Spam Attacks

Enzo1

Offends by example
Has anybody noticed recently that there have been massive spam attacks? And when I mean massive, I mean like 50 threads of the same message. I'm beginning to question not only the forums, but the security here. Usually following those links lead to phishing attacks, viruses, and having your information stolen. Would one have to worry about their information being stolen in such attacks? Does this attack involve attempts to take the servers that host the DLS, and the forums down?

What can be done to stop such attacks from happening, and what impact would that have on members and those who wish to become members here?
 
Last edited:
Every right minded person knows what needs to happen Chris - moderated posting for new members or even, as some forums do, not allow new members to originate threads until they have 20 or so posts against their name. Or as a short term measure only those with registered copies can post in anything but a "New Members" area, which would confine the spam there. But every time this is suggested the mods/admin ignore the advice.iI seems the people running this board have no idea with regard to basic security protocols and protecting genuine users so, yes, you have to wonder how secure the rest of N3V's operation's are.
 
Every right minded person knows what needs to happen Chris - moderated posting for new members or even, as some forums do, not allow new members to originate threads until they have 20 or so posts against their name. Or as a short term measure only those with registered copies can post in anything but a "New Members" area, which would confine the spam there. But every time this is suggested the mods/admin ignore the advice.iI seems the people running this board have no idea with regard to basic security protocols and protecting genuine users so, yes, you have to wonder how secure the rest of N3V's operation's are.
I would have to agree, as this is now the third time I have seen such a massive attack. It's still underway and it seems as fast as one gets banned, another spawns and begins the rampage over again. It's enough to make me think about this and perhaps stop posting here at all until I see an effort to show me where this is not affecting the whole picture.
 
Not sure about the moderator side, but the best thing to do if one sees such posts is to report them and not follow any links in them.

In terms of prevention having the posts in a specific forum may help. I'm a bit concerned regarding the moderating the first few posts option though as this may discourage genuine new posters if their posts don't appear fairly quickly.

Shane
 
I reported today's attack, as I did for yesterday's, but it looks as if no moderators are monitoring. I'd like to see a stricter control for starting new threads as is used elsewhere. I believe that N3V have been experimenting with stricter posting much to the annoyance of some.
 
Indeed they have in the form of CAPTCHAs. The problem they are going to have though is distinguishing between someone who is likely to spam and a genuine new member.

Shane
 
I reported today's attack, as I did for yesterday's, but it looks as if no moderators are monitoring. I'd like to see a stricter control for starting new threads as is used elsewhere. I believe that N3V have been experimenting with stricter posting much to the annoyance of some.
There has to be a specific question during registration that is set by the admin here. It would have to be something that would need outside research, something only a real person, not a bot could do. That would stop the spawning quickly, however this would not completely eliminate the issue though, as a person could make the account, and set the bot loose, as it is really not that hard to create one. But the fire could be put out much faster than it is right now.

Indeed they have in the form of CAPTCHAs
Bot's can break these all day long with the more advanced ones. I've seen forums using this, and they still manage to get attacked by spam bots. It has to be something that only a human could do, and then set the bot loose, making him an easy spot compared to now.
 
Last edited:
If I'm honest I don't think there is any way of completely preventing spam attacks. Even the method I'm using (using a third-party site called Cleantalk) on my forum seems to miss the occasional spammer.

The one issue here which may make such a method difficult is how it's tied in with the MyTrainz system.

Shane
 
If I'm honest I don't think there is any way of completely preventing spam attacks. Even the method I'm using (using a third-party site called Cleantalk) on my forum seems to miss the occasional spammer.

The one issue here which may make such a method difficult is how it's tied in with the MyTrainz system.

Shane
What makes it clear that these are bots, and the reason I am concerned for the security here is because forum registration is turned off by admin right now, and as we speak, another account has spawned. There is only one way such a thing happens, and that is the forum has been hacked. The speed at which the accounts are spawning are unreasonable for a human to do so without AI help.
 
I was thinking the same, although the reason for the 'forum registration being turned off' is because it's linked to the MyTrainz system.

Shane
 
The hacking would have allowed a back door link into the server like what is being seen, so accounts and their spam can endlessly punish the sever, eventually crashing it because of the load. This however, is not displaying the typical characteristics of a Denial of Service attack, as the threads would be started much faster than the pace they're working at.

It appears more in line with a somebody hacked a back door, and it is now open with no security, and apparently nobody can tell where it is at, or they are not wanting to tell us what actually has taken place, and the extent of the damage.

I once contracted a trojan virus that opened a back door on my PC, when it did, I got attacked with spam just like whats here endlessly, without any knowledge of where as such was coming from. Most viruses that are not out to destroy your PC or steal information are to do just this and open a back-door attack, leaving the victim open for spam, and worse, more viruses that will steal your information right from beneath your nose, so something like this needs to be taken very seriously otherwise the worst may yet still be to come.
 
I'm wondering if that's part of it. However I can see that most of the spam posts have gone now so at least one of the moderators is on the case.

Shane
 
I think we got them now.
At least 20 posts (re)moved and at least 7 spammers banned.

If you see any (new) spam posts, please report them and I will see what I can do during breaks of my actual Real Life job.
 
I think we got them now.
At least 20 posts (re)moved and at least 7 spammers banned.

If you see any (new) spam posts, please report them and I will see what I can do during breaks of my actual Real Life job.
I've done so, but is there any update on what actions are being taken in order to stop such events, or why they are occurring?
 
I've done so, but is there any update on what actions are being taken in order to stop such events, or why they are occurring?
It is a war.
Spam filters are regularly updated, but spammers also are constantly updating their ways of bypassing that.

No the website is not hacked.
I see exactly the same kind of spam on the community of my real job, so this forum is not "special".
Yes, it is AI doing the account and spam generation. It is just software.

forum registration is turned off by admin right now
It has never been turned on as registration to the forum is effectively done via MyTrainz. But that's details; the same system to try and keep the spammers out is on that.
 
As the "Suggestion Boxcar" thread is set up so that posts must be read and reviewed first ... my suggestion is that all new members, especially unregistered users posts, be proof read first, and censored out if they are indeed nonsense spam
 
Been so long since I registered but
There should be some sort of confirmation during registration as well as a new members area to start off in
there are a lot of forums which restrict new members to these areas until a certain number of posts are reached
Is there a system in place where once registered you receive an email and a link to confirm registration or
a with code to enter to prove your human similar to what is used on ebay for example?
 
No moderators, nobody watching the shop

There appears to be a misconception that the moderators are able to watch every single post, 24 hours per day, 7 days per week. This, of course, is impossible particularly when posters can come from every possible time zone as well as from the "other side" of the International Date Line. This also applies to the spamming bots which can strike from any time zone.

It may be possible for the moderators or admins to introduce various measures that would reduce the frequency of these spam attacks but it would probably be at the cost of making the forums more difficult and less friendly for both new and old users alike.

While they are undoubtedly annoying, as long as these attacks do not threaten the security or integrity of the forums perhaps we should, for the time being, leave it to the moderators to cleanup the mess (do they get "dirt money"?)
 
Back
Top