An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
All forums marked as unread
#30001 05/08/14 09:41 AM
Joined: Aug 2009
Likes: 7
jchuzi Online OP
OP Online

Joined: Aug 2009
Likes: 7
This morning, all FTM forums except Frequently Asked Mac Questions and Mac FAQ Discussion appeared as if I had never read them. I tried logging out/in but that didn't help. Deleting the FTM cookie and the Safari cache and then re=logging in was unsuccessful. I had installed AdBlock yesterday so I disabled it but that didn't solve the problem.

Other sites seem unaffected so I assume that something is wonky with FTM.

Last edited by jchuzi; 05/08/14 09:42 AM.

Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: All forums marked as unread
jchuzi #30032 05/08/14 11:34 AM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
You missed it!

I don't know if it was a denial of services attack or what, but we got hit with a bit more than 1,050 spam posts (Oakley Sunglasses) in a coupl'a hours...every forum, which is why FTM looked like you had never read anything. (They came up faster than I could refresh my browser page.)


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: All forums marked as unread
artie505 #30033 05/08/14 12:06 PM
Joined: Aug 2009
Likes: 7
jchuzi Online OP
OP Online

Joined: Aug 2009
Likes: 7
Thanks, Artie. All seems well right now.


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: All forums marked as unread
jchuzi #30034 05/08/14 01:54 PM
Joined: Aug 2009
Likes: 4
Offline

Joined: Aug 2009
Likes: 4
Having been one of those who notified the moderators of the spam bombing, I hope that one or more will chime in about what happened and whether it can be avoided in future. They did a nice job of cleaning it up in the past couple hours.
It certainly seems as though FTM forums were specifically targeted.

Re: All forums marked as unread
grelber #30035 05/08/14 02:06 PM
Joined: Aug 2009
Likes: 7
jchuzi Online OP
OP Online

Joined: Aug 2009
Likes: 7
Maybe FTM should feel complimented? After all, the spammers must think that we have such a wide audience that it's worth their while. grin


Jon

macOS 11.7.10, iMac Retina 5K 27-inch, late 2014, 3.5 GHz Intel Core i5, 1 TB fusion drive, 16 GB RAM, Epson SureColor P600, Photoshop CC, Lightroom CC, MS Office 365
Re: All forums marked as unread
artie505 #30036 05/08/14 03:16 PM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: artie505
I don't know if it was a denial of services attack or what, but we got hit with a bit more than 1,050 spam posts (Oakley Sunglasses) in a coupl'a hours...

I saw it when I opened the site much earlier this morning and thought: "What the……?"

To the folks who cleaned up that mess in such short order, "Well done!"


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: All forums marked as unread
jchuzi #30039 05/08/14 08:25 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Looking at the server logs, it doesn't seem to be a denial of service or a particularly targeted attack--just run of the mill bot spam with a misconfigured bot. (Most spam bots are programmed not to hit one target more than a certain number of times to avoid tripping automatic protection; this one was probably just badly configured by the spammer.)


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: All forums marked as unread
tacit #30042 05/08/14 09:14 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
> (Most spam bots are programmed not to hit one target more than a certain number of times to avoid tripping automatic protection; this one was probably just badly configured by the spammer.)

Isn't UBB.threads's lack of automatic protection also bad configuration?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: All forums marked as unread
artie505 #30043 05/08/14 09:55 PM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
UBB.threads, sadly, lacks automatic flood control and other defenses. Its only defense is a database of known bad IP addresses and forum poster names, and that's not a very effective defense at all when faced with botnets.

I've done some more research, and discovered the spam flood is primarily linking to poorly secured servers in Italy and Switzerland which have been hacked. These hacked servers contain links and redirectors to an Amazon affiliate ID, "as_acph_ap_fallhbag_910_on" (probably automatically generated and possibly one of many). The purpose of the spam run appears to be to generate revenue by Amazon affiliate linking.

I've notified Amazon's security team of thie abuse by this affiliate ID, and notified the Web hosts of the network of compromised servers that they have security issues. With luck, Amazon will shut down the affiliate account--removing the economic incentive to spam appears to be the most effective way to deal with it.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: All forums marked as unread
tacit #30046 05/09/14 09:39 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
It looked to me like the spam could only be taken down in blocks of 25 posts, and that, combined with its lack defenses, marks UBB.threads as seriously deficient.

Allowing 1,000 posts to go up is bad enough, but not facilitating their removal is compounding the injury.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: All forums marked as unread
artie505 #30047 05/10/14 12:35 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
I'm not disagreeing with you. There are some shortcomings to this software, among them being that it seems to be increasingly poorly supported as time goes on. I'd like to see more robust antispam defenses, Facebook integration (I know not everyone likes Facebook, but the fact is, allowing people to log in with Facebook increases participation tremendously), and better management tools.


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: All forums marked as unread
tacit #30048 05/10/14 12:51 AM
Joined: Aug 2009
Likes: 1
Offline

Joined: Aug 2009
Likes: 1
Quick update: I just heard back from Amazon's security team. They revoked the Amazon affiliate account of our spammer, so he won't be making any money from his run on FTM. smile


Photo gallery, all about me, and more: www.xeromag.com/franklin.html
Re: All forums marked as unread
tacit #30056 05/10/14 08:34 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Just to add a bit of curious perspective to this incident, the spammer first hit at around 2:30AM and left only five posts; he/she/it then came back at around 4:30AM, and that's when the floodgates opened.


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Moderated by  alternaut, cyn, dkmarsh 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.025s Queries: 40 (0.019s) Memory: 0.6349 MB (Peak: 0.7339 MB) Data Comp: Zlib Server Time: 2024-03-28 21:22:53 UTC
Valid HTML 5 and Valid CSS