Jump to content

LAVA Spam and Upgrades


Recommended Posts

I use the "Unread Content" link almost daily, and it appears that spammers are still hitting the forums pretty hard as that's where I see the most evidence. 

I don't know if new account creation was turned back on, but if it hasn't yet, it looks like they're still finding a way.

  • Like 1
Link to comment
1 hour ago, LogMAN said:

They probably went to bed for a few hours, now they are back. Is CAPTCHA an option for posting new messages?

They are signing up when new registrations are disabled. It looks like an exploit.

1lp7dv.jpg.36c1c46be3c8fcfff364329fd1423e48.jpg

Edited by ShaunR
Link to comment

Honestly my tools for fighting this are quite limited at the moment.  That's why upgrades are likely to come.  Until then thanks for your patients.  I also check the Unread Content section and hate it to see it blasted with 100s of garbage.  When I'm at work it is easy to just refresh once in a while and delete it as it comes. But then Brian goes to sleep, and robots don't need sleep.  Maybe the next upgrade will be if I can become a robot.

  • Sad 2
Link to comment

Also just so others know, you don't have to report every post and message by a user.  When I ban an account it deletes all of their content so just bringing attention to one of the spam posts is good enough to trigger the manual intervention.

  • Like 1
  • Haha 1
Link to comment
12 hours ago, hooovahh said:

Also just so others know, you don't have to report every post and message by a user.  When I ban an account it deletes all of their content so just bringing attention to one of the spam posts is good enough to trigger the manual intervention.

By now, you really shouldn't have to be deleting them manually.

If it's an exploit then it should have been patched already (within 24hrs is usual). If it's just spam bots beating CAPTCHA then maybe we can help with a proper spam plugin (coding challenge?). This is a software engineering forum and if we can't stop bots posting after a week then what kind of software engineers are we?

It's also quite clear to me that this is no more than a script kiddie. You can watch the evolution of the posts where originally they had unfilled template fields that, as time went on, became filled.

Link to comment
50 minutes ago, ShaunR said:

By now, you really shouldn't have to be deleting them manually.

If it's an exploit then it should have been patched already (within 24hrs is usual). If it's just spam bots beating CAPTCHA then maybe we can help with a proper spam plugin (coding challenge?). This is a software engineering forum and if we can't stop bots posting after a week then what kind of software engineers are we?

It's also quite clear to me that this is no more than a script kiddie. You can watch the evolution of the posts where originally they had unfilled template fields that, as time went on, became filled.

It takes a thief to catch a thief.

Link to comment
5 hours ago, ShaunR said:

By now, you really shouldn't have to be deleting them manually.

Moderator tools are way more restrictive than Administrator.  I appreciate the support but it is all I can do to get rid of the stuff manually that makes it through until better tools are installed or upgraded.

Link to comment
On 8/9/2024 at 4:11 PM, hooovahh said:

Moderator tools are way more restrictive than Administrator.  I appreciate the support but it is all I can do to get rid of the stuff manually that makes it through until better tools are installed or upgraded.

Maybe there is an option in the forum software to add some extra users with limited moderation capabilities. Since I was promoted on the NI forums to be a shiny knight, I have one extra super power in that forum and that is to not just report messages to a moderator but to actually simply mark them as spam. As I understand it, it hides the message from the forum and reports it to the moderators who then have the final say if the message is really bad. Something like this could help to at least make the forum usable for the rest of the honorable forum users, while moderation can take a well deserved night of sleep and start in the morning with fresh energy. 🤗 It only would take a few trusted users around the globe to actually keep the forum fairly neat (unless of course a bot starts to massively target the forum. Then having to mark one message a time is a pretty badly scaling solution). 

Link to comment
1 hour ago, Rolf Kalbermatter said:

Maybe there is an option in the forum software to add some extra users with limited moderation capabilities. Since I was promoted on the NI forums to be a shiny knight, I have one extra super power in that forum and that is to not just report messages to a moderator but to actually simply mark them as spam. As I understand it, it hides the message from the forum and reports it to the moderators who then have the final say if the message is really bad. Something like this could help to at least make the forum usable for the rest of the honorable forum users, while moderation can take a well deserved night of sleep and start in the morning with fresh energy. 🤗 It only would take a few trusted users around the globe to actually keep the forum fairly neat (unless of course a bot starts to massively target the forum. Then having to mark one message a time is a pretty badly scaling solution). 

Not exactly a software solution though. I wrote a plugin for my CMS that uses Project Honeypot so it's not that difficult and this is supposed to be a software forum, right?

The problem in this case, however, seems to be that it's an exploit-it needs a patch. Demoting highly qualified (and expensive) software engineers to data entry clerks sounds to me like an accountants argument (leverage free resource). I'd rather the free resource was leveraged to fix the software or we (the forum users) pay for the fix.

The sheer hutzpah of NI to make you a no-cost employee to clear up their spam is, to me, astounding. What's even more incomprehensible is that they have also convinced you it's a privilege:blink:

Edited by ShaunR
Link to comment
24 minutes ago, ShaunR said:

The sheer hutzpah of NI to make you a no-cost employee to clear up their spam is, to me, astounding. What's even more incomprehensible is that they have also convinced you it's a privilege:blink:

😁 well, I can be sometimes tempted. And to be honest, selecting that menu option if I'm looking at the message already is really just taking up one second. It's in fact a lot quicker than selecting the report option and writing "SPAM" in it. Now, spending substantial time on their forum is another topic that could spark a lot of discussion. 😂

Edited by Rolf Kalbermatter
Link to comment
2 hours ago, ShaunR said:

The problem in this case, however, seems to be that it's an exploit-it needs a patch.

It appears that, although registration is disabled, social sign-in is still possible and allows for account creation (even if registration is disabled). For example, Twitter - Social Sign In - Invision Community. Maybe turning those off will put us in a walled garden 🤔

image.png.4089885a1eeb5d077b779e1f2cae218a.png

  • Like 1
Link to comment
1 hour ago, Rolf Kalbermatter said:

Some Zeruzandah guy really starts to get on my nerves. 👿

So, you have no interest in joining the Illuminati or occult to be free from poverty and ancestral curses without a human sacrifice?  

Personally, I prefer my sacrifices to be as human-y as possible.  

Link to comment
On 8/14/2024 at 10:37 AM, Rolf Kalbermatter said:

Now, spending substantial time on their forum is another topic that could spark a lot of discussion

Any site that uses Cloudflare is completely safe from me using it. As far as I'm concerned it is a MitM attack.

Link to comment
On 8/9/2024 at 5:11 PM, hooovahh said:

...but it is all I can do to get rid of the stuff manually that makes it through until better tools are installed or upgraded.

About a decade ago, when the NI forums had a very similar spam problem, a couple of active users were given privileges to help with the spam. I realized fairly quickly that doing it manually wasn't that helpful and wrote some LV code which monitored the forums, recognized the spam, did all of the actions to remove it and block the user and then sent an email with the details. It worked quite well and would typically get rid of the spam within a minute or two of it being posted.

Link to comment
On 8/15/2024 at 3:58 PM, ShaunR said:

Any site that uses Cloudflare is completely safe from me using it. As far as I'm concerned it is a MitM attack.

It's a valid objection. But in this case with the full consent of the website operator. Even more than that, NI pays them for doing that.

There are a few things Cloudflare can do, such as deflecting DOS attacks that can make it look attractive. Personally I mostly notice it as a delay when opening a CloudFlare "protected" website. In the case of NI this can sometimes amount to an infinite delay since the CloudFlare servers seem to get caught in some infinite loop trying to decide if I'm a bot, a hacker or a harmless visitor. Usually aborting the page loading and forcing a refresh results in an immediate success. A few times per year CloudFlare decides that trying to edit a post because of a typo and subsequently resubmitting it, is a very dangerous sign of web server flooding. My guess is that they get the timing wrong at those times and the analyzer thinks that the resubmit 30 seconds later was really 30 ms later, so can't possibly be a human.

Of course these services are only tolerated when they are 100% invisible. Otherwise there will always be people feeling bad about them. And things can go bad, as has been proven by the recent CrowdStrike incident too.

Edited by Rolf Kalbermatter
Link to comment
18 hours ago, Rolf Kalbermatter said:

It's a valid objection. But in this case with the full consent of the website operator. Even more than that, NI pays them for doing that.

The objection is that I (as a user) do not have end-to-end encryption (as advertised by the "https" prefix) and there is no guarantee that all encryption is not stripped, logged and analysed before going on to the final server. But that's not just a single server, it's all servers behind Cloudlfare, so it would make data mining correlation particularly useful to adversaries.

Therefore I refuse to use any site that sits behind Cloudflare and my Browsers are configured in such a way that makes it very hard to access them so that I know when a site uses it. If I need the NI site (to download the latest LabVIEW version for example) then I have to boot up a VM configured with a proxy to do so. I refuse to use the NI site and the sole reason is Cloudflare.

So now you know how you can get rid of me from Lavag.org - put it behind Cloudlfare :lol:

Edited by ShaunR
Link to comment

Really????? 16 pages of spamming and still being busy!! Can we not just disable any kind of account creation for the time being, until this hole is fixed?

Wouldn't this work too?

https://invisioncommunity.com/forums/topic/473954-spam-attack-today/?do=findComment&comment=2943240

 

Edited by Rolf Kalbermatter
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.