hello and can you please change your captcha on the registration ....

[DrKK]

The part about the whole spamming thing that to me is quite the interesting part, is that even though human labor is cheap, it's not free. Therefore, in order for forum spamming to be something that anyone does for any price (once you modulate out for cybergraffiti for its own sake), it must be profitable to do so. Somehow, spamming our forum with 200 Korean language spams is profitable. What is the mechanism by which it is profitable? Forget korean language, let's say they spam the forum with Viagra ads or what not in English. Surely, anyone in a forum like this (FreeNAS) is not about to click pharmaceutical spam. Literally, there is no profit surface. What, exactly, is the mechanism by which this kind of bullshit justifies the expense (no matter how modest) of the spammer? There must be some much, much bigger prize than the quasi-products the spammers spam about.

I mean, if the goal is some kind of phish, botnet install, or something, SURELY you can get ***MUCH*** better bang for your time by targeting some gamer forum, or some sewing circle, or church. Not a high-tech BSD-based NAS appliance forum. I mean seriously.

 

[jgreco]

I suspect that this website is rated by search engines as above-average value. Perhaps something about having your content linked to from here.

On the other hand, do remember that some people are just stupid.

 

[Ericloewe]

What's odd is that there were several different messages that seemed to lead to different sites. Of course, they might all be the same thing in the end.

Regarding search engines - that possibility makes some sense, but I can't see the average attack lasting long enough for search engines to actually pick it up, especially not on a popular tech forum.

The part about the whole spamming thing that to me is quite the interesting part, is that even though human labor is cheap, it's not free. Therefore, in order for forum spamming to be something that anyone does for any price (once you modulate out for cybergraffiti for its own sake), it must be profitable to do so. Somehow, spamming our forum with 200 Korean language spams is profitable. What is the mechanism by which it is profitable? Forget korean language, let's say they spam the forum with Viagra ads or what not in English. Surely, anyone in a forum like this (FreeNAS) is not about to click pharmaceutical spam. Literally, there is no profit surface. What, exactly, is the mechanism by which this kind of bullshit justifies the expense (no matter how modest) of the spammer? There must be some much, much bigger prize than the quasi-products the spammers spam about.

I mean, if the goal is some kind of phish, botnet install, or something, SURELY you can get ***MUCH*** better bang for your time by targeting some gamer forum, or some sewing circle, or church. Not a high-tech BSD-based NAS appliance forum. I mean seriously.

The forged official documents spam that appears from time to time is especially weird. You'd think that people looking for such things all use Tor and whatever-the-new-silk-road-is and nobody just impulsively goes "OOH! Fake IDs!" while reading up on Hardware Recommendations.

 

[Robert Trevellyan]

What's odd is that there were several different messages that seemed to lead to different sites. Of course, they might all be the same thing in the end ... nobody just impulsively goes "OOH! Fake IDs!" while reading up on Hardware Recommendations.

You must have received those bogus emails claiming to come from someone you know that say "have you seen this" with a link to some random blog. The person naive enough to click the link in that email is naive enough to click a link at the destination. So, in this scenario, this forum is just a hosting platform.

 

[Apollo]

The only captcha I remember is being asked what the third letter of the alphabet is.

Answer is c, by the way, not e.

Should it be P? AL-P-HABET Just being silly here.

 

[Apollo]

Exactly my point. At first, it looked like a single account with a hundredish posts. Then I realized there were several accounts.

Getting people to invest an extra minute into the sign up process for the forums seems like a rather good idea.

Just ask Cyberjock to have all the forums sent to is e-mail account, this way he can flush the entire thing. Hold on, where is this idea coming from?? Ha yes, something about every minute e-mail reminder about replication failure. Just being sarcastic.
Sometimes I feel like answering the "Are you a robot" question with a big yes.

 

[jgreco]

The part about the whole spamming thing that to me is quite the interesting part, is that even though human labor is cheap, it's not free. Therefore, in order for forum spamming to be something that anyone does for any price (once you modulate out for cybergraffiti for its own sake), it must be profitable to do so. Somehow, spamming our forum with 200 Korean language spams is profitable. What is the mechanism by which it is profitable? Forget korean language, let's say they spam the forum with Viagra ads or what not in English. Surely, anyone in a forum like this (FreeNAS) is not about to click pharmaceutical spam. Literally, there is no profit surface.

In the old days, and I have to assume even now, a lot of e-mail spam was probing in nature, to help identify potential victims who could later be infected. If you can infect someone's computer, then you've just created a botnet node. This was largely possible due to the idiots at Microsoft and Mozilla who decided that HTML was the perfect way to "improve" e-mail. So you would sometimes see a short probing mail that had specific custom URL's in it to get ahold of stuff like the referer, followed by a more specialized message to take advantage of common holes in the user's platform.

These days, the forumware isn't likely to render random HTML but it does still allow things like online images, which are not totally immune to browser based attacks. As for the cost, spam isn't ususally sent by people. Here, I'm reasonably sure that only the captcha was busted by a human before handing it over to forum spamware. Minimal investment in time. Computing power and network connectivity are so cheap as to be effectively free. So the flip side of the coin is that it doesn't even need to be competently done, even if it is just for advertising.

What's odd is that there were several different messages that seemed to lead to different sites. Of course, they might all be the same thing in the end.

Regarding search engines - that possibility makes some sense, but I can't see the average attack lasting long enough for search engines to actually pick it up, especially not on a popular tech forum.

On a Saturday morning? How many of these things are company-supported and won't have anyone looking at it until Monday morning? @dlavigne was here pretty quickly under adverse circumstances (not my place to explain that) and I suspect would have eventually persevered, but she was up against me on a very fast wire and in a very foul mood making things go away at a very high speed. But how many forums are there where it would have been sitting there for two days? Or more? Because, come on, we've all seen largely-ignored forums where crap is just never dealt with.

The forged official documents spam that appears from time to time is especially weird. You'd think that people looking for such things all use Tor and whatever-the-new-silk-road-is and nobody just impulsively goes "OOH! Fake IDs!" while reading up on Hardware Recommendations.

Hard to know. The cheapness of it all is the problem. Invest ten minutes creating a few dozen accounts and hand them off to your bots. Off to the races, alongside fifty other forums you're doing the same thing to.

 

[Ericloewe]

Oh, great, this again...

 

[gpsguy]

Yes and why can't they learn that it'll be deleted ASAP

 

[Ericloewe]

Yes and why can't they learn that it'll be deleted ASAP

This time, I took a few seconds to google translate it. It seems they're definitely doing it to try to promote their #/("%&$%$*#%$&$#%! [Redacted] website on search engines, since the body is just a short, apparently gibberish passage repeated over and over again. From what I can tell, Google indexes the threads giving more importance to the thread title (I assume Bing is similar).

 

[jgreco]

Sorry, guys, I missed an account. I don't have access to view the user database in a table form so I've been iterating through user numbers looking for the baddies. There'll be more. And I will feed them to the wood chipper just as eagerly.

I can delete posts a hell of a lot faster than they can post them, so it's a losing battle for them. And I have decades of pissed-off sysadmin experience, on a scale of 1...10 this barely rates a point-5

 

[jgreco]

That smell of burning bits in the air is another round of spammer accounts and threads gone.

 

[Ericloewe]

That smell of burning bits in the air is another round of spammer accounts and threads gone.

They were at it *again*?

 

[anodos]

That smell of burning bits in the air is another round of spammer accounts and threads gone.

Smells like victory.

Feel bad for you though. Perhaps it's getting to be time to switch forum software?

Not to throw anyone under the bus, but suppose I've heard jkh doesn't like the forums and pays interns from North Korea with wax fruit and pictures of cyberjock's mom to spam the them.

 

[jgreco]

They were at it *again*?

Yup, and I blew away two accounts in the midst of creation this morning too. The problem is that it sucks to disable instant registration, because then people who have FreeNAS problems are frustrated by the forumware and the lag time for someone to approve their account. But even with manual approval, spammers can manage to look halfway reasonable and create accounts which are then used days or weeks later for spamming.

 

[jgreco]

Smells like victory.

More like stalemate. It's the old sysadmin thing. It takes users relatively long to find crap to fill their home directories with. It takes the sysadmin a moment to close their account and rm -fr it.

Feel bad for you though. Perhaps it's getting to be time to switch forum software?

Not to throw anyone under the bus, but suppose I've heard jkh doesn't like the forums and pays interns from North Korea with wax fruit and pictures of cyberjock's mom to spam the them.

Back when jkh came on at iXsystems, there was a bunch of us that probably would have preferred returning to vBulletin, and he suggested that we should have a bake-off. He kept promising to get us the vBulletin license that iX had already paid for but never came through on that.

I don't feel suuuuuper strongly one way or another about the forum software, except to the extent that I keep losing admin bits, or get locked out, or find that the spam cleaning capabilities are poor at best, etc., with XenForo. But we did have @HolyK and ... someone else IIRC ... who were real fans of the vBulletin approach and would likely have been able to help us bring up a decent environment.

From my point of view, there's been a lot of weirdness on the part of iX where they don't really want to invest the time to actually fix problems. There might be good reasons but I don't hear them.

 

[gpsguy]

More spam this morning ...

 

[jgreco]

Thanks, started spamming while I was actually enjoying participating in the forums. I usually only notice if I hit "New Posts" ...

What a moron, spamming "Performance." Please do feel free to ping here if you see spammish activity.

 

[gpsguy]

Me too. Thanks for cleaning it up, once again.

I usually only notice if I hit "New Posts" ...

 

[jgreco]

I actually have a pretty good idea of how to identify spammish user accounts but it is a fair bit of manual work, and I also have other things I need to get done, and I'm not paid (hell I'm technically a conscript), so the pragmatic thing is just to tolerate a little of this now and then. Do note that I have tapatalk showing alerts on my phone so I can often be handling this sort of thing rather quickly if you post in this thread.