Join Gretsch-Talk Today

Random threads with numbers or Chinese in titles?

Discussion in 'Forum Issues, Problems, & Concerns' started by mschafft, Jul 31, 2018.

  1. Aymara

    Aymara Friend of Fred

    Jul 6, 2013
    Germany
    When I see, how ancient their forum software is, I doubt, that these guys are able to make bot attacks :D
     
  2. Synchro

    Synchro The artist formerly known as: Synchro Staff Member

    Jun 2, 2008
    Tucson, AZ
    Admin Post
    AC9F69FA-364F-4C99-838B-A399156C2C05.png

    Good news, everybody! The technical people have implemented some technical measures which should help with the spam problems we’ve been having. Hopefully, this will cure at least the current rash of spam posts.

    If you do see any spam, please hit the “Report” button. This is the most efficient fromthe standpoint of time because I can see the names of everyone that reports that thread and when I perform the cleanup it resolves all of the reports in one stroke.

    I want to thank everyone for their reports and remind all that we all work together to keep G-T a pleasant place to visit.

    I sometimes wonder how some of this spam benefits anyone, but I guess that the idea is to get referral fees any way possible. I know how bits travel, routing protocols, switching and a bit about encryption, but above layer 4 I’m pretty much clueless. I’ve heard that layers 5-7 exist, but I can’t imagine why. :)
     
    Hammerhands likes this.
  3. Synchro

    Synchro The artist formerly known as: Synchro Staff Member

    Jun 2, 2008
    Tucson, AZ
    Admin Post
    I think that they undertook some new measures, just in the last few minutes, after the last little outbreak.

    One possibility is to use questions instead of a Captcha. Just some simple trivia might be enough to keep the ‘bots out. If tonight’s measures prove ineffective, you can bet that we’ll be back wit’ something like that.
     
    T Bone likes this.
  4. Aymara

    Aymara Friend of Fred

    Jul 6, 2013
    Germany
    I did some research about Captcha and found out, that nowadays bots can read it. That's why Google developed ReCaptcha, that is based on photos. But some newer bots can even read photos :(

    Email verification seems to be more effective. But in worst case the registration will be done by a human and the following spam by a bot.

    It's getting more and more difficult to protect against this crap ... the keyword is: Artificial Intelligence.
     
    Last edited: Aug 10, 2018 at 1:44 AM
  5. dafreeze

    dafreeze Friend of Fred

    Nice. Way to go, Syncro way to go. (repeat)
     
  6. Synchro

    Synchro The artist formerly known as: Synchro Staff Member

    Jun 2, 2008
    Tucson, AZ
    Admin Post
    As my chief Security Vendor says; “we build the wall higher and they keep jumping higher”.

    Two weeks ago, I took IINS, Cisco’s security course. One of the lab tools was a VM with Kali Linux, which is popular with hackers, but IT professionals use it for penetration testing. It is chilling to see what can be done. A simple password can now be cracked in milliseconds. Every unused switchport has to be shut down and placed in an unroutable VLAN. Switchports in use have to be protected from all sorts of exploits and restricted to known hardware addresses, to prevent someone from plugging in a rogue computer or wireless access point. Even routing protocols, the most sacred aspect of internetworking, now have to be secured in order to be safe.

    The only good aspect of this is that it provides job security for people like me. If things remain as they are, I should be able to afford to retire, roughly three years after I die. :)
     
  7. Synchro

    Synchro The artist formerly known as: Synchro Staff Member

    Jun 2, 2008
    Tucson, AZ
    Admin Post
    All I did was send an email. Some tech wizard did the rest. :)
     
  8. dafreeze

    dafreeze Friend of Fred

    Yes Sir, read all about it and its a good thing, too. I was this close to really laying into that guy and giving him a piece of your mind.
     
  9. Aymara

    Aymara Friend of Fred

    Jul 6, 2013
    Germany
    Sounds familiar, but I fear your first sentence and this one were the only ones, most members understood ;)

    Fact is protecting systems and networks against attacks of any kind, becomes more and more difficult, because Kali Linux is only one example of stuff, that anybody can find online and use it for purposes, that cause security experts headaches.
     
    Flouswa likes this.
  10. Hammerhands

    Hammerhands Country Gent

    Aug 26, 2011
    Winnipeg
    Did you get a demonstration of that? What is a secure password, now?
     
  11. Synchro

    Synchro The artist formerly known as: Synchro Staff Member

    Jun 2, 2008
    Tucson, AZ
    Admin Post
    Like so many things, these days, there’s an upside and a downside. Kali is a wonderful tool in the right hands. I’ve only used it for testing on lab systems, so far and would never use it, even on a system I manage, without the proper authority to use it strictly for penetration testing.

    Unfortunately, any Script Kiddie on earth, or any criminal, can get a copy.
    Indeed, I worked through a demonstration of it myself on a lab computer. It was frightening. On a simple, 7 character, password, it was cracked before my hand was off the “Enter” key.

    For password length; I’d suggest at least 10 characters with at least one each of uppercase, lowercase, number and punctuation mark. Most importantly, no dictionary words within the password.
     
    russmack and Flouswa like this.
  12. Aymara

    Aymara Friend of Fred

    Jul 6, 2013
    Germany
    Use the beginning characters of something like "It's raining cats and dogs", which leads to a password like Ircad, now fill it up with some special characters and numbers: I.r.c.a.d-in-2018

    That's relatively easy to remember and pretty secure, if complex and long enough.
     
    Last edited: Aug 10, 2018 at 7:17 AM
    thunder58 likes this.
  13. 1883

    1883 Gretschie

    150
    Apr 12, 2015
    Aotearoa
    Password length is the only criterium!!!! The longer the better. Doesn't matter what letters are chosen. The above password is 17 characters long and will be cracked much quicker than if your password would have been "It's.raining.cats.and.dogs"

    https://www.gizmodo.com.au/2017/08/...password-rules-now-regrets-wasting-your-time/
     
  14. larryb

    larryb Gretschified

    Age:
    49
    Oct 29, 2012
    Greenville, SC
    ...but since you took time out of your day, I just wanted to say.... cyou.jpg
     
    Wozob and thunder58 like this.
  15. Flouswa

    Flouswa Gretschie

    It's looking like it may have worked? I usually log in first thing in the morning, about 6AM EST and not a SPAM to be seen today. Fingers crossed, I almost hate to say this too loudly...

    Thank you Synchro for your continued diligence in this matter. Sometimes we forget that so much on the internet still falls into the "Brave New World" category and it's a continuing battle. Back when my husband and I were first into computers, I remember someone making a comment about software piracy. "As quickly as someone finds a way to prevent it, someone else has figured a new way around security." It still stands.
     
    larryb likes this.
  16. Aymara

    Aymara Friend of Fred

    Jul 6, 2013
    Germany
    Security experts have a different opinion and add the complexity as a second criterium.
     
  17. Bertotti

    Bertotti Country Gent

    Jul 20, 2017
    South Dakota
    I noticed that so far this morning there are no advertisements to be seen anywhere on this site. Did the tech identify that as a possible backdoor for bots? I wonder how this will affect the handheld experience. Perhaps we will finally be able to use out phones routinely without the weird redirects!
     
  18. Synchro

    Synchro The artist formerly known as: Synchro Staff Member

    Jun 2, 2008
    Tucson, AZ
    Admin Post
    They tracked it to South Dakota. We are dispatching a drone with a huge laser. :)
     
    Wozob and T Bone like this.
  19. stevo

    stevo Country Gent

    May 1, 2012
    Atlanta
    Complexity long ago ceased to be challenging to hackers, only length. The only thing you can do to add challenge to the hacker is to add more length. Computers don't care or know the difference between a 3 or a $ or a 0 or a O. It's all just another character to them.
     
    T Bone likes this.
  20. stevo

    stevo Country Gent

    May 1, 2012
    Atlanta
    Hmmm...