Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19
  1.   This is the last staff post in this thread.   #11
    Retired Staff Struguri's Avatar
    Join Date
    Oct 2012
    Posts
    13
    Quote Originally Posted by Lupus View Post
    Oh, sorry, seems I forgot.

    Then allow me to ask a question, do staff know how this muppet circumvented Weasyl security? Is a fix on the way or been implemented?
    There wasn't really any security to be circumvented in a case like this. This is just one of those operational hazards that comes with running a website-- someone with enough determination to be irritating will find a way to do so. This isn't necessarily an issue of security insomuch as a social issue, really.

    To break it down: imagine a store. Any store, really. In order for them to sell goods, people need to enter the store-- it's a functionality issue. If people didn't enter the store, well, no goods would be sold. In this instance, someone basically just walked into the store with an army of robots all yelling the same loud and annoying thing. The most you can do is either figure out a way to detect the robots-- which is simultaneously severely irritating as much as it is completely unrewarding of a task because it's unlikely to work-- or get rid of the robots as they arrive.

    To continue the store analogy, it would be a security issue if these robots broke into the store while the store wasn't technically operating. Or, to analogize it in terms more apropos of a website, it would be a security issue if these robots broke into the store and stole data-- which they didn't do.

    The long and short is that you're safe from security risks, but irritating people are a bit trickier of a problem to tackle. I hope this clarifies things.

  2. #12
    Junior Lupus's Avatar
    Weasyl
    lupussle
    Join Date
    Feb 2014
    Location
    Geneva, Switzerland
    Posts
    14
    Ah, ok, well I'll simply offer my condolences that you have to deal with this kind of crap. Thank you for your response.

  3. #13
    Senior Gamedog's Avatar
    Weasyl
    Gamedog
    Join Date
    Jan 2014
    Location
    Москва
    Gender
    Male
    Posts
    843
    What exactly was the issue? I was asleep during the whole shebang. Was it just someone spamming pictures?

    I'm asking so I can know what to report when I see it.

  4. #14
    Someone was posting the same picture with a derogatory message towards a user on it en masse. They used multiple spam bots to accomplish this. Basically look for pictures and accounts with random strings of letters and numbers.

    However it seems to be over for now, but knowing the person who is behind this it'll be attempted again in some form.

  5. #15
    Senior Gamedog's Avatar
    Weasyl
    Gamedog
    Join Date
    Jan 2014
    Location
    Москва
    Gender
    Male
    Posts
    843
    Ah, thank you! Will definitely keep an eye out.

  6. #16
    Any way of tracing this guy back to his ISP and getting his provider to shut him down? I've seen it work before. ISPs tend to get really pissy about spammers.

  7. #17
    That really sucked. I missed the start of this due to an assignment I'd decided to do and struggled to figure out what was actually happening.

    Now that I've got the gist (or a few different gists) of it, I'm glad you guys have it under control. Bet that was lovely to wake up to in the morning though.

  8. #18
    Quote Originally Posted by shentino View Post
    Any way of tracing this guy back to his ISP and getting his provider to shut him down? I've seen it work before. ISPs tend to get really pissy about spammers.
    Probably not. This person tends to use proxies and VPSs to have multiple connections and IP addresses at their disposal, meaning any IP traced back won't actually be the personal IP they use, but the one the proxy or VPS uses.

  9. #19
    Continuing the store analogy, you can't completely stop determined attackers but you can make it difficult enough that they won't bother with something like this.

    Since most of these types of attacks happen with new accounts, why not simply time-limit what new accounts can do? I mean while it is possible that an account a few hours old is a super-popular artist who wants to upload all 2500 of their pics... it's not likely. Same with replies to posts, messages, etc. Maybe something like a sliding scale where posts, shouts, comments, etc. are pretty limited for some time and then get less limited over time? Becoming unlimited after some reasonable length of time.

    Of course it might be easier to periodically clean up the mess than implement something like this, but it would discourage the "hey, I'm gonna go mess with Weasyl today" kind of attack.

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •