MEM China attack

[b.lindsey]

Rather keep them off ALL pages!!

Bill

[derekwarner]

Wednesday 10th July 2019 ....... flew 1100 km to Adelaide .....the wonderful bag handlers with Qantas  destroyed my Toshiba Ultrabook.....used an alternate Desktop & logged into Paddleducks & Model Boat Mayhem & a few others OK

Attempted to log into MEM ...saw a message I was banned for life & this exclusion was not reveresable...... 

Waited 24 hours......the same......waited another 24 hours & the system asked me if I wanted to revise my password.....then all OK

Returning home in a few days on the 26th    so I may find issues logging on when I purchase a new Laptop??

Derek

[b.lindsey]

Sorry for the scare Derek. Unfortunately some isp blocks overlap between China and Australia. As soon as it was noticed that a few valid members were being caught in the high level bans, they were modified/refined to remove your isp address. You shouldn't have issues with the new laptop, not from your usual isp address anyway.

Bill

[Alan Haisley]

This is not the only server that uses this software. They may use ones like this to try to develop hacking methods that they could use on more sensitive servers.

[nats]

Usually they don't care about the content pf website (let's talk about the general case, not gov server). They have automated exploit system that scan website (and in particular Forum/blog/etc... because they have well known problems) and they want to use the compromised server for botnet/spamming/ddos.

[Farmboy]

As a regular viewer but, sadly, an infrequent contributor, I would like to express my appreciation to those who volunteer their time to keep things running smoothly 

[Elam Works]

A Forum that I help out with (also using SMF 2.0.15) is also experiencing a glut of registration attempts. Started late June, but recently has ramped up to about sixty per day, nearly all from Russia. It too is a boutique forum, of limited interest except to a relatively minor portion of the population, of which I somehow suspect none reside in the former USSR. Thankfully, the anti-spam plug-in for SMF is still supported and sidelines the registrations pending Moderator approval (which never comes!) The policy is to ignore the applications that get flagged by the anti-spam plug-in ban list, unless an actual person follows up with an email asking why their membership application has not yet been approved. Then it is looked at to set if it is legit. None of them are, because they are on the ban list already for repeated offences reported across the internet. I think once in the last several years we did have a follow-up from a flagged membership application. It turned out the individual unfortunately chose a username that was frequently turning up on anti-spamming lists.

Also at some time back, the entire China IP was banned. The chance of someone from China legitimately wanting to join was weighed against the chance of someone slipping through not yet on the ban list, and the fact the Admin and Moderators still received an email notification of the pending membership application that got flagged (and so a flood of notification emails). Hence it was not worth it keeping membership open to that country IP address.

As for why they do it, you might as well ask why life evolved. Just because! Point to remember nearly all of this is not done by an actual person but rather a computer program. It does not care if it fails a million times in succession, it is working for peanuts and it only takes it a few seconds anyway! It will just keep trying until occasionally it gets lucky and finds a forum with a venerable membership registration process.

What can it do with a membership to an obscure forum? Well that is even harder to fathom the specifics. Rest assured- be it trying to mine for personal details, or just placing spam posts at a later date (usually there is a delay until the registration is sold to another party), there is somehow money to be made. It might seem like a potential return of a pittance, but it is a computer program doing this over and over again a thousand times a second. It eventually the pennies add up. Sometimes it obvious like a hyperlink to a website that has been compromised (fishing scams) or will download malicious files to your computer. Most internet users have been warned about those perils and are savvy to them now. So you do not see that type of exploitation as much, just as you do not see the Nigerian prince emails as much anymore. Sometimes it is just so they can post apparently innocuous phrases in a message, or the auto-signature of a post, that do not initialy seem like spam. But they somehow help the ranking score of a client's website during a Google search (or other search engine). So the spammers are selling ranking advancement services, using your forum to increase their client's internet presence. And that is just the tip of the iceberg, there are almost certainly many more ways to scam a penny and lots of folk out there more devious than you willing to bend their minds to it.

Even the (live) hackers just trying to break into a system for jollies are practicing their skills so they can sell them later on to identity theft brokers or spammers. No one does this long term for free. (Unless they are some thirty-five year old geek still living with their mother!) Somewhere at the end of it, no matter how convoluted a path, there is money to be made. It has nothing to do with what the forum is about or how strategically important your post is. What is important to remember these programs are reading the public posts to look for keywords, like your email address. If they manage to register, the programs (autobots) also read the member private boards (of which MEM does not have any that I know of, other than those setup for restricted membergroups like Admin, Moderator, etc.) So don't put your personal email address in the body of a post; not unless in a few months time you want your personal email inbox to become inundated with spam. Use the forum email or PM system to have folk that you do not already know contact you. They at least have to be a registered member to access those tools. And they would have to hack the admin side of the forum or the SMF database to get to your personal email addresses that are linked to your membership.

And don't forget to thank the admin(s) and moderator(s) for keeping it all up and running behind the scenes; dealing with all this spam nonsense so you don't have to. Thank You! I know exactly what you have to deal with!

-Doug

[Kim]

Thanks for that post Doug!

And I'd like to thank Bill and Jo who have done all the work to stem the tide of these hacker attempts on our site.  They have spent many hours setting up bans to thwart the ne'er-do-wells!  Thank you, Bill and Jo!

Kim

[Jo]

Thanks Doug for explaining the challenges of these  in the long 

...  So don't put your personal email address in the body of a post; not unless in a few months time you want your personal email inbox to become inundated with spam. Use the forum email or PM system to have folk that you do not already know contact you.

This is why you will find that one of the moderators will sometimes modify your posts to remove an Email address: it is to protect you


Thankfully the blocks seem to be working and I am getting a little more time for the workshop 

Jo

[mike mott]

Yes and I would also like to thank you for all the work you do the make this site safe and enjoyable.

Mike

[Zephyrin]

Yes and I would also like to thank you for all the work you do the make this site safe and enjoyable.

I fully agree with the above thanks...

[JC54]

Thank you moderators JC

[AdeV]

I would also like to thank Jo and the moderators, who have really stepped in and sorted this out at great cost to their own personal time. 99% of the time, running a forum like this is extremely easy - it virtually runs itself. The other 1%, it's like a duck on speed - still looks reasonably calm on the surface, but under the waterline all hell has broken lose!

So again, thanks to you all. Once again, what few grey hairs I have left have been saved for another crisis! 

[Laurentic]

Thank you - to you moderators.  Great work.  Was one on a yachtie website years ago and know the pain! 

Chris

[Ginger Nut]

Thanks for your 3m aail regarding outage etc. Its been sometime since I'd even opened the forum, i do read via tablet latest posts tho of subscribed threads.

Sent from my SM-T580 using Tapatalk