Jump to content

Spammers - Paperless Paper Trail


You are about to reply to a thread that has been inactive for 1718 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

1 hour ago, Rhonda Huntress said:

This is not normal spam.  This is an attack.

I'd thought that too - that it's a current or ex SL user - but I'm not so sure. It does come daily (so far) at a time when there is no moderation to deal with it instantly, which could indicate that it's an attack, but, if it really is an attack, there is no need at all to space the posts out so relatively sparcely, with a minute or two between each one. It's not as if the perpetrator thinks that it might not be noticed if the posts are spread out. If I were to attack in this way, I'd do posts much more quickly than that.

Link to comment
Share on other sites

5 hours ago, Phil Deakins said:

I'd thought that too - that it's a current or ex SL user - but I'm not so sure. It does come daily (so far) at a time when there is no moderation to deal with it instantly, which could indicate that it's an attack, but, if it really is an attack, there is no need at all to space the posts out so relatively sparcely, with a minute or two between each one. It's not as if the perpetrator thinks that it might not be noticed if the posts are spread out. If I were to attack in this way, I'd do posts much more quickly than that.

This doesn't seem like an SL directed attack to me, and certainly not the kind of DOS attacks we hear about in the news. Those involve tossing requests at servers so rapidly that real traffic gets blocked. That didn't happen here. We were all quite able to read the spam. So the goal was not to block access to the forum, but rather to kill our desire to visit it. If you throw a ton of garbage into a pool and run away, you've only discouraged swimming for the time it takes to clean up (which is fairly independent of the amount of garbage). But, if you dribble crap into the forum for hours on end, it becomes too much work to keep scooping it out. So we all give up and head in-world, or over to our favorite IRC channels. This griefing tool makes efficient use of scant resources (just a task running on one computer somewhere, not 500,000 hacked baby monitors) by understanding how we use forums.

The spam appears overnight, but it's hard (for me) to say whether that's because the spammer targets LL office hours, or US office hours, or some other timing altogether. The spam is content free (though Treasure and the rest of us try to find meaning in it), so I don't think there's any intent to deliver a payload. As with all the MUMBAI junk we saw last year, this just seems like a web crawling vulnerability probe tossing an algorithmic monkey wrench into the works. Once you've worked up a griefing tool for forums, why not shoot it at every instantiation you can find? That makes more sense than some disgruntled SL'er working up a new algorithm to spam SL after each forum switchover.

The one part about this entire dynamic I wonder about most is whether or how the spamming algorithms eventually determine that they're wasting their time, or if they'll continue dribbling crap and we'll never know because Tommy and the Gang have blocked them.

Edited by Madelaine McMasters
  • Like 1
Link to comment
Share on other sites

Rhonda didn't suggest that it's a DOS attack. It's obvious that it isn't. By "attack", I'm sure she meant someone doing it to simply get in the way of people - griefing. That's what I thought it might be, anyway, and I think that's more-or-less what Rhonda meant. It's what makes me still wonder if it's a current or past SL user/visitor.

 

12 hours ago, Madelaine McMasters said:

.... and we'll never know because Tommy and the Gang have blocked them.

Have they? Not according to the NEXT UNREAD TOPIC link at the foot of this page. I haven't looked at the whole forum yet. I came straight to your post.

Link to comment
Share on other sites

28 minutes ago, Rhonda Huntress said:

Yes, Phil.  That is what I meant.  They were way beyond trying to make a sell.  They were trying to make the forums difficult to use for whatever reason.

Yep, and that's what I said.

But I still don't think this is directed against SL/LL. That just seems too tiny a target to justify the effort. Doesn't it seem more likely that there are bots out there pinging domains to see what's in them, then running whatever exploits are known to work against what they find? If I dump the logs for my home firewall, I'll see all kinds of blocked activity from domains located in China. I doubt those domains are looking for me. More likely they're looking for a PC or baby monitor they can infect, an SQL database they can crack open, or a Samsung TV they can commandeer. Those things are deployed in sufficient numbers that working up tools to break into them may be worthwhile.

 

Link to comment
Share on other sites

8 hours ago, Phil Deakins said:

Rhonda didn't suggest that it's a DOS attack. It's obvious that it isn't. By "attack", I'm sure she meant someone doing it to simply get in the way of people - griefing. That's what I thought it might be, anyway, and I think that's more-or-less what Rhonda meant. It's what makes me still wonder if it's a current or past SL user/visitor.

 

Have they? Not according to the NEXT UNREAD TOPIC link at the foot of this page. I haven't looked at the whole forum yet. I came straight to your post.

I'll repeat that I don't think this is directed against SL. That's just too small a target. It's far more likely that our new forum platform is well known to the hacking community and that a bot has stumbled upon it. The same was true of Lithium, where other Lithium powered forums were hit with spam around the time we got all the MUMBAI stuff.

As for Tommy and the Gang, please re-read what I wrote... "The one part about this entire dynamic I wonder about most is whether or how the spamming algorithms eventually determine that they're wasting their time, or if they'll continue dribbling crap and we'll never know because Tommy and the Gang have blocked them."

You'll see that I did not claim they'd blocked anything. I said that when we stop seeing the spam (and I've confidence that Tommy and the Gang will succeed) we won't know if it has actually stopped. Similarly, I don't know how much spam hits my e-mail server every day, nor how much traffic is blocked by my firewall, unless I open the logs. If (as I suspect) the MUMBAI spam continued to hit the old Lithium forum for years after it was first blocked by LL's tuning of the spam filter, would you be as inclined to think the spam came from an SL detractor?

We aren't the ones monitoring and blocking spam, so we're in a poor position to assess it.

Edited by Madelaine McMasters
  • Like 1
Link to comment
Share on other sites

Ah. I misunderstood what you wrote about blocking.

I'm not suggesting that the perpetrator is a current or ex SL user. It's just what I've wondered, that's all. You may be right about it not being directed specifically at SL. In fact, on reflection, if it's not an SL user/visitor, then it's very likely to be what you suggest, simply because the posts aren't posted very quickly, which could mean that the programme is posting all over the place just as fast as it can. On the other hand, if it is directed at the platform, wherever it is running, then I wonder why the software writers haven't implemented reasonable defernses against it. Or maybe they have and we just need Tommy and Co. to discover and engage it. Or... perhaps they have discovered it, but implementing it would mean reducing user capabilities.

It's a strange one to my way of thinking. I can understand the purpose behind it if it's an SL user/visitor, past or present, but I don't understand the purpose behind it if it isn't. Link spammers either include links in their posts, and don't post more than or two at a time, so there's a fair chance of not being noticed. Or they post one or two posts with no links, in order to come back a few weeks later to add links when they won't be noticed. DOS attackers flood the system so that it can't cope, and breaks down. This is in between. I can see no sensible purpose for it, other that just to be forum griefers, and that may be what it is.

So, to sum up... Who knows? :)

Link to comment
Share on other sites

2 hours ago, Phil Deakins said:

Ah. I misunderstood what you wrote about blocking.

I'm not suggesting that the perpetrator is a current or ex SL user. It's just what I've wondered, that's all. You may be right about it not being directed specifically at SL. In fact, on reflection, if it's not an SL user/visitor, then it's very likely to be what you suggest, simply because the posts aren't posted very quickly, which could mean that the programme is posting all over the place just as fast as it can. On the other hand, if it is directed at the platform, wherever it is running, then I wonder why the software writers haven't implemented reasonable defernses against it. Or maybe they have and we just need Tommy and Co. to discover and engage it. Or... perhaps they have discovered it, but implementing it would mean reducing user capabilities.

It's a strange one to my way of thinking. I can understand the purpose behind it if it's an SL user/visitor, past or present, but I don't understand the purpose behind it if it isn't. Link spammers either include links in their posts, and don't post more than or two at a time, so there's a fair chance of not being noticed. Or they post one or two posts with no links, in order to come back a few weeks later to add links when they won't be noticed. DOS attackers flood the system so that it can't cope, and breaks down. This is in between. I can see no sensible purpose for it, other that just to be forum griefers, and that may be what it is.

So, to sum up... Who knows? :)

Right, who knows.

One of the necessary steps in spamming the forum is the creation of an SL account. It would be easy to believe that signing up for one requires some special knowledge of SL (and it might), but that's not guaranteed. It is possible for bots to learn that a web page is designed for account creation just by looking for keywords in the HTML. There might be a human operator somewhere guiding a set of spamming tools towards SL, but that could easily be because, long ago, some aggrieved resident released a tool into the hacking community for creating SL accounts.

And sure, you and I see no sensible purpose for this. But we have different sensibilities than the hackers. I imagine my Dad spent a lot of time wondering why the hell I did the things I did when young. Looking back, I wonder why the hell he put up with it.

Link to comment
Share on other sites

You are about to reply to a thread that has been inactive for 1718 days.

Please take a moment to consider if this thread is worth bumping.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...