• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

Why do we keep being raided by bots?

Ricky

Well-Known Member
This site has a lot of exposure for web crawlers.

It has safeguards for Tor, but I'm not sure what is in place for the internet in general.

IIRC, it was a word guess during registration, IDK if that is sufficient.

My guess would be it's bots with a simple latency, I am 98% sure that is the case.

The other problem is there are no active members with permissions to be able to respond when this happens.
 

Simo

Professional Watermelon Farmer
It has safeguards for Tor...

Huh, but Tor hasn't been a popular comic book hero in ages, as far as I know. Plus, would he want here? Plus, he's on the prehistoric side, I dunno if he'd even know about the inter-webs. I guess it is good to safeguard against him, though, just in case.

tor-1954.jpg
 

Saiko

GTWT Survivor
Is thread creation protected by CAPTCHA? If not, spamming the site with threads would be trivial. A single person could automate it with no more than twenty minutes of work.
 

Ricky

Well-Known Member
Is thread creation protected by CAPTCHA? If not, spamming the site with threads would be trivial. A single person could automate it with no more than twenty minutes of work.

No, I don't think so.

It probably should, and maybe even posts in general up to a certain number of posts, at least.
 

Ricky

Well-Known Member
Geeze, MORE??? >.<

Even a simple regexp for thread titles with obfuscated URL's in them, or % characters in that UTF-8 range.

People don't usually post threads in Chinese here.

It looks like most just add whitespace to obfuscate the URL.

I'm not behind the wheel, so I can't look at patterns of IP's, posts, etc. but it all looks like a common source and should be pretty easy remediation.
 

Multoran

Active Member
Our lord, Cthulhu, is punishing us for our wicked ways!
We must repent!
Take your children, and your children's children, and slit their throats upon the beaches!
Take your neighbor's children, and have your way with them, spilling your seed into the oceans!
Do this, and Cthulhu shall forgive all your sins and your wicked transgressions!
Repent!
 

ArielMT

'Net Help Desk

Pillownose

New Member
Our lord, Cthulhu, is punishing us for our wicked ways!
We must repent!
Take your children, and your children's children, and slit their throats upon the beaches!
Take your neighbor's children, and have your way with them, spilling your seed into the oceans!
Do this, and Cthulhu shall forgive all your sins and your wicked transgressions!
Repent!
will that be enough though?!
 

Saiko

GTWT Survivor
No, I don't think so.

It probably should, and maybe even posts in general up to a certain number of posts, at least.
Yeah, they're gonna have to add CAPTCHAs and probably timers to thread creation and posting. As is, you could create ten accounts from ten different IPs and then use Selenium or perhaps curl with a spoofed user agent to send out spam. The only things I know of that distinguish the spam accounts from real ones in this scenario would be post content and post frequency. The current protections would be (and have been) completely useless.

I suggest a CAPTCHA for thread creation, a timer for consecutive posting, and a mechanism for flagging accounts which trigger those breaks many times in rapid succession. That flag might also automatically hide the account and all its posts pending moderator review.
 

Azrion/Zhalo

The Felynes have arisen!
As it is right now, I'm having to constantly block these shitheads plaguing the forums with their Korean bullshit or whatever it is.
 

Saiko

GTWT Survivor
I could suggest a bit of modification to the login/signup page but would the members want to take the extra effort to login. I know some forums review register new members.
The security hole isn't in account creation, though. It's in thread creation. Once you have the confirmation email and browser cookie, the gate's wide open.
 

Ozriel

Inglorious Bastard
would captcha work on thread creation?
Perhaps, but to make it stronger it should be relevant to the site instead of a bunch of jumbled numbers and letters. Bots can and already have figured out to bypass it.
 

Traven V

Luna-tic.
It's really no wonder.
 

Sergei Nóhomo

Spicey Memes
Banned
Guuchi ourses and fake IDs everywhere
account spam everywhere we don't care
'Cause we came to sell so much shit now
No mods gonna ban us now

If you're not ready see our posts
Can I get a lol no
'Cause we gonna post all night
'Till we see the sunlight alright

So la da da di we like to spammy
Gettin' paid less clammies
Doing whatever we can,
This is our job
This is our life
And we can't stop
And we won't stop
Can't you see buy our things
Can't you see it click our links
And we can't stop
And we won't stop
We don't run things, bots run we
Bans don't do nothing for us yeah yeah

That hurt to read

Im assuming everybody knows about the bots now, but what is their problem and why are they spamming random shit?

Popular site and sign up requires no authentication.

Then again authentication is pretty useless since F4L's "authentication" is easily passed by writing generic shit and filling everything else with "In edit"
 
Top