Thread: is this site get hacked? an invalid thread and user appears in Sourcemod - General
View Single Post
DarkDeviL
SourceMod Moderator
DarkDeviL's Avatar
Join Date: Apr 2012
Old 12-23-2023 , 14:16   Re: is this site get hacked? an invalid thread and user appears in Sourcemod - Genera
Reply With Quote #8
Quote:
Originally Posted by mlibre View Post
a simple captcha in the login or in the comment boxes would be enough
No, unfortunately not.

Quote:
Originally Posted by mlibre View Post
I bet these bots are so noob that they couldn't overcome the challenge.
While some bots may be "so noob", as you explain, many of them aren't.

Quote:
Originally Posted by Ryan2 View Post
I posted about this at the beginning of the year.
The issue you posted about, was regarding existing - but hijacked accounts.

This thread is about new spam bot registrations.

Account 355909 (literally named "validhack") was created on 2023-12-18, and posted it's junk on on 2023-12-18 06:54 (CET, +0100).

Quote:
Originally Posted by Ryan2 View Post
Most of the spam accounts are hijacked accounts with legit post history etc.
That one is actually false.

It does happen like that, but it definitely isn't the most of it that has an existing legit post history and/or old account creditability, in the way as you say.

Quote:
Originally Posted by Ryan2 View Post
This forum needs to reset everyone's password if they want to stop this.
I don't really agree with the "everyone's" part though, however, something like that may also become useful, in regards to stopping the problem with the existing - but hijacked accounts.

Having a mandatory password reset, such as if you've been gone from the forums for e.g. 3 months, or 12 months, before you can access the forums again, could be a way of reducing the impact of that specific issue.

But again, a such thing won't prevent the kind of junk that this specific thread is targetting.

Quote:
Originally Posted by Ryan2 View Post
Of course a year past almost and nothing has been done.
What exactly do you expect to be done, explained down to the smallest detail?

Quote:
Originally Posted by mlibre View Post
fixed
A such kind of captcha, or any other kind of captcha, even if you create your own customized one, it will proving it's effect for a very limited amount of time.

As I said above:

Quote:
Originally Posted by DarkDeviL View Post
Spam bots are learning your layers of defence, which means to be pro-active, it requires you to be constantly on guard, and be adapting to new things.
Quote:
Originally Posted by DarkDeviL View Post
There is simply no permanent fix to the problem, regardless what you do (or don't do).
That being said, I will be more than happy to admit that I also believe more things could be tried, in order to act more pro-actively to the issues.

But two questions comes up again and again, in regards to that:
  1. How many false positives do we want?
  2. What is most important?
    a) Effective spam bot defence
    b) That we are not limiting the ability for regular users to use the forums.
__________________
Mostly known as "DarkDeviL".

Dropbox FastDL: Public folder will no longer work after March 15, 2017!
For more info, see the [SRCDS Thread], or the [HLDS Thread].
Last edited by DarkDeviL; 12-23-2023 at 14:17.
DarkDeviL is offline