RPTools.net

Discussion and Support

Skip to content

It is currently Fri Nov 17, 2017 2:29 pm 






This topic is locked, you cannot edit posts or make further replies.  [ 37 posts ]  Go to page Previous  1, 2, 3  Next

Previous topic | Next topic 

  Print view

Author Message
 Offline
Kobold
 
Joined: Tue Aug 05, 2008 5:14 am
Posts: 19
 Post subject: Re: Maintenance tonight
PostPosted: Mon Aug 13, 2012 7:39 am 
PHPBB is a pretty easy one for spambots I think.

I host a PHPBB that someone else runs (so I never actually go to it). It has security, activation, capacha etc on it, but I got an email from my host warning me that there were too many outgoing emails from my account and that I was being investigated as being a spam service.

I dug around and found out that this forum was the result of the emails. I did some data mining like you, out of 190,000 (yes, 190 THOUSAND) users, approx 250 were valid.

I had to disable registration by literally ripping the code out of the PHP :-/


Top
 Profile  
 
User avatar  Offline
Deity
 
Joined: Tue Sep 11, 2007 6:31 pm
Posts: 5412
 Post subject: Re: Maintenance tonight
PostPosted: Mon Aug 13, 2012 8:46 am 
Heh... I wish activation email links had a series of "pages" with questions(similar to a survey) to help weed out the spammers. ESPECIALLY if it were randomized(so it could not be robo-formed) questions from a large pool of questions tied to the session(requires cookies enabled). So for example, 5 questions(out of say 200 possible questions for example), one per page with a combination of radio button, dropdown, and textbox based answers. For example, a TEXT question might say something like this:

Quote:
Paris is the Capitol of which of the following countries: United States, China, France, or United Kingdom

So you have to type in "France".

Another might be a radio button like:

Quote:
5 litters = how many gallons:
  • approximately 1.32
  • approximately 75.1
  • approximately .156


with of course 1.32 being the one that makes the most sense(thanks google search for your auto conversion calculations!). You could even mix it up some to "require" people to search for things that might not be immediately relevant to many people. For example:

Quote:
A "Stone" is a unit of measuring weight which was used primarily in Great Britain which has mostly been abandoned in favor of using metric units with the exception of measuring the human body weight. If a man weighs 15 Stone, how much do they weigh:

  • approximately 308 pounds/140 kilograms
  • approximately 14 pounds/6 kilograms
  • approximately 210 pounds/95 kilograms
  • approximately 768 pounds/329 kilograms


Basically, they pay people to answer these capacha questions in bulk, so the best way to hurt them is to make them spend more time. For an average person, an extra 5-10 minutes filling out a form for a survey activation is not going to really make that much of a difference.... but if someone is doing that 100 times a day, it will make a huge dent in their productivity.

_________________
I save all my Campaign Files to DropBox. Not only can I access a campaign file from pretty much any OS that will run Maptool(Win,OSX, linux), but each file is versioned, so if something goes crazy wild, I can always roll back to a previous version of the same file.

Get your Dropbox 2GB via my referral link, and as a bonus, I get an extra 250 MB of space. Even if you don't don't use my link, I still enthusiastically recommend Dropbox..


Top
 Profile  
 
User avatar  Offline
Deity
 
Joined: Fri Mar 20, 2009 4:40 am
Posts: 9419
Location: Netherlands
 Post subject: Re: Maintenance tonight
PostPosted: Mon Aug 13, 2012 9:42 am 
they *hire* people to do that?!?!

this spamming gets weirder and weirder...

_________________
GETTING STARTED WITH MAPTOOLS - TUTORIALS, DOCS, VIDEOS, TOOLS, ETC

My stuff
Excel Tools: Table and Light editors
MT Tools: Bag of Tricks: Tools for Maptool, Dungeon Builder I, Dungeon Builder II,onMouseOverEvent and
DPI.
Frameworks: Dark Heresy, Rogue Trader, Deathwatch, Black Crusade, Only War, SET Card Game, RoboRally
Wiki: Debugging Tutorial, Speed Up Your Macros, Working With Two CODE Levels, Shortcut Keys, Avoiding Stack Overflow, READ THIS


Top
 Profile  
 
User avatar  Offline
Deity
 
Joined: Tue Sep 11, 2007 6:31 pm
Posts: 5412
 Post subject: Re: Maintenance tonight
PostPosted: Mon Aug 13, 2012 10:24 am 
wolph42 wrote:
they *hire* people to do that?!?!

this spamming gets weirder and weirder...


well.. if you call a pittance of money "hire", then yea.. the pay a tiny, tiny, tiny amount of money. Most of these are in Africa or Eastern Asia where any money, even if it's only enough for a single meal is better than going hungry.

I use the term "hire" VERY loosely here...

_________________
I save all my Campaign Files to DropBox. Not only can I access a campaign file from pretty much any OS that will run Maptool(Win,OSX, linux), but each file is versioned, so if something goes crazy wild, I can always roll back to a previous version of the same file.

Get your Dropbox 2GB via my referral link, and as a bonus, I get an extra 250 MB of space. Even if you don't don't use my link, I still enthusiastically recommend Dropbox..


Top
 Profile  
 
User avatar  Offline
Great Wyrm
 
Joined: Tue Aug 23, 2011 10:41 am
Posts: 1134
Location: Cornwall, UK
 Post subject: Re: Maintenance tonight
PostPosted: Mon Aug 13, 2012 11:30 am 
So looking at it from the flip-side, your counter-measures will make their job not profitable for the employer, and that person may starve as a result, so your counter-measures may be contributing to starvation?

Just an observation.

_________________
How to get around the two code nest limit in MapTool (and MOTE)


Top
 Profile  
 
User avatar  Offline
Site Admin
 
Joined: Mon Jun 12, 2006 12:20 pm
Posts: 12103
Location: Tampa, FL
 Post subject: Re: Maintenance tonight
PostPosted: Mon Aug 13, 2012 4:33 pm 
Well, I don't know if people are "hired" per se, but I've seen reports that porn sites that require authentication will put up CAPTCHAs and people will answer them in order to get access to the porn site. :?


Top
 Profile  
 
User avatar  Offline
Giant
 
Joined: Sat Feb 28, 2009 3:20 pm
Posts: 194
Location: Massachusetts, USA
 Post subject: Re: Maintenance tonight
PostPosted: Mon Aug 13, 2012 5:15 pm 
Azhrei wrote:
Well, I don't know if people are "hired" per se, but I've seen reports that porn sites that require authentication will put up CAPTCHAs and people will answer them in order to get access to the porn site. :?


Yeah, sometimes they're not being paid to do it. Sometimes they don't realize they're doing it. The spammers set up some real but shady site that people want access to (like porn), and the security measures they put up are actually pulled from some poor unwitting legitimate site (like this forum). Once the real person enters in the right answers to get their porn those answers are submitted to the legitimate site by a spambot, which now has access to said legitimate site.

This is why we can't have nice things. :?

_________________
Adventure is not outside; it is within.
--Found in a fortune cookie on game night

MapTool Framework for Sufficiently Advanced


Top
 Profile  
 
User avatar  Offline
Site Admin
 
Joined: Mon Jun 12, 2006 12:20 pm
Posts: 12103
Location: Tampa, FL
 Post subject: Re: Maintenance tonight
PostPosted: Wed Aug 15, 2012 12:41 pm 
We haven't had any complaints about things so I'm going to figure the maintenance didn't disrupt anyone's use of the site.

I did notice that only the prosilver and subsilver themes were updated so my next step is to determine what the changes in those files actually were and apply them to other themes that people are actually using. If those changes are relevant. There are currently 29 different themes being used but I'm going to do the user purge prior to updating the themes -- many of them may have been selected by spambot accounts and can be ignored. I have some reading to do before I can do the purge, so it'll likely be a day or two before that happens. I'll announce how I plan to do the purge so any interested parties can point out how badly I'm going to screw things up before I actually screw them up. ;)


Top
 Profile  
 
User avatar  Offline
Great Wyrm
 
Joined: Mon Sep 15, 2008 8:27 am
Posts: 1180
Location: Bristol, UK
 Post subject: Re: Maintenance tonight
PostPosted: Thu Aug 16, 2012 5:27 am 
Merkuri wrote:
This is why we can't have nice things. :?

Maybe the answer is RP specific questions?

Which of these is not a RPG?
  • Dungeons&Dragons
  • Swords&Sorcery
  • Fortnum&Masons

What am I saying, people going to pr0n sites will be able to answer that :/


Last edited by Jagged on Fri Aug 17, 2012 3:35 am, edited 1 time in total.

Top
 Profile  
 
User avatar  Offline
Site Admin
 
Joined: Mon Jun 12, 2006 12:20 pm
Posts: 12103
Location: Tampa, FL
 Post subject: Re: Maintenance tonight
PostPosted: Thu Aug 16, 2012 4:02 pm 
Heh, good point. But then people just learning about RPGs may not be able to answer it either. :?


Top
 Profile  
 
User avatar  Offline
Deity
 
Joined: Tue Nov 10, 2009 6:11 pm
Posts: 7947
Location: Bay Area
 Post subject: Re: Maintenance tonight
PostPosted: Thu Aug 16, 2012 4:51 pm 
I look at it like this. There is no convenient way to safeguard almost anything. We lock our doors knowing people can break in. These steps are just deterrents against opportunists, not the dedicated criminal. That's why all these security systems have cops to monitor them. Trained or otherwise, they can tell most of the time when a system has been compromised and take action. What the computer environment lacks is a system of consequences and given that, we have to rely more on the security precautions to bar intrusion.

Getting a real person to enter captcha is a smart idea, since all we're testing for is if it is a real person. Since all our physical actions are translated in to the digital (moving a mouse, typing on keyboard) we have to come up with a system that can test the person. The problem with that is people are imperfect and don't have the same information or reasoning skills (I find the captcha difficult to get right on the first try).

In the real world, we don't report the news (unless you're Fox) without verification of multiple sources or a direct recounting. It would be cool if we could get internet ids, like a credit card, to visit secure sites. Yes, credit card fraud is rampant but there is a third party that double checks the data to find fraud. So, if at any point fraud is discovered all associations can be notified at once, because their history is tracked by use of the id and pin. This could add a level of anonymity and consequence. Sites like this would only need to know is, this person is not a spammer.

There's a good video on TED called David Birch: Identity without a name that goes in to detail on a system like this.

_________________
Downloads:


Top
 Profile  
 
User avatar  Offline
Deity
 
Joined: Tue Sep 11, 2007 6:31 pm
Posts: 5412
 Post subject: Re: Maintenance tonight
PostPosted: Fri Aug 17, 2012 7:47 am 
Not to get too off topic here but:
aliasmask wrote:
In the real world, we don't report the news (unless you're Fox) without verification of multiple sources or a direct recounting.
You mean like Dan Rather's news report concerning President Bush's national guard service?


---------------------------

Or NBC's edit (which was then carried by NBC, MSMBC.com(transcript) of the George Zimmerman 911 call as the story ran:
Quote:
“This guy looks like he’s up to no good… he looks black.”


However, the conversation actually when this way:
Quote:
ZIMMERMAN: This guy looks like he's up to no good… or he's on drugs or something. It's raining and he's just walking around, looking about.

DISPATCHER: Okay, is this guy, is he white, black, or Hispanic?

ZIMMERMAN: He looks black.


--------------------------

Or various new outlets who show a picture of George Zimmerman with no "visible injuries" regardless of the documented paramedic reports to the contrary as well as obscured video(you know.. those pixelated blocks) which show an obvious scar?

--------------------------

Or again, same case where a ton of media outlets show a picture of Trayvon Martin as a child instead of a recent picture?



Now... don't get me wrong, I know there are unreported facts(ie, not running a story that makes "your" side look wrong or not in the best possible light), half truths and factual inaccuracies reported by media on both sides of the political spectrum, so please don't bash one network in exclusion of the others since they ALL do it.

_________________
I save all my Campaign Files to DropBox. Not only can I access a campaign file from pretty much any OS that will run Maptool(Win,OSX, linux), but each file is versioned, so if something goes crazy wild, I can always roll back to a previous version of the same file.

Get your Dropbox 2GB via my referral link, and as a bonus, I get an extra 250 MB of space. Even if you don't don't use my link, I still enthusiastically recommend Dropbox..


Top
 Profile  
 
User avatar  Offline
Deity
 
Joined: Tue Nov 10, 2009 6:11 pm
Posts: 7947
Location: Bay Area
 Post subject: Re: Maintenance tonight
PostPosted: Fri Aug 17, 2012 10:56 am 
Wow, that really is off my point. I was just making a political quip. But to respond, I would say those would be the exceptions rather than the norm. I feel fully justified pointing the finger at Fox News.

http://www.dailykos.com/story/2007/07/3 ... s-in-court

_________________
Downloads:


Top
 Profile  
 
User avatar  Offline
Deity
 
Joined: Fri Mar 20, 2009 4:40 am
Posts: 9419
Location: Netherlands
 Post subject: Re: Maintenance tonight
PostPosted: Fri Aug 17, 2012 1:39 pm 
aliasmask wrote:
Wow, that really is off my point. I was just making a political quip. But to respond, I would say those would be the exceptions rather than the norm. I feel fully justified pointing the finger at Fox News.

http://www.dailykos.com/story/2007/07/3 ... s-in-court


That's disturbing!

_________________
GETTING STARTED WITH MAPTOOLS - TUTORIALS, DOCS, VIDEOS, TOOLS, ETC

My stuff
Excel Tools: Table and Light editors
MT Tools: Bag of Tricks: Tools for Maptool, Dungeon Builder I, Dungeon Builder II,onMouseOverEvent and
DPI.
Frameworks: Dark Heresy, Rogue Trader, Deathwatch, Black Crusade, Only War, SET Card Game, RoboRally
Wiki: Debugging Tutorial, Speed Up Your Macros, Working With Two CODE Levels, Shortcut Keys, Avoiding Stack Overflow, READ THIS


Top
 Profile  
 
User avatar  Offline
TheBard
 
Joined: Tue Mar 21, 2006 7:26 pm
Posts: 3483
Location: Austin, Tx
 Post subject: Re: Maintenance tonight
PostPosted: Sat Aug 18, 2012 8:15 am 
Does anyone else see the circular logic loop forming?

_________________
ImageImage ImageImageImageImage
Support RPTools by shopping
Image
Image


Top
 Profile  
 
Display posts from previous:  Sort by  
This topic is locked, you cannot edit posts or make further replies.  [ 37 posts ]  Go to page Previous  1, 2, 3  Next

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:

Who is online

In total there are 3 users online :: 0 registered, 0 hidden and 3 guests (based on users active over the past 5 minutes)
Most users ever online was 243 on Sun Nov 04, 2012 6:14 am

Users browsing this forum: No registered users and 3 guests





Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group

Style based on Andreas08 by Andreas Viklund

Style by Elizabeth Shulman