Raised This Month: $ Target: $400
 0% 

is this site get hacked? an invalid thread and user appears in Sourcemod - General


Post New Thread Reply   
 
Thread Tools Display Modes
Author Message
little_froy
Senior Member
Join Date: May 2021
Old 12-18-2023 , 03:29   is this site get hacked? an invalid thread and user appears in Sourcemod - General
Reply With Quote #1

the user named "validhack"
I think this site is very old, should improve the security.
Attached Thumbnails
Click image for larger version

Name:	屏幕截图 2023-12-18 162836.png
Views:	168
Size:	3.5 KB
ID:	202549  
little_froy is offline
mlibre
Veteran Member
Join Date: Nov 2015
Location: return PLUGIN_CONTINUE
Old 12-18-2023 , 08:08   Re: is this site get hacked? an invalid thread and user appears in Sourcemod - Genera
Reply With Quote #2

are spambot
__________________
mlibre is offline
DarkDeviL
SourceMod Moderator
Join Date: Apr 2012
Old 12-18-2023 , 16:35   Re: is this site get hacked? an invalid thread and user appears in Sourcemod - Genera
Reply With Quote #3

Quote:
Originally Posted by little_froy View Post
the user named "validhack"
Please just use the Report Post () button below the user's profile.

Both when you see stuff like this, but also if there are other posts that you feel may be in violation with the AlliedModders Rules.

Quote:
Originally Posted by mlibre View Post
are spambot
Correct.

Quote:
Originally Posted by little_froy View Post
I think this site is very old
The problem, regardless the age of the site, is that these spam bots are getting more and more "sophisticated":

I once saw something that looked like a spam bot, so therefore I triggered an infraction causing a ban, with a reason like "Spam bot? - Appeal via Contact Us, if you're real.".

I was surprised to see that potential spam bot return and spam again, but it appeared that it had been appealing about the ban, and due to the appeal, it was apparently considered real by someone else.

Quote:
Originally Posted by little_froy View Post
should improve the security.
Although you can get a long way, with a lot of effort, the result you eventually notice, isn't going to be the same forever.

Changing to another kind of forum isn't going to help, or magically fix the problem either.

Spam bots are learning your layers of defence, which means to be pro-active, it requires you to be constantly on guard, and be adapting to new things.

That rarely works that well, together with things driven by volunteers.

There is simply no permanent fix to the problem, regardless what you do (or don't do).
__________________
Mostly known as "DarkDeviL".

Dropbox FastDL: Public folder will no longer work after March 15, 2017!
For more info, see the [SRCDS Thread], or the [HLDS Thread].

Last edited by DarkDeviL; 12-18-2023 at 16:39.
DarkDeviL is offline
mlibre
Veteran Member
Join Date: Nov 2015
Location: return PLUGIN_CONTINUE
Old 12-21-2023 , 15:16   Re: is this site get hacked? an invalid thread and user appears in Sourcemod - Genera
Reply With Quote #4

a simple captcha in the login or in the comment boxes would be enough, I bet these bots are so noob that they couldn't overcome the challenge.
__________________
mlibre is offline
Ryan2
Senior Member
Join Date: Jul 2020
Old 12-22-2023 , 02:25   Re: is this site get hacked? an invalid thread and user appears in Sourcemod - Genera
Reply With Quote #5

Quote:
Originally Posted by mlibre View Post
a simple captcha in the login or in the comment boxes would be enough, I bet these bots are so noob that they couldn't overcome the challenge.
I posted about this at the beginning of the year.

https://forums.alliedmods.net/showthread.php?t=341302

Most of the spam accounts are hijacked accounts with legit post history etc. This forum needs to reset everyone's password if they want to stop this.

Of course a year past almost and nothing has been done.

Last edited by Ryan2; 12-22-2023 at 02:26.
Ryan2 is offline
mlibre
Veteran Member
Join Date: Nov 2015
Location: return PLUGIN_CONTINUE
Old 12-23-2023 , 07:08   Re: is this site get hacked? an invalid thread and user appears in Sourcemod - Genera
Reply With Quote #6

fixed

Quick Reply
Message: Hello friends, I bring you an incredible special offer, you cannot miss it...
Rant:
3x-8=x?
  • 1
  • 4
  • 7

Post Quick Reply | Go Advanced
__________________
mlibre is offline
Jhob94
AMX Mod X Donor
Join Date: Jul 2012
Old 12-23-2023 , 13:20   Re: is this site get hacked? an invalid thread and user appears in Sourcemod - Genera
Reply With Quote #7

Quote:
Originally Posted by mlibre View Post
fixed

Quick Reply
Message: Hello friends, I bring you an incredible special offer, you cannot miss it...
Rant:
3x-8=x?
  • 1
  • 4
  • 7

Post Quick Reply | Go Advanced
That would block more real users that suck at math and some spambots would still bypass it
__________________
Jhob94 is offline
mlibre
Veteran Member
Join Date: Nov 2015
Location: return PLUGIN_CONTINUE
Old 01-09-2024 , 10:30   Re: is this site get hacked? an invalid thread and user appears in Sourcemod - Genera
Reply With Quote #8

Quote:
Originally Posted by Jhob94 View Post
That would block more real users that suck at math and some spambots would still bypass it
Of course I exaggerated a little, something as basic as addition and subtraction.

Quote:
Originally Posted by DarkDeviL View Post
A such kind of captcha, or any other kind of captcha, even if you create your own customized one, it will proving it's effect for a very limited amount of time.
It will take some time to adjust, it can serve as a temporary "brake", which is still better than nothing.
__________________
mlibre is offline
DarkDeviL
SourceMod Moderator
Join Date: Apr 2012
Old 12-23-2023 , 14:16   Re: is this site get hacked? an invalid thread and user appears in Sourcemod - Genera
Reply With Quote #9

Quote:
Originally Posted by mlibre View Post
a simple captcha in the login or in the comment boxes would be enough
No, unfortunately not.

Quote:
Originally Posted by mlibre View Post
I bet these bots are so noob that they couldn't overcome the challenge.
While some bots may be "so noob", as you explain, many of them aren't.

Quote:
Originally Posted by Ryan2 View Post
I posted about this at the beginning of the year.
The issue you posted about, was regarding existing - but hijacked accounts.

This thread is about new spam bot registrations.

Account 355909 (literally named "validhack") was created on 2023-12-18, and posted it's junk on on 2023-12-18 06:54 (CET, +0100).

Quote:
Originally Posted by Ryan2 View Post
Most of the spam accounts are hijacked accounts with legit post history etc.
That one is actually false.

It does happen like that, but it definitely isn't the most of it that has an existing legit post history and/or old account creditability, in the way as you say.

Quote:
Originally Posted by Ryan2 View Post
This forum needs to reset everyone's password if they want to stop this.
I don't really agree with the "everyone's" part though, however, something like that may also become useful, in regards to stopping the problem with the existing - but hijacked accounts.

Having a mandatory password reset, such as if you've been gone from the forums for e.g. 3 months, or 12 months, before you can access the forums again, could be a way of reducing the impact of that specific issue.

But again, a such thing won't prevent the kind of junk that this specific thread is targetting.

Quote:
Originally Posted by Ryan2 View Post
Of course a year past almost and nothing has been done.
What exactly do you expect to be done, explained down to the smallest detail?

Quote:
Originally Posted by mlibre View Post
fixed
A such kind of captcha, or any other kind of captcha, even if you create your own customized one, it will proving it's effect for a very limited amount of time.

As I said above:

Quote:
Originally Posted by DarkDeviL View Post
Spam bots are learning your layers of defence, which means to be pro-active, it requires you to be constantly on guard, and be adapting to new things.
Quote:
Originally Posted by DarkDeviL View Post
There is simply no permanent fix to the problem, regardless what you do (or don't do).
That being said, I will be more than happy to admit that I also believe more things could be tried, in order to act more pro-actively to the issues.

But two questions comes up again and again, in regards to that:
  1. How many false positives do we want?
  2. What is most important?
    a) Effective spam bot defence
    b) That we are not limiting the ability for regular users to use the forums.
__________________
Mostly known as "DarkDeviL".

Dropbox FastDL: Public folder will no longer work after March 15, 2017!
For more info, see the [SRCDS Thread], or the [HLDS Thread].

Last edited by DarkDeviL; 12-23-2023 at 14:17.
DarkDeviL is offline
Neeeeeeeeeel.-
Some Guy Yellin'
Join Date: Jul 2010
Location: Argentina
Old 03-13-2024 , 09:10   Re: is this site get hacked? an invalid thread and user appears in Sourcemod - Genera
Reply With Quote #10

Quote:
Originally Posted by DarkDeviL View Post
That being said, I will be more than happy to admit that I also believe more things could be tried, in order to act more pro-actively to the issues.

But two questions comes up again and again, in regards to that:
[LIST=1][*]How many false positives do we want?
I've also manage a forum and adding captcha to <1 month old or <50 posts accounts reduced spam drastically.
__________________
Neeeeeeeeeel.- is offline
Send a message via Skype™ to Neeeeeeeeeel.-
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 05:25.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode