Denial of Service Attack?

Discussion in 'Housekeeping' started by eDiceGuy, May 2, 2018.

  1. eDiceGuy, May 2, 2018

    eDiceGuy

    eDiceGuy Member

    Joined:
    Mar 2, 2018
    Messages:
    62
    Likes Received:
    77
    Gender:
    Male
    Location:
    Arizona
    Did anyone notice the amount of phony posts that happened between 7:30PM and 6:30AM today? Does this happen often?
     
    #1
  2. Settingcanthurt, May 2, 2018

    Settingcanthurt

    Joined:
    Jul 31, 2015
    Messages:
    4,389
    Likes Received:
    2,539
    Gender:
    Male
    Location:
    Flyover below the tundra
    For some reason there has been a lot of frustrations writing on the forum lately. To define frustrations..
     
    #2
    yacraps and crispcem like this.
  3. eDiceGuy, May 2, 2018

    eDiceGuy

    eDiceGuy Member

    Joined:
    Mar 2, 2018
    Messages:
    62
    Likes Received:
    77
    Gender:
    Male
    Location:
    Arizona
    What appears to be happening is some computer, some where is generating phony posts and sending them so fast that only certain posts are making it though to the server. The timestamps on the posts are a minute or less in between. There are probably dozens or hundreds of legitimate and phony posts simply being lost.

    The network may need more protection. I would start by talking with the Internet provider to see what they recommend.
     
    #3
    yacraps likes this.
  4. wonko33, May 2, 2018

    wonko33

    wonko33 Member

    Joined:
    Sep 2, 2015
    Messages:
    1,431
    Likes Received:
    795
    Gender:
    Male
    the best thing when you see those is to click on their name instead of the link and ignore them - it removes all the threads in one swoop!!! and they don't get viewed so the spammer don't think people go in there and read them
     
    #4
    yacraps and HornHighBLEVE like this.
  5. The Midnight Skulker, May 2, 2018

    The Midnight Skulker

    Joined:
    Jan 28, 2010
    Messages:
    3,135
    Likes Received:
    1,964
    Gender:
    Male
    Location:
    Idaho, USA
    I presume you're referring to the ones with Chinese subjects. Yes, I noticed them when I first logged on and reported the "author", though it turns out there are multiple "authors" posting this presumed spam. Should be easy to spot those others, however.

    Occasionally I will get a "Resource Limit Reached" message and have to make multiple attempts to do whatever it was I was trying to do. Can't say it happens to me often, maybe 10% of the time.

    There do seem to be a number of computer generated IDs popping up on the "Who Has Visited" list, the ones ending in "GAT" for example. I have yet to see a post from one of them so I assume they are only there to annoy us by consuming resources.

    A nice administrative feature would be to send a PM automatically to a user when that user registers and to require a particular PM response, perhaps an answer to a simple arithmetic problem, before allowing that user to post anything.
    I certainly do not open all the threads from a spammer, only one so I can report it. I will also include the names of other spam authors in the explanation of why I am reporting a post.
     
    #5
    yacraps likes this.
  6. Settingcanthurt, May 2, 2018

    Settingcanthurt

    Joined:
    Jul 31, 2015
    Messages:
    4,389
    Likes Received:
    2,539
    Gender:
    Male
    Location:
    Flyover below the tundra
    Nice analysis. Makes me ask why would anyone do this to a Crapsforun and i have no answer. So it points to the provider. How many of his other websites are getting hit?
     
    #6
    yacraps likes this.
  7. Settingcanthurt, May 3, 2018

    Settingcanthurt

    Joined:
    Jul 31, 2015
    Messages:
    4,389
    Likes Received:
    2,539
    Gender:
    Male
    Location:
    Flyover below the tundra
    I have a theory of possibly why the site is under attack.
    This site is neutral as far as government and anything official. It is perfect for a group of hackers say in some sort of hacking school, to target and see what damage they can do? No real interest other than teaching how to hack a real site.

    Are these IP's all from the same or close to the same address and can that address be filtered?
     
    #7
    yacraps likes this.
  8. The Midnight Skulker, May 3, 2018

    The Midnight Skulker

    Joined:
    Jan 28, 2010
    Messages:
    3,135
    Likes Received:
    1,964
    Gender:
    Male
    Location:
    Idaho, USA
    A better guess than any I can think of. Be a nuisance in a place that does not have the resources to track you down and kill you.

    The problem of course is that when you build a better mouse trap the hackers just build a better mouse. A while back the spam technique of the day was to have a URL in the subject. Assuming Jacob put in a filter for that the spammers merely moved the URL to the subject of a poll. Now we have Chinese subjects and text; filter that and I will lay odds that the respite will be short lived. It's like the Whac-A-Mole arcade game:
    WhacAMole.jpg bash one technique and another pops up.

    Obviously the trick is to balance security with usability. I'm thinking the only way to do that is to attack the source of the posts: the UserID. Programatically I should think the easiest way would be to ask a simple question, the answer to which could be obtained with a Google query if necessary, prior to posting. Another defense would be to limit the number of posts a UserID could make in a time period, say 15 minutes. Such countermeasures would be a pain in our posteriors but I think would mitigate the problem. Is the disease worth curing? If so, and this is the $64,000 question: are the resources available to implement the cure?
     
    #8
    yacraps and random_roller like this.
  9. eDiceGuy, May 3, 2018

    eDiceGuy

    eDiceGuy Member

    Joined:
    Mar 2, 2018
    Messages:
    62
    Likes Received:
    77
    Gender:
    Male
    Location:
    Arizona
    Or software the could send an electrical surge to the sending computer and fry the SOB. But there may be too much collateral damage, especially if it's my grandson screwing around on my computer.

    My son is a network analyst and deals with DoS issues a lot. We will be together next week on vacation and I will pick his brain.
     
    #9
    yacraps likes this.
  10. The Midnight Skulker, May 3, 2018

    The Midnight Skulker

    Joined:
    Jan 28, 2010
    Messages:
    3,135
    Likes Received:
    1,964
    Gender:
    Male
    Location:
    Idaho, USA
    Excellent idea! My son also is a Network Engineer. I'm hoping to see him before winter this year. Now that you mention it methinks an e-mail may be in order. (Father-Son communication, what a concept!)
     
    #10
    yacraps likes this.
  11. Settingcanthurt, May 3, 2018

    Settingcanthurt

    Joined:
    Jul 31, 2015
    Messages:
    4,389
    Likes Received:
    2,539
    Gender:
    Male
    Location:
    Flyover below the tundra
    #11
    yacraps likes this.
  12. HornHighBLEVE, May 3, 2018

    HornHighBLEVE

    HornHighBLEVE Member

    Joined:
    Aug 21, 2016
    Messages:
    165
    Likes Received:
    170
    Gender:
    Male
    A simple 'captcha' challenge might be of use in filtering out the bot spam.
     
    #12
    yacraps and Settingcanthurt like this.
  13. crispcem, May 9, 2018

    crispcem

    crispcem Member

    Joined:
    Apr 14, 2018
    Messages:
    140
    Likes Received:
    223
    Gender:
    Female
    Somebody please tell the admin to buy and install Wordfence and start blocking by ip and whole country. These idiots are probably stealing his links and redirecting, creating spam links.
    I get about 20 hackers trying to login to my website a day. Brute force attacks can go into the hundreds. It's a jungle out there; hate to see this site go down from all the spambot posters.
     
    #13
    yacraps likes this.