One of the problems with having a site that is popular, is that you suddenly become a target for attack by various entities, both subtle and direct. Last night, the direct attacks started. For those of you not into the ‘security’ side of the web, the following may seem jibberish to you, but I’ll try to explain it as best I can.

We’re now the target of an ongoing ‘injection’ attack, and it looks like spammers. Basically, an injection attack is when some unscroupulous jerk fills forms with certain kinds of garbage, and submits them, hoping to find security holes in them. They’re targeting the new-user system, and the articles section right now. I’ve put a couple tracking patches in, to identify and deny these idiots, and there shouldnt be any kind of site slowdown because of it.

Hi Bob,

Yes, aren’t those “clowns” delightful?

It got to be interesting enough on the RhB Forum that I changed the sign-up procedure for the English section and closed down the German section.
Time will tell if that solves the problem.

When explaining email and browser use to users here at my office I’ve often used the analogy that the Internet is a sewer. You’d better be wearing heavy boots and still be cautious of where you step. It seems that alligators have been breeding in this sewer and will now jump up and bite you in the arse no matter how careful you try to be.

We recently suffered an NDR attack on our mail server that took our email system two days to recover from.

Bachmann and Aristo sites have both been plagued with Spam. MLS had to implement tighter security to keep the spammers at bay. No doubt this crap will show it’s ugly head here as well.

One of the best defense for form attacks that I have seen is the graphic of random letters that the user must enter in the form. The graphic is designed to be difficult or impossible for OCR to read keeping the robot attacks at bay. Of course any form submitted without matching the ‘code’ is discarded with no processing.

Bob - I’ll guess you will find that the IP of these attackers is rarely the same as the previous attempt. These guys are very adept at using multiple proxies to hide their true IP. They also exploit innocent users by running these jobs from compromised computers.

I’m sorry you have to deal with this. Best of luck.

JR

I have a retirement job all lined up!

If someone…anyone, can get me an identity or location for these scumbags I have 6 acres of grove that could use fertilizer!

Long range or up close and personal…if I ever find out who even one of these guys is he won’t be around to do it again!

And YES!!! that IS a threat!!
Andre’

Bob ,
I am very sorry to hear of this , it is one of the things that we forget when we blithely log on to the site , taking things for granted .
What , if anything , can any of us do to help ? I am sure that nobody on the site wants to see it in trouble , and I would accept quite happily any form of defence which may slow the site down ,as long as the site keeps going .
After all , we aren’t all in a rush when we come here , are we ?
Best of luck , mate .
Mike

Please be careful, Andre. some overzealous gendarm may decide to take you s*riously. Please don’t answer that you are.

Steve,

But I AM an overzealous gendarme!! hehehehe