skirtcafe.org

It looks like we're under attack from the Russians at the moment and my e-mail inbox is getting hammered by bounced e-mails from would-be users from Russia. Thus, in an act nearing desperation, I have temporarily disabled new-user registrations in an attempt to stem the flow.

I'll turn it back on in a couple of days once the storm has passed.

I don't see what's the point with bothering that way a site like this one. Sad to read.
I wish you that it will cease soon and won't start again later!

Spirou003 wrote: ↑Tue May 30, 2023 5:35 pmI don't see what's the point with bothering that way a site like this one. Sad to read.
I wish you that it will cease soon and won't start again later!

Geopolitics knows no boundaries.

In any event, I likely have a couple of aces up my sleeve -- and a big bag of tools.

I seem to remember this had to be done with China, about 10 (+/-) years ago.
The "Spammers" got so bad, you had to BLOCK the entire countries IP addresses.

Now, it seems like the "Sexperts" from Russia, are realizing that they can't peddle their
wares on/at Skirt Cafe', are trying different 'venues' to get their viewpoint out to the world.
And it's not just "Sexperts", the spammers are pushing anything, from cell phones to wall
paper. I have no problem with anyone trying to promote their business but - PLEASE - when
posting on an English speaking site, USE English. If not, that's an automatic block of the poster.

Now, back to your regular scheduled programming

Uncle Al

Uncle Al wrote: ↑Tue May 30, 2023 5:59 pm I seem to remember this had to be done with China, about 10 (+/-) years ago.
The "Spammers" got so bad, you had to BLOCK the entire countries IP addresses.

Some of those tactics are still in place, and it's sad that they had to be put in. In addition to virtually all of the "large" netblocks in China, several large data-centres in the US had to be blocked as they were very spammer friendly (in other words, vacant in their jobs) and a couple of other small countries went in as well.

I freely admit that's ham-fisted, but sometimes it needs to be done so we don't spend all our time dealing with trash. Russia is very close to gettting the same treatment, but Russia is busted up into hundreds of little tiny netblocks thanks to the Cold War, and that makes it a problem to deal with. Face it, the admins and the mods need some downtime just as much as any other human.

The full registration shutdown is going to last only until I can think of a work-around.

Are you a robot? Then use some sort of data based photos for them to have to solve before they even get to the registration area. Maybe that would help.

Fred in Skirts wrote: ↑Tue May 30, 2023 7:48 pmAre you a robot? Then use some sort of data based photos for them to have to solve before they even get to the registration area. Maybe that would help.

I tried that in the past and found out that humans are not as good as robots in figuring the things out -- in fact I got several complaints, especially from older guys, they they couldn't work them because of vision problems, hence I dropped the notion.

What I'm likely to do tomorrow is to use today's access logs to pick out registration attempts, look up the IP addresses from them, and make a decision based on the findings therefrom. I like old-school solutions to old-world problems, and this can likely be boiled down to precisely that.

I appreciate all that you and the other mods do to maintain this website.

Well, I turned things back on earlier this morning and the abuse started almost immediately with 70+ new "registrations" -- all from Russia -- in the span of about an hour and a half. This was localised down to 5 netblocks, all of which are now prohibited from accessing the site at all.

Researching the thing a bit further, I found that to completely block the Russian Federation would take over 7,000 lines of verbiage in the configuration files, and that'd tax the web-server so I'm targetting the bad actors individually. I'm actually surprised the list of miscreants is so small considering there's a war on.

crfriend wrote: ↑Wed May 31, 2023 4:56 pm Well, I turned things back on earlier this morning and the abuse started almost immediately with 70+ new "registrations" -- all from Russia -- in the span of about an hour and a half. This was localised down to 5 netblocks, all of which are now prohibited from accessing the site at all.

Researching the thing a bit further, I found that to completely block the Russian Federation would take over 7,000 lines of verbiage in the configuration files, and that'd tax the web-server so I'm targetting the bad actors individually. I'm actually surprised the list of miscreants is so small considering there's a war on.

So I’m just a curious bugger. Why? What’s the deal with them asking to be part of skirt cafe? Is there so nefarious thing that these people could gain from this? I’m not completely computer illiterate but I just don’t see what their purpose is? Can one of you computer experts enlighten me?

1) We have never had so many as even one valid user from Russia
2) All of the accounts have obviously bot-generated names
3) Most of the e-mail accounts are blatantly multi-dot obfuscations of g-mail addresses
4) These things clutter up the main database
5) We were starting to get regarded as a spamming site by the indications of the mail logs I saw yesterday.
6) Anything else?

crfriend wrote: ↑Thu Jun 01, 2023 11:03 am 1) We have never had so many as even one valid user from Russia
2) All of the accounts have obviously bot-generated names
3) Most of the e-mail accounts are blatantly multi-dot obfuscations of g-mail addresses
4) These things clutter up the main database
5) We were starting to get regarded as a spamming site by the indications of the mail logs I saw yesterday.
6) Anything else?

Not sure if you were answering my inquiry or not.

I’m wondering why are they doing this not what does it do to the site.

What’s the advantage to the person who started the bot in terms of making so many accounts in this cafe?

ScotL wrote: ↑Thu Jun 01, 2023 11:58 am I’m wondering why are they doing this not what does it do to the site.

What’s the advantage to the person who started the bot in terms of making so many accounts in this cafe?

Here are a few:

• To scam other people out of personal information

• To spam the site with links to affiliate sites where they might earn a small commission

• To get an account and then hack the site when a vulnerability is discovered (some vulnerabilities of web systems require access to certain parts of a site)

I'm not sure why the volume - but presumably these are from some bot farm where - initially - they might post realistic (but off topic) content and then quickly devolve into spamming the site with advertising of one sort or another. Could also be to have each account contact a member on this site with an AD for some scam (makes it harder for an admin to block all the spam accounts). Additionally, many forums are abandoned on the web, and are a breeding ground for these systems, I don't think they discriminate. Eventually I'd assume they would stop when they decide it's not worth the data since Carl is playing an active role in stopping them - I'd imagine some forums don't get the level of attention to stopping this stuff.

Also, in case anybody hasn't noticed:

1) There's a war on, and the United States is in it by proxy against the Russians.
2) Russia has always been a hotbed for this sort of shady activity

Now, in the unlikely event that this is tangentially related to the current war, it's merely an annoyance, and the security tactics I use are more than capable of dealing with it, and a scalpel works a lot better than a chain-saw for precision work. I shut down six moderate-size netblocks and the problem has vanished.

To the second point, the USA does not have its hands clean in this, either, and there are several US netblocks for large data-centres that are in the "Deny" list as well.

Well done Carl. Thank you.