Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Mail Bombing Attack

By kraant in News
Mon Jul 24, 2000 at 09:27:38 AM EST
Tags: Kuro5hin.org (all tags)
Kuro5hin.org

As some of the more obsessive readers will Have noticed, there has just been a spate of garbage articles clogging up the queue. IP Subnets are being blackholed and admins are being informed.

so meanwhile sit tight, grab some popcorn, vote every garbage article you see down -1 and pity the poor fucker who kept Inoshiro up late at night to deal with this

[editor's note, by rusty] Ok, we've added some security measures to prevent this, hopefully. I'd like to just add a special message for the spammer that we will find you, and we will make your life very unpleasant. Sleep tight! :-)

This has been a public service announcement from the Star Chamber AKA #kuro5hin :)


Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Kuro5hin
o Also by kraant


Display: Sort:
Mail Bombing Attack | 24 comments (20 topical, 4 editorial, 0 hidden)
.. (2.70 / 6) (#5)
by sakico on Mon Jul 24, 2000 at 10:30:03 AM EST

You will make the spammer's life unpleasant...

Not that I'm protesting, but on exactly what grounds are you allowed to do this?

Re: .. (3.00 / 1) (#6)
by mattc on Mon Jul 24, 2000 at 10:45:24 AM EST

Because the spammer made their lives unpleasant...

[ Parent ]
Let's all make each others' lives unpleasant. (4.50 / 2) (#7)
by marlowe on Mon Jul 24, 2000 at 11:04:19 AM EST

Then we can all be unhappy together.

Seriously though, I think a better avenue of approach would be to view this as a technical problem. That worked for the original ping of death, didn't it? It's not like you're running an open server. You've got authentication. Leverage it as a filtering mechanism. I think you need to:

1) Defeat automated creation of countless accounts, maybe by enforcing a delay or a per-hour quota on account creation.

2) Prevent any one account from spamming, by enforcing a posting quota on each account.

You can't get everyone to agree to do what's right and not do what's wrong, or even on precisely what constitutes right and wrong. Human nature gets in the way. But if you can make something unfeasible, then the question of right and wrong becomes moot.


-- The Americans are the Jews of the 21st century. Only we won't go as quietly to the gas chambers. --
[ Parent ]
Technical solutions don't work... (4.00 / 5) (#8)
by Carnage4Life on Mon Jul 24, 2000 at 11:15:04 AM EST

Slashdot has shown that technical solutions don't work. I've downloaded slashcode and there are so many hacks that have been coded in simply to defeat spammers that its ridiculous and still they get spammed, trolled and DDoSed everyday.

Creating technical challenges just makes it a coding problem that they have to solve, in effect playing their game. Checkout this account on slashdot that was probably used to attack via this script or this one.

[ Parent ]
Re: Technical solutions don't work... (4.80 / 5) (#12)
by rusty on Mon Jul 24, 2000 at 12:46:01 PM EST

I agree with you, to an extent. In part it is a technical question: "How can we stop this attack that is going on right now?", and that was solved technically. But I totally agree with you that slashdot has demonstrated that it is simply not a problem that can be fully solved technically. Think about it this way-- an attack like the one last night is the computer equivalent of breaking a car's window to prove it's glass. Of course it'll break. Everyone knows it will. But there are real advantages to making car windows out of glass, and just because random vandals can go around breaking them doesn't mean we ought to stop. Same thing here-- we can add all the hacks and workarounds we want, but an open queue is an open queue. This will always be possible.

So, we will apply what we like to call "the Law" to the problem. That's what it's for, after all. When I say "make this spammer's life unpleasant", I mean track him down, get his ISP account cancelled, and basically whatever else we can do to demonstrate that this is not the way to make friends online.

____
Not the real rusty
[ Parent ]

Wrong Spamming Accounts (5.00 / 1) (#14)
by Anonymous Hero on Mon Jul 24, 2000 at 01:48:43 PM EST

Oops I displayed the wrong account that the script uses. It's Magenta Syringe

--
Carnage4Life

[ Parent ]
35 posts in 4 hours? (1.00 / 1) (#18)
by marlowe on Mon Jul 24, 2000 at 05:01:12 PM EST

Maybe they should try a more stringent restriction. A legitimate and sane poster wouldn't get anywhere near that limit, would he? A hothead in a flame war might make it up that far. But if we filter out the hotheads along with the spammers, that's no great loss.

I just checked, and I've got 25 posts in about 6 1/2 days. If I were really involved, I guess I might do four times my current rate. That would be about 2-3 posts in an average four-hour period. Allow for spikes, and I could do maybe 15 in four hours. But only if I were in an unhelpful frame of mind. In which case I'd rather be blocked now than have regrets later.

I just can't let go of the idea this easily. I understand Slshdor tried, and it didn't work for them. But there's still the ping of death story.

This sort of approach can work. It's just a matter of, well, I don't know. Doing it intelligently? Dumb luck? A combination of both?

If Slashdot's code is that badly hacked up, maybe you should look at it from the paradigm of Book's second system notion. Learn from its mistakes and its successes (if any), and implement from scratch.

-- The Americans are the Jews of the 21st century. Only we won't go as quietly to the gas chambers. --
[ Parent ]
35 posts in 4 hours? (4.00 / 1) (#19)
by marlowe on Mon Jul 24, 2000 at 05:01:17 PM EST

Maybe they should try a more stringent restriction. A legitimate and sane poster wouldn't get anywhere near that limit, would he? A hothead in a flame war might make it up that far. But if we filter out the hotheads along with the spammers, that's no great loss.

I just checked, and I've got 25 posts in about 6 1/2 days. If I were really involved, I guess I might do four times my current rate. That would be about 2-3 posts in an average four-hour period. Allow for spikes, and I could do maybe 15 in four hours. But only if I were in an unhelpful frame of mind. In which case I'd rather be blocked now than have regrets later.

I just can't let go of the idea this easily. I understand Slshdor tried, and it didn't work for them. But there's still the ping of death story.

This sort of approach can work. It's just a matter of, well, I don't know. Doing it intelligently? Dumb luck? A combination of both?

If Slashdot's code is that badly hacked up, maybe you should look at it from the paradigm of Book's second system notion. Learn from its mistakes and its successes (if any), and implement from scratch.

-- The Americans are the Jews of the 21st century. Only we won't go as quietly to the gas chambers. --
[ Parent ]
Dammit, that wasn't on purpose. (none / 0) (#20)
by marlowe on Mon Jul 24, 2000 at 05:02:18 PM EST

Swear to gawd it wan't.
-- The Americans are the Jews of the 21st century. Only we won't go as quietly to the gas chambers. --
[ Parent ]
Possible justifications. (4.00 / 1) (#10)
by Christopher Thomas on Mon Jul 24, 2000 at 11:45:06 AM EST

You will make the spammer's life unpleasant...
Not that I'm protesting, but on exactly what grounds are you allowed to do this?


The most obvious answer is "because this is a privately owned site and they have the right to prosecute those who abuse their resources or violate their acceptable use policy".

You might also be able to make an argument for spamming being a form of harrassment of whoever has to deal with it (in this case, the admins).

Now, the slashdot admins would get flamed into the ground if they tried to IP ban anyone, but kuro5hin isn't big enough for that kind of accusation to stick... yet...

[ Parent ]
Re: Possible justifications. (4.30 / 3) (#11)
by hurstdog on Mon Jul 24, 2000 at 12:12:16 PM EST

Now, the slashdot admins would get flamed into the ground if they tried to IP ban anyone, but kuro5hin isn't big enough for that kind of accusation to stick... yet...

Now kuro5hin hides nothing when they say they will delete comments and ban users who spam more than once. I think if its a random script spamming the story pool its a good idea to block the ip. Why should the readers have to deal with 50 stories that are just posted to bug people? If someone was spamming/trolling my site I wouldn't hesitate to block them out. Now I know that ip's can be faked, but as a temporary fix I think this is a good choice.

[ Parent ]
Re: Possible justifications. (4.20 / 5) (#13)
by Inoshiro on Mon Jul 24, 2000 at 01:02:20 PM EST

It's actually not that easy to spoof IPs. K5 is set to ignore all source routed packets, and all packets from private subnets. For a packet to even reach us that claims to be from a private subnet, a router between the attacker and us would have to accept the source routed packet, or there would have ot be a firewall left open which did not apply egress rules to outgoing packets.

Naturally, both are bad, and are steadily decreasing on the 'net as router mfrs are getting it through their heads that "secure by default" is almost the same as "secure" ;)



--
[ イノシロ ]
[ Parent ]
No, no, no... (1.60 / 7) (#9)
by Anonymous Hero on Mon Jul 24, 2000 at 11:38:55 AM EST

It's pity tha foo', not the poor fucker...

Stuff (4.20 / 6) (#15)
by Anonymous Hero on Mon Jul 24, 2000 at 02:21:35 PM EST

I voted -1 for this story, because I don't believe the spammer should be getting any attention (isn't that the purpose of spamming?)

Not only that, but the system works - we were able to vote down the story (well the one I saw anyway) pretty quickly. Non-k5 users didn't get to see the spam, k5 users did and they know that it is (a) atypical of this site (b) unnacceptable (c) what they don't want to read and (d) they get to do something about it.

As someone else mentioned, there's no point in hacking the Scoop source to try and filter out various things - it'll end up being a mess, and people who are determined will always find a way around it. I mean, maybe if we all had static IPs and used IPSec (AH at least) then we could maintain some sort of ACL list ... but there's no easy technical solution, and I think we can rely on everyone to ensure that this kind of stuff doesn't creep through to the front page.

Re: Stuff (4.50 / 2) (#17)
by Inoshiro on Mon Jul 24, 2000 at 04:38:17 PM EST

I agree. I was just wanting to give everyone a quick heads up. If the spammer really wanted something on the front page about themselves, they'd have been better to just write up an article. It's not hard.

As is, this'll be the last you hear about this until the matter is resolved.



--
[ イノシロ ]
[ Parent ]
Re: Stuff (5.00 / 1) (#21)
by rusty on Mon Jul 24, 2000 at 06:16:17 PM EST

The problem is, the spams were coming in at a much faster rate than they could be voted down, even by everyone. I temporarily dropped the hide threshold to -1 to let a distributed-delete effort take place, but I can't leave it like that all the time.

However, you might be right, that a distributed effort is the best way to deal with this. Maybe we should add a quick-delete option to voting; something like a "spam" option, that will drop a story much quicker than a normal "-1" vote. I don't know though.

For now, we've disabled anonymous posting of stories. I hate to do it, but we're kind of forced to. If we can come up with a good way to allow anon posting, and avoid this kind of thing, then we will.

____
Not the real rusty
[ Parent ]

Garbage stories? (2.50 / 6) (#16)
by Anonymous Hero on Mon Jul 24, 2000 at 04:36:55 PM EST

So what did these garbage stories look like, since us AHs can't see them...

-- Ender, Duke_of_URL

Re: Garbage stories? (2.00 / 1) (#22)
by the coose on Mon Jul 24, 2000 at 07:12:45 PM EST

Well, last night I did see one unusual story. An AH submitted a story asking the community what their methods masturbation are. I thought it was a joke - I don't know if this was part of the attack or not as I didn't visit the site until this morning and saw this post.

[ Parent ]
Re: Garbage stories? (3.00 / 1) (#23)
by hurstdog on Mon Jul 24, 2000 at 07:45:15 PM EST

that wasn't part of the attack, maybe a precurser. But the attack stories were all random gibberish

[ Parent ]
Re: Garbage stories? (none / 0) (#24)
by Boojum on Tue Jul 25, 2000 at 12:13:38 AM EST

I saw six put into the queue today (well, technically yesterday now) and did my part to vote them down. They were just strings of gibberish. My first thought when I saw it was that it was just a perl script slapping together n random words from /usr/dict/words and then posting it to k5. Nothing really impressive (Could have been a lot more entertaining if they'd at least used a generating grammar so that it parses syntactically... <g>)



[ Parent ]
Mail Bombing Attack | 24 comments (20 topical, 4 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!