Jamroom Support: View topic

jcable · Posted: 11/19/11 22:23

Should also note, you should move all the current users out of that affected quota (#1) remove all signup links to that quota and finally remove the quota out of the system completely. that will lock the attack to a non-existing quota then after, you should be able to safely run the script above and block any requests still going to that quota.

be careful you could easily block real users if you don't remove the quota and all links to it... if one real users hits that link, apache will reject them forever.

-jc

Paul · Jamroom Team

I look after a site that is being seriously hit. Its in maintenance mode at the moment - the only sure way to stop them.

Are the bots getting past recaptcha? What hope for us if they are?

The site owner is desperate. Years of work building up the site are being ruined, and I'm not sure what to do for him.
We do not have root/command line access so can't do what you suggest, risky as it sounds. I'm going to create a new signup quota and move existing real users to that, then disable the existing one for now.
Is IP blocking a real answer? Won't the bots just move on to other IPs?
Pa

_________________
Paul Asher
Jamroom Network Team Member: http://www.jamroom.net
Priority Support: http://www.jamroom.net/Support_Center

henryjimdix · Posted: 11/20/11 12:23

Wow, I leave my site for a month or so, Imagine my delight when I last logged in to see that I had nearly 9000 new accounts sign ups recently. I've never known it so bad on Jamroom.

I need to know the following:

How to delete multible accounts.
How to delete multible suspended users/artist accounts
How to stop these bots/people from signing up
If Jamroom intends to release a patch to solve this issue.

This problem has recently caused my site to go over my hosts threshold and I expect it will stop my account soon.

_________________
http://www.ukbands.co.uk

jcable · Posted: 11/20/11 13:34

not to my knowledge.

henryjimdix · Posted: 11/20/11 13:57

I have read the thread and started my war against these morons by changing the recapcha code.. Will work on the others later. Is there a way to mass delete artists? I've moved the spammers to a 'spam' quota but the auto prune to delete didn't do anything.

_________________
http://www.ukbands.co.uk

jcable · Posted: 11/20/11 14:02

Patch JR At The Very Least: http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1897

djmerlyn · Jamroom Ustad

I think its about time for a form letter of some type to users. I'm about to hit everyone in my network today. I see a few people have already exceeded the 32k folder limit from the spam. A shame for a site with 100 artists to have to clean up 31,898 profiles. I see a lot of site owners are blissfully unaware, might be a good idea to make an attempt to let them know?

Others are just straight up closed and in maintenance mode for lack of a better solution as the one here is apparently insignificant or not significant enough to maintain business continuity. Is there anything else that can be done other then breaking the progress meter for security as I mentioned in another post? I think dropping the progress meter for a secured spam free site is looking like a better and better compromise the more I see the damage sites have taken. What are we looking at for solutions from here out?

thx

_________________
Pro JR Hosting, now 50% off!
-100% Guaranteed

"more server and network power than any host, dedicated to your jamroom site"

Dazed · Posted: 11/20/11 15:33

I was speaking to Paul about this earlier today. Luckily I have not been a target but my suggestion on this was to maybe do the following.

Put a challenge question on the signup form. ie. What year is it? They must put in 2011 or they can't sign up.

After x number of attempts the users ip is banned and a contact form is displayed to reach the admin

Can we put a call into the .htaccess to a form with denied IP's so they can't hit the site?

djmerlyn · Jamroom Ustad

The least logical thing I can think of, is to attempt to block IP's. If they're already beating the captcha form, I'm sure any other challenge setup will be just as easy.

The only solution I have that I know works, is to proxy the requests. The downside is that it breaks the progress meter. I can't find any other solutions that will improve the situation right now.

_________________
Pro JR Hosting, now 50% off!
-100% Guaranteed

"more server and network power than any host, dedicated to your jamroom site"

Dazed · Posted: 11/20/11 15:47

Are they beating captcha or recaptcha? It could be they just figured out a hack for that. I can't imagine they have someone physically doing all this so that is why I suggested the challenge question.

Banning IP's is virtually pointless I agree. They are obviously using a proxy so they have ip's from all over. I just worry about my site getting hammered by hundreds/thousands of bots.

Brian · Jamroom Team

A prune should work - when you test it, are you not getting any results?

- Brian

_________________
Make sure and check out:
* The Jamroom FAQ
* The Jamroom Documentation

Brian · Jamroom Team

It's not clear to me how a change in web server (or adding a proxy server) is going to prevent spam bots from signing up to a site. A request for "signup.php" would have to be proxied to Apache just like any other request. If the bot can properly enter the captcha, they will get in. As far as I know recaptcha has NOT been broken, and based on the explosion of spam users over the last couple of days I'm going to figure that the default Jamroom captcha _has_ been broken now, which is why we are seeing an influx of spam bots.

For now, moving to recaptcha, as well as making sure you are running the Jamroom 4.2.6 signup.php (from the bonus pack testing change set) should alleviate the issue as far as bots are concerned.

If these are real users signing up with the intention to spam your site, once again, Jamroom has no capability to determine the "intent" of a user at signup. There might be some merit to having a "spam" checker check blog posts, but at this time you can make sure your blog posts are going though the pending approval system - that should let you delete any spam entries that come through before making it onto your site.

It's also very important that you keep tabs daily on what's up on your system. The way these spam bots work is that they post a spam message, and then another process a day or two later looks for special "keywords" in the post to see if they are still there (this is why the fist post often appears as just gibberish) - if they find the keywords then they know the system owner is NOT keeping tabs on spam, and you'll now get a truckload of "live" spammers descending on your system to start posting the "real" spam posts, which are typically URL heavy posts pointing to a specific site. This is done get as many inbound links to a site as possible to push the site up the Google rankings as fast as possible.

So ultimately we can blame it on google - the public availability of a site's PR ranking plays heavy into the sites that are spammed, and making it into Google's SERP's is so important to so many sites that they are willing to play dirty to get there.

I'm not aware of any completely technical solution that is going to allow you to be "hands off" - in this day and age you've got to be on top of it pretty regularly.

- Brian

_________________
Make sure and check out:
* The Jamroom FAQ
* The Jamroom Documentation

emdiamond · Posted: 11/20/11 18:24

A prune should work - when you test it, are you not getting any results?

- Brian

Brian · Jamroom Team

It is in the general settings tab of your quota config.

Hope this helps!

- Brian

_________________
Make sure and check out:
* The Jamroom FAQ
* The Jamroom Documentation

emdiamond · Posted: 11/20/11 18:39