skynet is becoming self aware
- Thread starter Yusunoha
- Start date
-
The FTB Forum is now read-only, and is here as an archive. To participate in our community discussions, please join our Discord! https://ftb.team/discord
Yes, apparently that's what happens when some folks are out and about and I'm actually playing the new D3 season ladder instead of playing forum whack-a-mole.
I sometimes come across a few bots, but this was just crazy
just how many bots do you bann every day?
Man I have reported so many bots lately its not even funny
Sent From Something That You Won't Care About Using Tapatalk 2
Sent From Something That You Won't Care About Using Tapatalk 2
Soooo many...
Anyway on the subject of self-aware, well I'll wait till me and qaz have proof a certain bot is...
I'm now posting in each thread as I report them... One word - "Reported", so that others know it's been done.
I just reported one with the title "Avoid these 3 supplement scams". It had the same nonsensical text with highlighted links as the rest, but the title indicates a rudimentary attempt at concealment.
I think the next step will be to analyze the forum under attack and devise post titles that aren't obviously out of place, like "New mod for Minecraft Nutritional Supplements!"
I just reported one with the title "Avoid these 3 supplement scams". It had the same nonsensical text with highlighted links as the rest, but the title indicates a rudimentary attempt at concealment.
I think the next step will be to analyze the forum under attack and devise post titles that aren't obviously out of place, like "New mod for Minecraft Nutritional Supplements!"
Pretty much from about 7pm to 2am Pacific time every day there's a new one posting something every 10 minutes or so. Sometimes more, sometimes less, but they tend to be pretty consistent on the timetable. Flipz, Law, Jaded and I play whack-a-mole with them usually as they go so you don't see them stack up quite like that, but last night was probably a perfect storm of sorts. When I logged in there were 10 reports and I opted to just comb all threads from my last login.
And for the folks replying to them, it isn't at all necessary. Multiple reports on the same post get collated into a single mega-Report, so if a lot of folks are reporting a specific thing we aren't getting spammed or anything by it. In fact I was considering maybe doing some screen shots of a day in the life of moderation here so folks could see how that works.
In fact I was considering maybe doing some screen shots of a day in the life of moderation here so folks could see how that works.
you could start a "Let's Moderate" series. I'd sub.
Pretty much from about 7pm to 2am Pacific time every day there's a new one posting something every 10 minutes or so. Sometimes more, sometimes less, but they tend to be pretty consistent on the timetable. Flipz, Law, Jaded and I play whack-a-mole with them usually as they go so you don't see them stack up quite like that, but last night was probably a perfect storm of sorts. When I logged in there were 10 reports and I opted to just comb all threads from my last login.
And for the folks replying to them, it isn't at all necessary. Multiple reports on the same post get collated into a single mega-Report, so if a lot of folks are reporting a specific thing we aren't getting spammed or anything by it. In fact I was considering maybe doing some screen shots of a day in the life of moderation here so folks could see how that works.
dang, that's pretty insane
I take it they're getting past a new acct captcha? Why not enforce a time constraint on new posts after a new account setup?
I think alot of captchas are being bypassed through turk. not some great program that can read them per se. humans. being used by the machine, wait, this isn't skynet, it's the matrix!
I find it so difficult to understand how these things raise any revenue whatsoever, and the rising level of roadblocks they are willing to overcome to continue with that first rule in affect. As in, are they truly making enough $ off of these things to counter the blocks people put on their sites using captcha or whatever? It's silly. Same with spam in general.
btw, I got this great deal on a thing that's supposed to lengthen my junk, please contact me at [email protected] if you can please help us save 100 million dollars for just 50 cents a day.
I think alot of captchas are being bypassed through turk. not some great program that can read them per se. humans. being used by the machine, wait, this isn't skynet, it's the matrix!
I find it so difficult to understand how these things raise any revenue whatsoever, and the rising level of roadblocks they are willing to overcome to continue with that first rule in affect. As in, are they truly making enough $ off of these things to counter the blocks people put on their sites using captcha or whatever? It's silly. Same with spam in general.
btw, I got this great deal on a thing that's supposed to lengthen my junk, please contact me at [email protected] if you can please help us save 100 million dollars for just 50 cents a day.
It depends on the goal of the "spammers"
Some spam sending you to phishing (password stealing) sites, also links can covertly install malware/badware if visited. There's always the possibility they are merely just trying to get ad clicks or whatever, but call me a pessimist, whenever I see a spambot my background makes me think they're up to the worst.
I know.. I feel the same. My field is infosec, pen testing, etc... so yeah. board certified pessimist here.
but the hit rate that they'd have to achieve to 'make money' versus what it costs them to run the system is a universal comparison to when something is worth doing or not and spam and phishing have always seemed to overreach those invisible lines for as long as I can remember. I recall a /. article about this a long time ago referencing some statistics stating that spammers would have to get one reply out of a couple million sent to make a profit which to me was ludicrous, but that was taking over insecure smtp servers and pretty innocuous stuff at the time. now? I think aws is being used alot more maybe using stolen credit cards or who knows what, and they get a ton of cpu/bandwidth for nothing and are able to do whatever. I still don't see where it pays off versus just being intrusive. I blame @trajing
Without hard data showing what people are getting scammed for and for how much, you can't do much about coming up with the intent on their end. And since getting scammed is such a personal attack, I'm sure that a majority of those incidents aren't even being published because the people being scammed are ashamed and would rather just move on. And I'm sure they bank on that as well.
We had multiple honeypots at the last place I worked since security was what the company did (not going into too much here). But, the stuff we'd find there was hysterical. Watching these people grind away at the fictitious goods, and when they realize they were being had, all the cussword created directories they'd leave, alot in cyrillic, were funny as hell showing that it's not just bots. That's when you really start seeing the amount of crap going on out there. My DSL gets probed about 100 times per hour on average. Cable modem twice that. Sometimes it's almost like a DOS attack. and very very random. Our T lines at work? 1/10th my dsl. That tells you who they're after. We ended up running honey pots at home with a side link forwarding the results back to work since we got so few with dedicated lines. We then analyzed them and incorporated attack patterns to our product. I still blame @trajing
I think an understanding of how this actually works may be in order. These spambots aren't enterprising scouts who have decided FTB is "the market" for them; the spambots are the result of a webcrawler script that pinged off the metadata on this site and went "oh, that's a XenForo install, throw the XF bots at them until we get a confirmed registration and then deploy that".
As for who is making money off this, note that the bots posting may not in fact belong to the snake oil salesman of the week, but to somebody who is renting them out for SEO (Search Engine Optimization) and link purposes. That's right, we've gotten meta enough that SEO snake oil is being sold to literal snake oil salesmen. Snake oilception, if you will. Our intrepid buddies with the black hats aren't actually giving a damn if the ads stay here, we're just part of a blanket list that's trying to fudge PageRank and other metrics by building a bajillion "organic" links. We're just collateral in a carpet bombing exercise; they aren't necessarily going for getting people on-forum to click the link so much as they're building the links and keywords on a bunch of sites overall, which is a big part of the game of SEO. Obviously somebody somewhere is making enough money to pay all of this down the chain, but I don't think the expenses are particularly onerous; this is the age of cloud computing and botnets, after all, and no doubt all manner of illegitimate "borrowing" deals with the "hard" costs.
You can tell these are SEO-centric bots because:
We do occasionally get an old school spambot here, though. Usually from India of all places (in my experience the SEO bots are Russian or Vietnamese in ultimate origin, but that's a matter of where I've bumped into them administrating forums elsewhere). Last wave of those we had was back in January or so, IIRC.
The best method to deal with the bots, as outlined, is to keep them out in the first place. That said, any given CAPTCHA or Q&A-type system generally has a shelf life of three to six months, so yes, they do penetrate. XenForo's 1.4 release, which is currently in RC and will probably be released in the next couple of weeks if not sooner, has a pretty nifty honeypot system to confound bots. Unfortunately I don't think we're going to see that update here as I think we're version-frozen pending the final word on going over to Cobalt in the future.
The next layer is to make them unable to post in the first place; keep in mind that the suggestion to put a wait period on making your first post is not really a functional one, as many of these bot runners will in fact implant a score of accounts and come back to them three or six months later to use them. One strategy I've found to be very effective is to put a post threshold on using URL and IMG tags (the bots log in, spam away at trying to post and never actually make the post because it fails), but alas, part of the purpose of this forum is in fact handling bug reports (which can involve pastebin links and screenshots), and our audience is young or not net-savvy enough to grok a rule like that (just the demographics, there's also a part of the membership that thinks the announcement threads are for posting about every damn thing they can think of instead of taking two seconds to scroll downward).
Expecting intelligence from the bots or their runners? Nah. Not worth the time investment. For giggles I once left a forum up with open registration for about 18 months; when I checked in on it it was chock-full of bots replying to each other and everything. Wasn't even logical because I'd wired nofollow into the URL tags (instructs the search engine spiders to not bother following the chain or scoring it), but again, intelligence isn't something to expect here, we're really just a sliver of collateral damage in the greater carpet bombing of the internet with this crap. =)
As for who is making money off this, note that the bots posting may not in fact belong to the snake oil salesman of the week, but to somebody who is renting them out for SEO (Search Engine Optimization) and link purposes. That's right, we've gotten meta enough that SEO snake oil is being sold to literal snake oil salesmen. Snake oilception, if you will. Our intrepid buddies with the black hats aren't actually giving a damn if the ads stay here, we're just part of a blanket list that's trying to fudge PageRank and other metrics by building a bajillion "organic" links. We're just collateral in a carpet bombing exercise; they aren't necessarily going for getting people on-forum to click the link so much as they're building the links and keywords on a bunch of sites overall, which is a big part of the game of SEO. Obviously somebody somewhere is making enough money to pay all of this down the chain, but I don't think the expenses are particularly onerous; this is the age of cloud computing and botnets, after all, and no doubt all manner of illegitimate "borrowing" deals with the "hard" costs.
You can tell these are SEO-centric bots because:
- They create multiple accounts and post across all of them rather than just mashing "New Thread" in rapid succession. Blanket "true" spam posting, where a single account or a couple accounts create posts as fast as the forum allows, is ineffective because the search engine weighing heuristics know enough to recognize this kind of spam when they see it and will penalize the links in these cases.
- They create new threads rather than reply to existing ones. This is because the thread title in most forum softwares use the H1 header tag, which is given weight in determining valid search terms. You do that when you're building up search terms that you'll best match in a search engine.
- The content reads like keyword bingo interspersed with conversational-looking text. Heuristics are "best guess" and "good enough" kinds of things, and the search engine bots know enough to ding walls of keywords; what they have a harder time of, though, is dealing with something that looks like an actual sentence, even if it is gibberish to a human reader. Neither the spambots nor the search engine bots are passing any Turing Tests here, but as one makes a better mousetrap the others work out better methods around it.
We do occasionally get an old school spambot here, though. Usually from India of all places (in my experience the SEO bots are Russian or Vietnamese in ultimate origin, but that's a matter of where I've bumped into them administrating forums elsewhere). Last wave of those we had was back in January or so, IIRC.
The best method to deal with the bots, as outlined, is to keep them out in the first place. That said, any given CAPTCHA or Q&A-type system generally has a shelf life of three to six months, so yes, they do penetrate. XenForo's 1.4 release, which is currently in RC and will probably be released in the next couple of weeks if not sooner, has a pretty nifty honeypot system to confound bots. Unfortunately I don't think we're going to see that update here as I think we're version-frozen pending the final word on going over to Cobalt in the future.
The next layer is to make them unable to post in the first place; keep in mind that the suggestion to put a wait period on making your first post is not really a functional one, as many of these bot runners will in fact implant a score of accounts and come back to them three or six months later to use them. One strategy I've found to be very effective is to put a post threshold on using URL and IMG tags (the bots log in, spam away at trying to post and never actually make the post because it fails), but alas, part of the purpose of this forum is in fact handling bug reports (which can involve pastebin links and screenshots), and our audience is young or not net-savvy enough to grok a rule like that (just the demographics, there's also a part of the membership that thinks the announcement threads are for posting about every damn thing they can think of instead of taking two seconds to scroll downward).
Expecting intelligence from the bots or their runners? Nah. Not worth the time investment. For giggles I once left a forum up with open registration for about 18 months; when I checked in on it it was chock-full of bots replying to each other and everything. Wasn't even logical because I'd wired nofollow into the URL tags (instructs the search engine spiders to not bother following the chain or scoring it), but again, intelligence isn't something to expect here, we're really just a sliver of collateral damage in the greater carpet bombing of the internet with this crap. =)
Heh, oh honeypots... I recall one in college that would bite back, lol. I'm more into WLAN/WAN myself. The last project I worked on was a couple years back, implementing a OpenBTS network, was fun but I had to leave before it was working.
But re: the spam, the way I see it, they must be making money somewhere or they wouldn't continue doing it.
But re: the spam, the way I see it, they must be making money somewhere or they wouldn't continue doing it.
Last edited:
The work you and others like you do is mostly unappreciated, but there are a lot of us that see behind the scenes and truly do appreciate the kind of dedication it takes to do this job. You summed it up quite nicely and yup, going to lock all my doors now. Feeling rather paranoid.
Is this spam? I can't tell!!!
It's got a typical link at the bottom but the sentence structure actually make sense!
Me so confussed...
Is this spam? I can't tell!!!
It's got a typical link at the bottom but the sentence structure actually make sense!
Me so confussed...
there's too many pharagraphs, it can't be a bot