PDA

View Full Version : Update Regarding the Spam Attack



Fiz
02-21-2014, 01:21 PM
As you may be aware, Weasyl recently was hit by a spam attack. We have worked to clean up the mess the spammer has left. Thanks for reporting the issue to us and being patient.

We ask that users do not 'reply' to spam attacks with their own submissions, as that may lead to further clean up from staff.

If you ever encounter spam on Weasyl, please report it to us as soon as possible by either using the report button, posting on our forums, @ing us on Twitter (https://twitter.com/Weasyl) or sending us an e-mail to support@weasyl.com.

Noxid
02-21-2014, 01:37 PM
Kemo for president

Really though, does anybody actually know what the deal was with that? I'm kind of curious now.

Fiz
02-21-2014, 01:44 PM
Update: Getting hit again, currently fighting against it.

RX-149Dragonite
02-21-2014, 02:14 PM
If you're talking about this https://www.weasyl.com/~vjubng7c I may have some explaination

Kemo (https://www.weasyl.com/~kemo) is being targeted by a user on the Rizon IRC server who is also known as "Bui" (if you do a whois of "Kemo" on Rizon you get [Kemo] (bui@bui.pm): Bui, since Bui likes to steal nicknames on Rizon he took Kemo's). This person has been behind several things including flooding the /vp/ board of 4chan with furry porn (it's against the rules there), actively attacking Rizon servers with DDoS attacks, flooding Rizon channels with bots which joins/parts within seconds, etc.

Regardless, just report any pictures and the profile as Fiz suggested.

EDIT: Clearing up the Bui/Kemo connection. Bui and Kemo are not the same person.

Fiz
02-21-2014, 02:24 PM
If you're talking about this https://www.weasyl.com/~vjubng7c I may have some explaination

The "~Kemo" who is being targeted is a user on the Rizon IRC server who is also known as "Bui" (if you do a whois of "Kemo" on Rizon you get [Kemo] (bui@bui.pm): Bui). This person has been behind several things including flooding the /vp/ board of 4chan with furry porn (it's against the rules there), actively attacking Rizon servers with DDoS attacks, flooding Rizon channels with bots which joins/parts within seconds, etc.

I wouldn't doubt it is actually Bui doing something like this to test one of their scripts to spam a site (he's done it before on FA as well, iirc), but it also could be an equally annoying script-kiddie who is fed up with him. Regardless, just report any pictures and the profile as Fiz suggested.

Interesting. Feel free to message me if you have an further information about that.

Further updates: Doing more cleanup.

Lady Jupiter
02-21-2014, 02:27 PM
If I could suggest something (I wouldn't know if this has already happened since I already have an account and have no desire to make a new one, but I feel it'd be good to suggest just in case), maybe staff should close off new user registration for the time being? It would stop the spammer from making new accounts, and will also allow some time to clean up and delete the accounts c:

Again, just a suggestion. If it's already been done, then that's wonderful.

Lupus
02-21-2014, 07:09 PM
Perhaps implementing CAPTCHAS might be a good idea.

But regardless, it's unfortunate admins are having to deal with this shit. I hope you can identify this cunt and block his arse. (or confirm it's the chap in question)

Fiz
02-21-2014, 07:23 PM
Perhaps implementing CAPTCHAS might be a good idea.


For what? We already have captchas on registration.

Update: Spams been cleaned up for some time. Please report further spam to us.

Lupus
02-21-2014, 07:44 PM
For what? We already have captchas on registration.

Oh, sorry, seems I forgot.

Then allow me to ask a question, do staff know how this muppet circumvented Weasyl security? Is a fix on the way or been implemented?

Fiz
02-21-2014, 08:10 PM
Oh, sorry, seems I forgot.

Then allow me to ask a question, do staff know how this muppet circumvented Weasyl security? Is a fix on the way or been implemented?

There was no security circumvention, was just someone signing up a shitload of accounts.

Struguri
02-21-2014, 08:43 PM
Oh, sorry, seems I forgot.

Then allow me to ask a question, do staff know how this muppet circumvented Weasyl security? Is a fix on the way or been implemented?

There wasn't really any security to be circumvented in a case like this. This is just one of those operational hazards that comes with running a website-- someone with enough determination to be irritating will find a way to do so. This isn't necessarily an issue of security insomuch as a social issue, really.

To break it down: imagine a store. Any store, really. In order for them to sell goods, people need to enter the store-- it's a functionality issue. If people didn't enter the store, well, no goods would be sold. In this instance, someone basically just walked into the store with an army of robots all yelling the same loud and annoying thing. The most you can do is either figure out a way to detect the robots-- which is simultaneously severely irritating as much as it is completely unrewarding of a task because it's unlikely to work-- or get rid of the robots as they arrive.

To continue the store analogy, it would be a security issue if these robots broke into the store while the store wasn't technically operating. Or, to analogize it in terms more apropos of a website, it would be a security issue if these robots broke into the store and stole data-- which they didn't do.

The long and short is that you're safe from security risks, but irritating people are a bit trickier of a problem to tackle. I hope this clarifies things. :)

Lupus
02-21-2014, 09:02 PM
Ah, ok, well I'll simply offer my condolences that you have to deal with this kind of crap. Thank you for your response.

Gamedog
02-21-2014, 09:29 PM
What exactly was the issue? I was asleep during the whole shebang. Was it just someone spamming pictures?

I'm asking so I can know what to report when I see it.

RX-149Dragonite
02-21-2014, 09:57 PM
Someone was posting the same picture with a derogatory message towards a user on it en masse. They used multiple spam bots to accomplish this. Basically look for pictures and accounts with random strings of letters and numbers.

However it seems to be over for now, but knowing the person who is behind this it'll be attempted again in some form.

Gamedog
02-21-2014, 10:16 PM
Ah, thank you! Will definitely keep an eye out.

shentino
02-22-2014, 06:24 PM
Any way of tracing this guy back to his ISP and getting his provider to shut him down? I've seen it work before. ISPs tend to get really pissy about spammers.

Nightpaws
02-22-2014, 09:39 PM
That really sucked. I missed the start of this due to an assignment I'd decided to do and struggled to figure out what was actually happening.

Now that I've got the gist (or a few different gists) of it, I'm glad you guys have it under control. Bet that was lovely to wake up to in the morning though.

RX-149Dragonite
02-22-2014, 09:41 PM
Any way of tracing this guy back to his ISP and getting his provider to shut him down? I've seen it work before. ISPs tend to get really pissy about spammers.

Probably not. This person tends to use proxies and VPSs to have multiple connections and IP addresses at their disposal, meaning any IP traced back won't actually be the personal IP they use, but the one the proxy or VPS uses.

billsc26
02-28-2014, 07:06 PM
Continuing the store analogy, you can't completely stop determined attackers but you can make it difficult enough that they won't bother with something like this.

Since most of these types of attacks happen with new accounts, why not simply time-limit what new accounts can do? I mean while it is possible that an account a few hours old is a super-popular artist who wants to upload all 2500 of their pics... it's not likely. Same with replies to posts, messages, etc. Maybe something like a sliding scale where posts, shouts, comments, etc. are pretty limited for some time and then get less limited over time? Becoming unlimited after some reasonable length of time.

Of course it might be easier to periodically clean up the mess than implement something like this, but it would discourage the "hey, I'm gonna go mess with Weasyl today" kind of attack.