us for our wicked ways!
We must repent!
Take your children, and your children's children, and slit their throats upon the beaches!
Take your neighbor's children, and have your way with them, spilling your seed into the oceans!
Do this, and Cthulhu shall forgive all your sins and your wicked transgressions!
Repent!
Click to expand...
will that be enough though?!
 
Saiko

Saiko

GTWT Survivor
Ricky said:
No, I don't think so.

It probably should, and maybe even posts in general up to a certain number of posts, at least.
Click to expand...
Yeah, they're gonna have to add CAPTCHAs and probably timers to thread creation and posting. As is, you could create ten accounts from ten different IPs and then use Selenium or perhaps curl with a spoofed user agent to send out spam. The only things I know of that distinguish the spam accounts from real ones in this scenario would be post content and post frequency. The current protections would be (and have been) completely useless.

I suggest a CAPTCHA for thread creation, a timer for consecutive posting, and a mechanism for flagging accounts which trigger those breaks many times in rapid succession. That flag might also automatically hide the account and all its posts pending moderator review.
 
Azrion/Zhalo

Azrion/Zhalo

The Felynes have arisen!
As it is right now, I'm having to constantly block these shitheads plaguing the forums with their Korean bullshit or whatever it is.
 
Saiko

Saiko

GTWT Survivor
speedactyl said:
I could suggest a bit of modification to the login/signup page but would the members want to take the extra effort to login. I know some forums review register new members.
Click to expand...
The security hole isn't in account creation, though. It's in thread creation. Once you have the confirmation email and browser cookie, the gate's wide open.
 
Ozriel

Ozriel

Inglorious Bastard
speedactyl said:
would captcha work on thread creation?
Click to expand...
Perhaps, but to make it stronger it should be relevant to the site instead of a bunch of jumbled numbers and letters. Bots can and already have figured out to bypass it.
 
Traven V

Traven V

Luna-tic.
It's really no wonder.
 
Sergei Nóhomo

Sergei Nóhomo

Spicey Memes
Banned
Ozriel said:
Guuchi ourses and fake IDs everywhere
account spam everywhere we don't care
'Cause we came to sell so much shit now
No mods gonna ban us now

If you're not ready see our posts
Can I get a lol no
'Cause we gonna post all night
'Till we see the sunlight alright

So la da da di we like to spammy
Gettin' paid less clammies
Doing whatever we can,
This is our job
This is our life
And we can't stop
And we won't stop
Can't you see buy our things
Can't you see it click our links
And we can't stop
And we won't stop
We don't run things, bots run we
Bans don't do nothing for us yeah yeah
Click to expand...

That hurt to read

Azrion/Zhalo said:
Im assuming everybody knows about the bots now, but what is their problem and why are they spamming random shit?
Click to expand...

Popular site and sign up requires no authentication.

Then again authentication is pretty useless since F4L's "authentication" is easily passed by writing generic shit and filling everything else with "In edit"
 
You must log in or register to reply here.
Top