Author Topic: The bot invasion  (Read 16292 times)

0 Members and 1 Guest are viewing this topic.

Time to power-up the photon beam cannons.  :)
That's cool and ....disturbing at the same time o_o  - Vasudan Admiral

"Don't play games with me. You just killed someone I like, that is not a safe place to stand. I'm the Doctor. And you're in the biggest library in the universe. Look me up."

"Quick everyone out of the universe now!"

 

Offline Galemp

  • Actual father of Samus
  • 212
  • Ask me about GORT!
    • Steam
    • User page on the FreeSpace Wiki
Hm. Just had another few reported posts in the past couple days, after a loooooong dry spell.

Maybe this is something we should start taking seriously.
"Anyone can do any amount of work, provided it isn't the work he's supposed to be doing at that moment." -- Robert Benchley

Members I've personally met: RedStreblo, Goober5000, Sandwich, Splinter, Su-tehp, Hippo, CP5670, Terran Emperor, Karajorma, Dekker, McCall, Admiral Wolf, mxlm, RedSniper, Stealth, Black Wolf...

 

Offline Fury

  • The Curmudgeon
  • 213
:sigh:

I need to do something about this, don't I? :(

 

Offline Goober5000

  • HLP Loremaster
  • 214
    • Goober5000 Productions
:shaking: It's far worse than we thought. :shaking:

Take a look at the last several pages of new members, sorted by member ID.  We are absolutely infested with spam accounts.  They don't even have to post... they can ply their devious trade simply by putting links in their signatures!

I have temporarily disabled new member registration while we discuss what to do.  I went and ban-deleted the most recent two dozen accounts with links in their signatures, but that only accounted for two days.  I have no idea how long they've been getting under the radar.

I suggest a multi-pronged approach to this new outbreak:
1) Run a database query that blanks all signatures for members with a postcount less than X (where X is to be determined, but probably not more than 5).
2) Run a database query that deletes all unactivated members, or members with 0 posts who haven't visited in X days (where X is, let's say, 30).
3) Manually review the username list for the past 30 days (from step 2) and delete all unactivated members, or members with 0 posts, who have ridiculous user info (e.g. a name like "whid0ds9w" and an email like "[email protected]").

 

Offline Fury

  • The Curmudgeon
  • 213
or members with 0 posts who haven't visited in X days (where X is, let's say, 30).
Not doable thanks to our General Discussion board, which does not count posts.

 

Offline Goober5000

  • HLP Loremaster
  • 214
    • Goober5000 Productions
The database is capable of distinguishing people with a postcount of 0 from people who have posted 0 times.

 

Offline Fury

  • The Curmudgeon
  • 213
That's good then.

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
I have temporarily disabled new member registration while we discuss what to do.  I went and ban-deleted the most recent two dozen accounts with links in their signatures, but that only accounted for two days.  I have no idea how long they've been getting under the radar.

Unless we're doing something immediately I'd rather you didn't do that. Better to let bots register and delete them than to prevent legitimate users from joining. Close registration only if we're going to have something in place by tomorrow or the day after.

I did look into preventing the X^0 group from having signatures but as far as I can see, you can't do that with SMF (You can with VB but there were other issues there).
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline Goober5000

  • HLP Loremaster
  • 214
    • Goober5000 Productions
Until we solve the problem I'm not keen on keeping registration open while it has this big gaping security hole.  It may take us until the weekend to run the SMF upgrade, and in that time we may end up with another 200 bots to delete. :(

I'll reactivate registration if Fury or another admin concurs, but I think the risks outweigh the benefits at this time.  There was something like a 50-1 ratio of bots to legitimate registrations.

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
I'd just rather not be turning away legitimate users. It's not going to be that hard to clean up the database surely?


Or is SMF super crappy in this respect too? :rolleyes:
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline Goober5000

  • HLP Loremaster
  • 214
    • Goober5000 Productions
I'd just rather not be turning away legitimate users. It's not going to be that hard to clean up the database surely?
See for yourself.  Sort the members by join date, then read all the usernames from the second page onward.


Quote
Or is SMF super crappy in this respect too? :rolleyes:
No, it's pretty easy to delete a member.  The problem is, it requires several clicks, and you can't batch-delete a bunch of users.  In the same way, banning also requires several clicks and can't be batched.  Multiply these tasks by several scores of users and it gets very frustrating very quickly.


EDIT: As for cleaning up the database itself, that would actually be quite a bit easier, yeah.  It would take a bit of thought, but it would not be tedious at all to execute the SQL queries I described in my earlier post.

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
That's what I meant by super crappy. VB allows batch operations of this type IIRC. The problems I had with GW are due to the weird way it was set up.

I think we might as well delete anyone who hasn't activated their account (except those from the last 7 days) cause we have a pretty stupid number of those.
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline Goober5000

  • HLP Loremaster
  • 214
    • Goober5000 Productions
All right, I'll have to take care of those tomorrow.  It's 4 am here...

 

Offline karajorma

  • King Louie - Jungle VIP
  • Administrator
  • 214
    • Karajorma's Freespace FAQ
I can do that much myself at least.
Karajorma's Freespace FAQ. It's almost like asking me yourself.

[ Diaspora ] - [ Seeds Of Rebellion ] - [ Mind Games ]

 

Offline Galemp

  • Actual father of Samus
  • 212
  • Ask me about GORT!
    • Steam
    • User page on the FreeSpace Wiki
On behalf of the users of HLP, thank you all. :)
"Anyone can do any amount of work, provided it isn't the work he's supposed to be doing at that moment." -- Robert Benchley

Members I've personally met: RedStreblo, Goober5000, Sandwich, Splinter, Su-tehp, Hippo, CP5670, Terran Emperor, Karajorma, Dekker, McCall, Admiral Wolf, mxlm, RedSniper, Stealth, Black Wolf...

  

Offline TopAce

  • Stalwart contributor
  • 212
  • FREDder, FSWiki editor, and tester
Looks like adding/removing badges will not cause serious headache for a while. :P
My community contributions - Get my campaigns from here.

I already announced my retirement twice, yet here I am. If I bring up that topic again, don't believe a word.

 

Offline Goober5000

  • HLP Loremaster
  • 214
    • Goober5000 Productions
Looks like adding/removing badges will not cause serious headache for a while. :P
Yes, that's one positive aspect. :)

Unfortunately, it will be replaced by users complaining vociferously that the HLP theme and all their favorite forum mods haven't been updated yet. :p

 
Take all the time you need admins.  In my opinion, having HLP bot free takes precedence over restoring the forum theme.

 

Offline mjn.mixael

  • Cutscene Master
  • 212
  • Chopped liver
    • Steam
    • Twitter
I want my theme and badges back!  :nervous:







 :ick:
Cutscene Upgrade Project - Mainhall Remakes - Between the Ashes
Youtube Channel - P3D Model Box
Between the Ashes is looking for committed testers, PM me for details.
Freespace Upgrade Project See what's happening.

 

Offline Droid803

  • Trusted poster of legit stuff
  • 213
  • /人 ◕ ‿‿ ◕ 人\ Do you want to be a Magical Girl?
    • Skype
    • Steam
Has the invasion been stopped?
Or at least quelled?
Curious to hear the results.
(´・ω・`)
=============================================================