I called Humbert and he told me that Maher had been warned but he's probably busy.
Hopefully, he will do something when he's back.
It's probably the work of an angry Russian guy since there are some Russian spams. You probably know that the rts index crashed and has lost 10% today, and that the ruble has lost 70% of its value against Euro in 3 months. Due to that, some Russian brats have suicidal tendencies and they come here to show they want to break a forum. Maybe Maher had better do a harder registration and an efficient antispam to make those script kiddies harmless, though.
Maher should add another step for user verification like solving a simple mathematical problem.
Maher got back to me today. He said these was automatic bots who managed to get on. He activated ReCAPCHA to make it a little more difficult for them to get in, and also deleted all posts and accounts from the bots. I will continue reporting to him if they crop up again.
invasion by bots still increasing. :'(
I sent Maher a text message about this problem, so I'm assuming he'll be getting on pretty soon. I'm thinking these bots have figured out a way to get around CAPTCHA.
maybe maher can introduce two step captcha one being symbols another would be arithmetic problem.
Does Maher care any longer or does he have enough time? The forum needs a savior, otherwise its members are going to leave because they are fed up, at least those who are lucid, and we have already noticed that Ahmad left. Humbert is the last savior on the forum, but to accomplish his duty, I think it would be good that he could become an administrator too.
(http://i020.radikal.ru/0912/91/c423520f55c0.jpg) (http://i020.radikal.ru/0912/91/c423520f55c0.jpg)
Ð'ориÑку - на царÑÑ,во?!!! Ðе бываÑ,ÑŒ ÑÑ,ому! (Boris - as Tsar?!!! No way!) ((c) Ivan 4-th the Terrible)
I mean, our respectable Scarface isn't best candidate as administrator (not because his skill, but because he is very impulsive, especially after a bottle of good wine :) ).
QuoteÐ'ориÑку - на царÑÑ,во?!!! Ðе бываÑ,ÑŒ ÑÑ,ому! (Boris - as Tsar?!!! No way!) ((c) Ivan 4-th the Terrible)
I mean, our respectable Scarface isn't best candidate as administrator (not because his skill, but because he is very impulsive, especially after a bottle of good wine
Maybe you should learn to read. But I'm afraid Maher might not look for any candidate at all, should it get worse on the forum.
Thank you guys for all the effort you put in the forums to stay together and united as a family! I really appreciate it.
I'm sorry I don't have time to read everything and reply to you..
But be sure that I always check from time to time and read your posts, and I will reply when I have time ;)
Regarding the bots, I tweaked the registration page a little bit. Hope this might help..
reCAPTCHA isn't helping anymore! I think bots bypass it easily now..
Quote from: scarface on December 20, 2014, 10:45 PM
Maybe you should learn to read. But I'm afraid Maher might not look for any candidate at all, should it get worse on the forum.
Oh, sorry! :-[
I was tired yesterday after one task. Can't understand, how I understood last 3 messages in topic as scarface's request to become an admin. :)
That's right, a few days ago I asked to become admin to join the war against the machines.
It seems that Maher is right, it's more and more difficult to stop them: https://community.elgg.org/discussion/view/1544516/how-are-bots-bypassing-google-recaptcha
@Scarface - thanks for believing I'd be a good administrator :)
I wish that software bots use to bypass reCAPTCHA could be written as a Firefox addon. Many times these CAPTCHAs are vey hard to read. I'm also wondering if that software can read any CAPTCHA or just the easy ones.
This appears to be exactly what this vermin is doing - using humans to enter CAPTCHA and letting bots take over. This morning when I logged in I deleted 8 bot topics - this in under 24 hours.
I'd like to delete and ban the newly-created accounts too, but that has to be Maher.
Fuj->maybe Maher should try anti-spam programs like this one : http://akismet.com/
Maybe a good idea is to add a pre-moderation for newbies on forum? I.e., posts from new members (who create less than 5-10 posts) will not be shown, before moderator read them? (Don't know, has the SimpleMachines this feature, on PhpBB 3.x it works fine).
Quote from: usmangujjar on December 23, 2014, 08:40 AM
as Daniil said, many phbb forums using this method.
until a moderator or Admin don't allow, our posts are not shown on the forum. but their is less chance of this option in SMF.
You're not fully correct, Usman. I mean to use this pre-moderation only for newcomers. If use it for all of us, it'd be overwork for moderators and admin.
I agree with the idea of pre-moderation and I'll gladly do the job. What I'm not too sure about is whether or not Maher will agree. When I made him aware of this bot invasion, I proposed he raise my priveleges to being able to delete users. He didn't exactly say no, what he said was he's log on and take care of this matter himself. I'm assuming he has his reasons.
These botnets that manage their way around captcha, when they find a difficult one (i.e., difficult even for a human brain), do they just use brute force or what?
Quote from: Fuj on December 23, 2014, 08:38 PM
My guess is they use software that is able to solve our captcha. The interval between http request and response is probably too long to make brute forcing a practical option. But no one can answer your question better than Maher, he has access to logs.
Кomrade Fuj, I don't think that script can read chars from our captcha. (At my work I have
sex deals with signal and wave forms recognition by software, so I can say that this kind of programs is big and very complex software, creating by a number of programmers for many years). Even if we using a computer vision system like OpenCV, we would spend a lot of time to create soft for good recognition of captcha. And even if we do so, it can't answer the next control question correct.
So I think here we have much more simple mechanism of attack. At the internet segments all of ex-USSR countries we can see a lot of adverts like "Become Ñeach in 5 days, make a !!!TЯUE!!! InteÑnet buisines!" This adverts are created by spamers - hairy fat rapscallion, who don't want to develop soft but want to make some money. Teenagers is capturing by this ads with easy. Their job is simple:
1) Create an account to fill spamer's database.
2) Register on any forum (and bypass the captcha)
3) Sent account data to spamer.
4)
PROFIT!!! 5 cents.
why not fight bots(enemy) with bots(Our friendly bots).
Quote from: Vasudev on December 24, 2014, 04:33 PM
why not fight bots(enemy) with bots(Our friendly bots).
How do you think to do this?
I don't know Ismet might have an answer.
@Daniil - you are definitely correct when it comes to how bots get access to our forum. The only plausible explanation is a human registering and bypassing captcha, then selling the account to these cockroaches. I noticed some captchas I'm faced with are very difficult to solve. Difficult for a human brain, impossible for a computer (at least at this writing).
@Vasudev - what "good" bots? I have yet to see one.
Do you guys think it would help if captchas were enforced not only during registration but also for (for example) the first 10 posts or topics created? I'm also wondering if there's some way to keep captcha on new accounts until an administrator lifts the registration. I don't know if it's a good idea to take this up with Maher.
You want a solution, here is my solution: you delete every account because 90% are fakes, those who want to come back will have to create again their account, except perhaps a few faithful users.
You put a new registration scheme, with some mathematical problems like this one:
If you have 2 carrots, increase the number threefold, and then add 15, how many carrots do you have?
It would be better to put the resolution of a second order polynomial of the form ax²+bx+c=0, with a,b, c varying randomly so that only those who know how to resolve such a system could complete the registration for this great forum.
Of course there is a problem with the boss. But I'm sure humbert and myself have sufficient knowledge in html to implement this.
If you need a script to make a barrier for bots, I can help you. I'm coding PHP and JS, not very bad. :)
How many real users are there on the forum Daniil? probably between 5000 and 15000. That means there are already 50000 bots, therefore no need to make a barrier, till they are here. Now it's up to Maher to decide if he wants to do something.
It's not that Maher doesn't care, it's that he's very busy between his jobs and family matters. Let's do this - I'm going to email him the link to this topic and having look over your suggestions. As owner of the forum, Maher has the final word on what action should be taken to eliminate (or at least mitigate) this problem.
This is as far as I can go, not counting the garbage topics and posts I've removed. Let's see what happens. Thanks for believing I'm doing a good job moderating the forum.
Hey guys..
First of all thank you for the care you show towards our forums, really appreciated!
I think no more bots are able to sign up now and create new topics.
The "few" who success are actually real humans who get paid for signing up and creating those posts. They can only be tackled by admins and moderators.
We're missing Ahmad, I hope he's fine. I wrote him but still no reply..
If things stay the same I think we'll have to appoint a new moderator to help Humb. We'll see..
Love you guys ;)
Peace