Spam attack

Forum rules, site updates and general news.
Post Reply
User avatar
Xen
Bear with me
Bear with me
Posts: 1442
Joined: Sat Sep 08, 2012 1:19 am

Spam attack

Post by Xen » Mon Dec 15, 2014 6:53 pm

After 2 years of pretty much no spam we got whacked big time on Sunday. None got through the second tier of spam countermeasures (new member post approval), so only the admins got to see the 200+ posts. However, you probably did notice the 300+ members that joined since Sunday.

It seems the spam registration countermeasures failed completely and by the looks of things at http://www.phpbb.com they've been busy dealing with a major attack. They claim it didn't affect any external sites, but it seems to be a tad coincidental with their latest upgrade alert.
PHPBB.com wrote: Downtime

(Update #2) On Sunday Dec. 14th, several of the web servers powering phpBB.com were compromised. Upon discovering the ongoing attack, we immediately took our network offline to perform a thorough investigation, which is continuing.

At this time, we would like to ask everyone to follow basic security protocol. If you were using your phpbb.com or area51.phpBB.com passwords anywhere else, please change them to unique ones.

Your personal phpBB Forums are NOT affected by the compromise of our servers.

We will be rebuilding our systems from the ground up and verifying the integrity of all data prior to coming back online. This process will likely take several days.

Further updates will be posted here when we have additional information.
Please note that until I can sort out the first tier spam countermeasures I have disabled registrations. If you're a legit fan please e-mail me contact AT allscaletrek.com with a username and email and I'll set it up for you. There's also the small matter of nuking all spam accounts. If you see anything that actually got through, please let me know.

Enjoy your spam-free AST. :vulcan:

User avatar
Del
Starship Engineer
Starship Engineer
Posts: 2075
Joined: Mon Oct 08, 2012 7:37 pm
Location: Lawton, Oklahoma
Contact:

Re: Spam attack

Post by Del » Mon Dec 15, 2014 7:28 pm

Any way to identify the real members from the spam, or will it be a delete the obvious, and a wait and see thing for the questionable ones?
Multi-Verse Models - http://www.mvmodels.biz or find me on Facebook
Producing kits previously sold thru Ravenstar, Novahobbies, Fantastic Plastic, NorthTrek Creations, and more!

User avatar
Xen
Bear with me
Bear with me
Posts: 1442
Joined: Sat Sep 08, 2012 1:19 am

Re: Spam attack

Post by Xen » Mon Dec 15, 2014 7:52 pm

I'm manually nuking the accounts as they post for the time being, blocking obvious spam email sites. The rest will be done via the DB. It's important (to me at least) that all of our 400+ members are actual Trek fans and not spammers.

My main concern is getting the first tier countermeasures working again. Until PHPBB is back up I won't really know the best course of action. Upgrading to a new buggy version or something easier.

I was curious if our SW cousins were troubled by this attack over at Keeper of the Force. By the looks of things they seem unscathed.

User avatar
Del
Starship Engineer
Starship Engineer
Posts: 2075
Joined: Mon Oct 08, 2012 7:37 pm
Location: Lawton, Oklahoma
Contact:

Re: Spam attack

Post by Del » Mon Dec 15, 2014 8:14 pm

There are periodic moments when the spam gets stupid at KotF, but for now it seems okay.
Multi-Verse Models - http://www.mvmodels.biz or find me on Facebook
Producing kits previously sold thru Ravenstar, Novahobbies, Fantastic Plastic, NorthTrek Creations, and more!

zookman
Crafty Commodore
Crafty Commodore
Posts: 1480
Joined: Fri Nov 09, 2012 2:29 am

Re: Spam attack

Post by zookman » Mon Dec 15, 2014 8:18 pm

i thought i seen an awefull lot of same names on last night or afternoon .. william such and such like 5-6 times plus a bunch i didnt recognise ...

User avatar
Moongrim
Fatidical Fleet Admiral (CW)
Fatidical Fleet Admiral (CW)
Posts: 4943
Joined: Tue Mar 12, 2013 9:36 pm
Location: West of Eugene Oregon.

Re: Spam attack

Post by Moongrim » Sun Dec 21, 2014 4:58 pm

Spammers and the Borg.
There are Times, Sir, when men of good Conscience cannot blindly follow orders. You acknowledge their sentience, but ignore their personal liberties and freedoms. Order a man to hand over his child to the state? Not while I"m captain.
- J.L.Picard.

User avatar
Tesral
Bear with me
Bear with me
Posts: 3301
Joined: Tue Dec 18, 2012 12:58 pm
Location: Dearborn, Mi -- at my desk.
Contact:

Re: Spam attack

Post by Tesral » Mon Dec 22, 2014 3:55 am

Moongrim wrote:Spammers and the Borg.
Resistance is ohmes, you will be ass laminated.
Garry AKA --Phoenix-- Rising above the Flames.
"I saw it done on Voyager" is no excuse for anything, even breathing.

User avatar
Xen
Bear with me
Bear with me
Posts: 1442
Joined: Sat Sep 08, 2012 1:19 am

Re: Spam attack

Post by Xen » Tue Dec 23, 2014 6:44 am

PHPBB.com wrote: Update #4 22-12-2014

We have concluded our investigation and are actively working on bringing services back online.

We verified the integrity of all data on the machines, which took a considerable amount of work and time. The backend infrastructure has likewise been improved so things should be running better than ever.

Apologies for the long downtime. We expect this to be completed within 24-48 hours.
Hopefully we'll get some proper answers as to what happened when the PHPBB forum is back up.

I've just nuked the last 200 spam bot members. That was quite therapeutic. :twisted:

User avatar
el gato
Fatidical Fleet Admiral
Fatidical Fleet Admiral
Posts: 5925
Joined: Thu Apr 04, 2013 8:41 pm
Location: In a land whose boundaries are that of imagination

Re: Spam attack

Post by el gato » Tue Jan 06, 2015 12:50 am

Xen wrote:It seems the spam registration countermeasures failed completely and by the looks of things at http://www.phpbb.com they've been busy dealing with a major attack. They claim it didn't affect any external sites, but it seems to be a tad coincidental with their latest upgrade alert.
PHPBB.com wrote: Downtime

(Update #2) On Sunday Dec. 14th, several of the web servers powering phpBB.com were compromised. Upon discovering the ongoing attack, we immediately took our network offline to perform a thorough investigation, which is continuing.

At this time, we would like to ask everyone to follow basic security protocol. If you were using your phpbb.com or area51.phpBB.com passwords anywhere else, please change them to unique ones.

Your personal phpBB Forums are NOT affected by the compromise of our servers.

We will be rebuilding our systems from the ground up and verifying the integrity of all data prior to coming back online. This process will likely take several days.

Further updates will be posted here when we have additional information.
In essence: "Nothing to see here. Move along..."

Thank you for all that you do to keep this place running, Xen
RogueWolf wrote:I've sacrificed many dozens (maybe even hundreds) of gummy bears to the dark modeling gods to grant me my wish... but I fear my offerings only amuse them, not appease them.

User avatar
Xen
Bear with me
Bear with me
Posts: 1442
Joined: Sat Sep 08, 2012 1:19 am

Re: Spam attack

Post by Xen » Fri Jan 09, 2015 4:01 pm

It's a pleasure El Gato! :) Apparently the attack on PHPBB.com and external boards getting blitzed by spam the same time was merely coincidental (I'mnotconvincedbutwhatever).

The spambot Q&A list has been updated, so my 2 year, rock solid, spam-proof questions were cracked (type x backwards, add some special characters).

However, in an attempt to make AST spam-proof again I fear I've made the new Q&A's too hard. I don't want to post them here, but if any of you have a spare 5 minutes, either log out and check out the three questions yourself or PM me and I'll provide them for your 2c.

Post Reply

Return to “Important”