Quote:
Originally Posted by FlamingCreeper
We believe that the attacks are coming from real people rather than an electronic attack, but if you can prove otherwise, please let us know. ...
|
With just an IP address to go by, I don't think that anyone can tell what or who is behind the Spam attacks. I don't really know whether these Spam attacks are coming from a Spambot or from an actual person (IMHO, if it is a person then they sure went through a lot of trouble to create all of those individual user accounts and launch all of those individual attacks). I thought that it was most likely an automated Spambot that was doing all of the dirty work.
With ChiNa's solution, we could have stopped the attacks if it was indeed a Spambot (The vBulletin settings that he detailed requiring a potential member to answer two questions [For verification] during registration would have prevented a Spambot from successfully registering as a member (99.9% of the time according to ChiNa) since the AI in a Spambot would most likely not know how to answer random questions which could be about anything [It would be very difficult if not near impossible to program the "Fuzzy logic" into the AI to correctly respond to a particular given random question that only a human could answer "On the fly" - It's sort of like a
CAPTCHA system]). If it was an actual person who could answer the questions that was performing the attack, the installed anti-Spam add-on (Either vBStopForumSpam or Spam-O-Matic) would further scrutinize the new user's IP address against its regularly updated database of Spam IP addresses to determine whether it belongs to a known Spam site even if the person or somehow the Spambot (Highly unlikely) correctly answered the registration questions. Of course, if the IP address was "Clean" (Not a known Spam IP address) those measures would have been circumvented, a new user account created and the attacks could continue (Nothing is 100% secure) but at least then we would know that it was most likely a real person behind the Spam attacks (If they made it through the registration questions) and take other measures to deal with the person.
However, it appears that the point is now moot since the solution that Stoner created and applied (Filtering posts) is independent of that fact - His solution allows the registration of new user accounts (Possible Spammer) but is only concerned with the quantity of and content quality of threads, rather than with the source (Spambot or actual person and IP source) of the threads to identify a Spam attack. Of course, there could be vulnerabilities in his solution as well (Again, nothing is 100% secure). However, it currently appears to be an effective solution. We all owe Stoner thanks for his quick thinking and effective solution!