Define Cynical Fan Forums

This afternoon, we were attacked by a spammer. Some of you who were there to alert me and Jack Ravendawn obviously already know abou this. Unfortunately, in order to isolate the spammer's efforts to new topics instead of existing ones, we had to lock them down until an administrator can clear this up more completely.

I apologize for the inconvenience. In the meantime, please do not create new topics based on the locked ones; this board does not support merging them, and it will only make a bigger mess. I will happily unlock certain topics for members if you can forward the request, but be warned we may have to lock them back up if there is another attack.

EDIT: *changes topic title*
Jack Ravendawn and I had since unlocked the other topics for normal operation, and things should be working almost normally for now. If you see any further attacks on the forum, please contact a member of staff right away.

Do we have the capability to ban IPs?

Another thing that works, though I don't know if it's possible with PHPBB is to allow only members to post, and require that an admin approve every regestration request. However, this would of course have to be done by an admin.

Do we have the capability to ban IPs?

I believe we do, yes.

Another thing that works, though I don't know if it's possible with PHPBB is to allow only members to post, and require that an admin approve every regestration request. However, this would of course have to be done by an admin.

Hmm.. something to keep in mind.

I prefer to have as few required hoops as possible for registering, which is why I scrapped the image verification program a while ago. I think it makes the site seem more welcoming. I'll consider a temporary solution if this happens again, but I'd still revert to the current setup afterward.

And I'm doubtful of the effectiveness or need for an IP ban, (though it probably couldn't hurt). Loeln mentioned there is a website online with a topic about invading DC. So if it does happen again there's a good chance it won't be the same person.

I'll just assume for now that this won't become a bigger problem. If it does escalate, well, I'll think about it when it does. Don't worry about it you guys.

Just checked that site out. Seems like a bunch of people with serious tolerance problems, no life and waaaaay too much time on their hands, lol... But I believe we've had the last of it, 'cause the topic mentioning DC has been drowned to the bottom of the page.

Just keep the registration as it is. It would help to have a backup admin, but we're really not being spammed up a lot as it is. Not at least compared to some other places I visit. We should consider ourselves lucky.

it wasn't that big, just a troll posting an anti-DCS picture like fifty times and then making me lose track of which threads got actual content-posts added to them and which were just trolled

it wasn't that big, just a troll posting an anti-DCS picture like fifty times and then making me lose track of which threads got actual content-posts added to them and which were just trolled

Thank you for not being like everyone else and thinking it was like this huge big deal.

Thanks to the mods for enduring it though. Bang-up job guys.

Loeln mentioned there is a website online with a topic about invading DC. So if it does happen again there's a good chance it won't be the same person.

Oh freakin' great. I think I know which website too...those *****. If it is the site I think it is, I definitely suggest implementing my above idea of requiring admin verification.

Oh freakin' great. I think I know which website too...those *****. If it is the site I think it is, I definitely suggest implementing my above idea of requiring admin verification.

I think it may be open for consideration, but not likely. It means a lot more work for admins with little potential gain.

A malicious infiltration cannot be stopped by such verification means unless it was possible for admins to determine the character of a registering forum member. At best, it will only stop automated signups that put what they are spamming in the registration application, which are easy to clean up after the fact. IP addresses and email addresses can change, spammers can change their tactics, and anyone determined enough can gain member access. Because IP addresses can be dynamic (see DHCP), we cannot keep a permanent filter because it may block a valid user when he/she ends up with that IP. Because valid users use free email accounts from sites like Hotmail, Yahoo Mail, Gmail, and personal mailboxes, we also cannot block membership based on the use of email addresses made from those sites. Blocking one address does not prevent a spammer from trying another one. Email addresses do not exclusively identify anyone. There is no one-to-one mapping available for us to determine identities online. Even if there was, it does not protect us from attacks by multiple different individuals.

How then does an admin determine which registrants are malicious and which are not? If you have a solution for that, I and everyone in the security industry would love to know.

It wasn't too bad, at least me and Tavis were able to delete the posts almost as soon as they were created. But what he did isn't excuseable and it's a little carefree to label it as a slight matter.

I think some people (especially on iRC) over-reacted to the situation really as there wasn't much we could do to stop it as thats up to the mods and admins (who I think did a good job btw ^^), still I found it kindda funny (not the spam but peoples reactions to it) but then I find most kinds of e-drama funny

Still, doubt it'll happen again for a while as the people who did it have probably had their fun now and are bored of it and will move onto the next place on their lists.

Find em, catch em, beat em.

Either that, or tell me where the oddhead lives and he'll get a Cheshire Donut on his front lawn.

How then does an admin determine which registrants are malicious and which are not? If you have a solution for that, I and everyone in the security industry would love to know.

Yes, yet the tactics used by that certain group of people is that of "mindless horde"; numerous people all sign up with various meme related names and spam a site at once, until either overloading the server or the admins take the forum offline. If you notice multiple accounts beginning to spam at once, it'd most likely be a good idea to implement the admin verification feature for maybe a day or so. That way, you block the majority of the horde from entering and alienate as few actual registering members as possible.

Also, if you let a spammer through, you may discover their email, IP etc. I know it isn't foolproof, but it is definitely a deterrent. I ran the forums for a gaming clan once, and we had an attack of spammers. Putting this in place stopped the attacks because the spammers couldn't be bothered to wait for me to approve their regestration.