cyber war


Tell us what you thought about the December 2012 issue!

Moderator: Editors

User avatar

Master Critic

Posts: 1187

Joined: October 06, 2008, 06:53:45 AM

Location: Chantilly VA

Post December 26, 2012, 10:52:25 AM

cyber war

if as it looks our friends from overseas are working together and its not a zombie bot, we really need to put a stop to these attacks. That's the obvious.

2nd, Lester can only do so much. obvious #2.

So who has the time to discover how other zines combat this, or are we special for some reason, in that were are being attacked in this manner?

Mark what do you do for C&C?
My site can only be entered by the web diva, and not a solution.
Do we have anything going with Norton or the like where we can set up a trash barrel?

What can I do? What exactly are we doing? Go to PM give me a number and I'll call off line.

RT
User avatar

Long Fiction Editor

Posts: 2682

Joined: January 11, 2010, 12:03:56 AM

Location: by the time you read this, I'll be somewhere else

Post December 26, 2012, 01:30:26 PM

Re: cyber war

Rick, this isn't war, it's fucking TARGET PRACTICE, with us being the bullseye. Some 285 or so spam when I logged in. I just got done cleaning those up; I've still got other trash to throw out.

I've asked Doc (our webmaven) to update the board, since our software is out of date. Our Captcha defense is known to be useless and needs upgraded.

There is a one-button solution. Well, two, actually -- shut off all self-registrations and require an admin to allow new members, or -- shut off ALL registration completely. For that last, I suppose we'd have to ask new members to send an email or something to get manually okay'd.

My finger is getting awfully itchy for one of those buttons lately, I'll tell ya.
I was raised by humans. What's your excuse?
User avatar

Master Critic

Posts: 1187

Joined: October 06, 2008, 06:53:45 AM

Location: Chantilly VA

Post December 26, 2012, 02:10:07 PM

Re: cyber war

These are denial of service attacks, and it might be as something to consider reporting.

What country do they come from?

Is there one primary location/or general url/IP address? that can automatically be blocked and then viewed at our convenience to judge it legit or not? Do you want assistance? This really gets to me since I was hit a year or so ago on my regular work site.

how about a syntax sw that recognizes gibberish?

can we all pony up some $$ to purchase some decent protection?

Editor Emeritus

Posts: 2528

Joined: December 31, 1969, 08:00:00 PM

Location: Mass, USA

Post December 26, 2012, 02:26:10 PM

Re: cyber war

rick tornello wrote:What country do they come from?
Is there one primary location/or general url/IP address? that can automatically be blocked and then viewed at our convenience to judge it legit or not?


Unless the listed country per user is different from the actual IP range, the countries have moved around a bit. I have idly glanced at the user profiles now and then and the countries changed - sometimes Russian Bloc, sometimes African, sometimes others.

The Editorioso is reluctant to make it "elitist" to require signup approval of new members, because they want it to be inclusive and friendly for newcomers, and I get that. Same with the posting delays. I simply don't know what the software is capable of. Speaking of Bots though, the Whoevers behind this might yet be using one. For example once they get a live account, maybe they run a bot that then drills down and slams in messages. Per the Spam Parody thread, nobody could possibly think those nonsense phrases are legit items of meaning. So those titles could be generated by some kind of program.

Master Critic

Posts: 3595

Joined: September 17, 2008, 10:10:20 PM

Post December 26, 2012, 02:41:19 PM

Re: cyber war

Lester Curtis wrote:Rick, this isn't war, it's fucking TARGET PRACTICE, with us being the bullseye. Some 285 or so spam when I logged in. I just got done cleaning those up; I've still got other trash to throw out.

I've asked Doc (our webmaven) to update the board, since our software is out of date. Our Captcha defense is known to be useless and needs upgraded.

There is a one-button solution. Well, two, actually -- shut off all self-registrations and require an admin to allow new members, or -- shut off ALL registration completely. For that last, I suppose we'd have to ask new members to send an email or something to get manually okay'd.

My finger is getting awfully itchy for one of those buttons lately, I'll tell ya.

This is seriously taking advantage of Lester's good willed offer to help clean up this problem. During this time, Rob Wynne should have been communicating with him and searching for answers.

The site "Poetry Circle" does the administration approval for new members and post a notice that gibberish usernames will not be allowed. Prospective new members have to wait 1 - 2 days to be accepted.

We only get about 2 - 4 new members a month, if that.

Using the admin. permission option means there would be no spam ever again. Nothing would get through. Problem solved. No need to look further for software. We can move on to promoting the site to the public.

Rob Wynne is entrusted with the site's well being, but chooses not to get into this. It wouldn't take much time to set up the admin approval option. Make Lester membership director. If he needs help, I'll help him, Rick will help him. Come on Rob, make an appearance, set this up. Lester and his helpers will take it from here.

The admin. approval option could be administered in less than a tenth of the time that spam is currently being removed.

Master Critic

Posts: 3595

Joined: September 17, 2008, 10:10:20 PM

Post December 26, 2012, 03:14:02 PM

Re: cyber war

This is how Poetry Circle does it, a writer's forum site.

http://poetrycircle.com/index.php?PHPSE ... n=register

Forget about their use of ad revenues, concentrate on their registration set up.
User avatar

Master Critic

Posts: 1187

Joined: October 06, 2008, 06:53:45 AM

Location: Chantilly VA

Post December 26, 2012, 04:20:18 PM

Re: cyber war

look at the crap that constitutes a sentence in the newest spam. There has got to be s/w that handles this . Norton does for me and McAfee for my wife's system.

How about a fire wall that has to be reviewed by any one of a set of administrators, me, Mark and Lester for example.

I wish I purchased BLITZKRIEG when it was offered commercially.

We could just stop all emailed from said countries to review.

BTW the bot/zombie thing takes over computers from all over the planet and then focuses on the target hitting it from all the zombied systems.

This looks like a bunch of hackers that may just be busting us because they can as in we have no defense set up other than Lester and he must look like domestic Swiss cheese by now.
User avatar

Long Fiction Editor

Posts: 2682

Joined: January 11, 2010, 12:03:56 AM

Location: by the time you read this, I'll be somewhere else

Post December 26, 2012, 04:41:48 PM

Re: cyber war

There is a lot of crap coming though by bots; I'm sure of it. Our Captcha is intended to stop spam-bots, but it's outdated and about as strong as wet toilet paper. New generations of spam-bots go through it just like that. No human help needed. Human operators have only to follow the instructions, and they're in.

I can understand the reluctance to upgrade the board; the instructions to do so are deceptively simple, but the reality is that days of tweaking are involved. I wouldn't dare touch that. And I won't touch this button, either -- --
reg.jpg
reg.jpg (41.71 KiB) Viewed 6337 times

because this isn't my board, and I don't know what else it does that it isn't saying anything about.

Still, the board does need upgraded, and this should just be thought of as regular maintenance to the site, like doing oil changes on a car. A pile of headaches for a while, but (to the best of my knowledge) we CANNOT get new filters without doing the upgrade first.
I was raised by humans. What's your excuse?

Editor Emeritus

Posts: 2528

Joined: December 31, 1969, 08:00:00 PM

Location: Mass, USA

Post December 26, 2012, 06:12:25 PM

Re: cyber war

P.S. On my screen there's a paperclip on the topic. Does anyone know what that means?
User avatar

Long Fiction Editor

Posts: 2682

Joined: January 11, 2010, 12:03:56 AM

Location: by the time you read this, I'll be somewhere else

Post December 26, 2012, 08:56:33 PM

Re: cyber war

TaoPhoenix wrote:P.S. On my screen there's a paperclip on the topic. Does anyone know what that means?

Probably just there to indicate the attachment that I posted.
I was raised by humans. What's your excuse?
User avatar

Long Fiction Editor

Posts: 2682

Joined: January 11, 2010, 12:03:56 AM

Location: by the time you read this, I'll be somewhere else

Post December 26, 2012, 09:31:38 PM

Re: cyber war

What country do they come from?
Mostly from Russia and China; some from Germany, France, and Sweden, then after that, just about anywhere.

The major offenders, as identified by their emails, are a Russian mail service called 'mail(dot)ru', followed by gmail. I find this odd, and a little offensive, since gmail is a service of Google, whose motto is, "Do no evil." And yet they seem unwilling to police their own product's use. Plus, they provide seemingly unlimited machine-generated (and likely disposable) email addresses, perfect for spamming.

This gets into a problem with international law, I'm sure. Read Terms of Service or End User License Agreement for any software, and you'll see that spam is prohibited. Big deal, sue us in international court, ha ha ha. I have noticed that we get almost NO spam originating in the USA. Court jurisdiction for that is in California for almost every TOS and EULA I've ever read.

Regarding the use of gibberish usernames, something I've noticed lately is that the Chinese have the most consistently perfect English-looking names in use. I often have to do a deeper check to make sure where a post is from, but I've gotten to calling it Chinese before I run it, and I'm usually right.

Some fools just don't care; I've seen -- this is a fact -- someone logged in here with the username, 'click here.'

The ones that mystify me are what I call 'squatters.' The board categorizes them as 'inactive users,' accounts with a zero post count. They just sign up and sit there forever (or until I kick 'em) and never post anything. Nearest I can guess, they must get a hit count reported back by crawlers and bots, giving them some kind of credit for just being somewhere.

Rick, you asked if assistance was needed . . . I don't think there's a need for another person to help with the spam -- Robert Moriyama and I handle the most of it -- but someone else once mentioned that there is an awful backlog of work in archiving old stories. I'm not sure I want to add 'board librarian' to my resume (and workload), but if you can figure out who to ask, there's some work that needs done.
I was raised by humans. What's your excuse?
User avatar

Master Critic

Posts: 1187

Joined: October 06, 2008, 06:53:45 AM

Location: Chantilly VA

Post December 26, 2012, 09:43:47 PM

Re: cyber war

Lester, the biggest offenders are East Europe/Russian Republic and China pure and simple. They then get control of computers throughout the planet, "Zombies", which are then directed to specific targets. Some of this is done as training exercises. Some of these are just nasty SOB's with really good computer skills, and others kids screwing around. We are an easy target and these letters must make them laugh.

I wrote about it in one of my stories some time ago. Look under Cyber War or How its Done. I think they are the titles one short and one expanded. The truth is we, the US Government under Bush II, gave both countries the source code to windows. It's been a downhill slide since then. Our chips are made in China as are most of our computers. If you need documentation I can provide it, open sources.

Do we block all from there and then shuttle them to the three of us to review?
User avatar

Long Fiction Editor

Posts: 2682

Joined: January 11, 2010, 12:03:56 AM

Location: by the time you read this, I'll be somewhere else

Post December 26, 2012, 09:57:33 PM

Re: cyber war

rick tornello wrote:Lester, the biggest offenders are East Europe/Russian Republic and China pure and simple. They then get control of computers throughout the planet, "Zombies", which are then directed to specific targets. Some of this is done as training exercises. Some of these are just nasty SOB's with really good computer skills, and others kids screwing around. We are an easy target and these letters must make them laugh.
I get that, but notice that the overwhelming majority are commercial spam, so somebody is making money for posting them. Again, international borders, and nobody is going to court over it. The assumed response, I guess, is, "Quit your bitching and install a good filter."

Do we block all from there and then shuttle them to the three of us to review?

Explain -- ? You lost me . . .
I was raised by humans. What's your excuse?
User avatar

Master Critic

Posts: 1187

Joined: October 06, 2008, 06:53:45 AM

Location: Chantilly VA

Post December 27, 2012, 07:49:37 AM

Re: cyber war

commercial spam? that poor quality English or a bad computer translator.

We should send back to them the same way.

What I was attempting to say, speaking of poor English, those emails that are suspect, picked out through the NEW filter, are forwarded to us in a separate PM Spam section to review or delete or ignore, and say after 10 days they are automatically deleted unless we say otherwise.

Intent and actual verbiage are sometimes two or more different things. Sorry,

RT

Editor Emeritus

Posts: 2528

Joined: December 31, 1969, 08:00:00 PM

Location: Mass, USA

Post December 27, 2012, 11:10:54 AM

Re: cyber war

Well, a couple I can't figure out, one is the usual Belarus, but a couple are listing interesting places of origin.

Durston Rd. Unit 23 Bozeman,Montana - no building number but oddly specific
288 Portage Avenue, Winnipeg, MB R3C 0B8, Canada - which is a Radisson hotel - why so beautifully written out?
300-999 Canada Place, Vancouver, BC V6C 3B5, Canada - not sure
331 Smith St, Winnipeg, Manitoba, Canada - a Marlborough hotel

So is that the new wrinkle? People using hotel wifi so it looks "local"?
User avatar

Master Critic

Posts: 1187

Joined: October 06, 2008, 06:53:45 AM

Location: Chantilly VA

Post December 27, 2012, 01:15:58 PM

Re: cyber war

or taken over the computer system ZOMBIE, I would guess most are from Eastern Europe considering the grammar and spelling.
User avatar

Long Fiction Editor

Posts: 2682

Joined: January 11, 2010, 12:03:56 AM

Location: by the time you read this, I'll be somewhere else

Post December 27, 2012, 01:29:47 PM

Re: cyber war

rick tornello wrote:commercial spam? that poor quality English or a bad computer translator.

We should send back to them the same way.

What I was attempting to say, speaking of poor English, those emails that are suspect, picked out through the NEW filter, are forwarded to us in a separate PM Spam section to review or delete or ignore, and say after 10 days they are automatically deleted unless we say otherwise.

Intent and actual verbiage are sometimes two or more different things. Sorry,

RT

I think you mean a "sandbox." Incoming stuff is isolated and scanned before being passed on. An active filter with some sophistication to it. We can put that on the 'wish list.'
I was raised by humans. What's your excuse?

Master Critic

Posts: 3595

Joined: September 17, 2008, 10:10:20 PM

Post December 27, 2012, 02:36:35 PM

Re: cyber war

Lester Curtis wrote:I think you mean a "sandbox." Incoming stuff is isolated and scanned before being passed on. An active filter with some sophistication to it. We can put that on the 'wish list.'

Why not just click over to the "admin. log in option" with everyone who is registering, e-mailing you as the first step. I can set it up, so a form e-mail pops up when they click the sign up e-mail address and all a person has to do is fill it out and click send. Questions like their actual name, their desired username, password etc. Post a notice in the register section stating only names (actual or pen names) will be considered.

This method is easy to do and spammers "can't" post anything.

Also Lester, why don't you delete "all" squatters who haven't posted anything in 30 days? All zero post usernames be deleted that are 30 days old. More than enough time to say something.

I'm just interested in you not being wore out!

Editor Emeritus

Posts: 2528

Joined: December 31, 1969, 08:00:00 PM

Location: Mass, USA

Post December 27, 2012, 04:29:30 PM

Re: cyber war

Mark Edgemon wrote:Why not just click over to the "admin. log in option" with everyone who is registering, e-mailing you as the first step. I can set it up, so a form e-mail pops up when they click the sign up e-mail address and all a person has to do is fill it out and click send. Questions like their actual name, their desired username, password etc. Post a notice in the register section stating only names (actual or pen names) will be considered.


As a Privacy advocate, I frown on "actual name". I see that as a different issue that should not be wrapped up in this one. I've kept a "translucent" separation between user handle and name for some 8+ years now, that's not the be-all end of context security and I resent "real names" being invoked as any measure of security. After all, I get plenty of spam from "Jemima Smith", which is still junk. Let's focus on the posting content problems.

Editor Emeritus

Posts: 2528

Joined: December 31, 1969, 08:00:00 PM

Location: Mass, USA

Post December 27, 2012, 04:34:24 PM

Re: cyber war

Both FreeWebspace.net and DonationCoder.com just review the first 1-3 posts before allowing an account active. At least in (say January 2012) spammers seem to be idiots. Self selection!? It would prevent 83 spam posts of pharma, because they'd never make it through the first post.

(Cynical) I wasn't gonna add this coda, but here goes: Anyone can't wait a day for validation isn't someone we want here. (/cynical)

Master Critic

Posts: 3595

Joined: September 17, 2008, 10:10:20 PM

Post December 27, 2012, 05:07:50 PM

Re: cyber war

TaoPhoenix wrote:
Mark Edgemon wrote:Why not just click over to the "admin. log in option" with everyone who is registering, e-mailing you as the first step. I can set it up, so a form e-mail pops up when they click the sign up e-mail address and all a person has to do is fill it out and click send. Questions like their actual name, their desired username, password etc. Post a notice in the register section stating only names (actual or pen names) will be considered.


As a Privacy advocate, I frown on "actual name". I see that as a different issue that should not be wrapped up in this one. I've kept a "translucent" separation between user handle and name for some 8+ years now, that's not the be-all end of context security and I resent "real names" being invoked as any measure of security. After all, I get plenty of spam from "Jemima Smith", which is still junk. Let's focus on the posting content problems.

Slow down, Tao. Within the parentheses in my post above, I included pen names...like yours! Any actual word "user name" like Darth Vader, Smeagol, Gollum, Edward Sizzorhands and the like, will knock out the gibberish usernames. Like you say, the spammers use high tech and low intellect (they're idiots) so, it should work!
User avatar

Master Critic

Posts: 1187

Joined: October 06, 2008, 06:53:45 AM

Location: Chantilly VA

Post December 28, 2012, 10:14:03 AM

Re: cyber war

Winter break anyone?

The increase in spam coordinates with that, or it could be what the Mayans really meant. It was a message to us.

Just 2 ideas.

Editor Emeritus

Posts: 2528

Joined: December 31, 1969, 08:00:00 PM

Location: Mass, USA

Post December 28, 2012, 01:04:47 PM

Re: cyber war

rick tornello wrote:Winter break anyone?
The increase in spam coordinates with that...


Naw, I don't think so, as I wryly remarked above, our particular batch of spammers is surprisingly stupid. Winter Break implies a student at a school of learning, and absolutely all college students are smarter than what we have going on here. I'm putting my money on someone(s) getting paid like 7 cents per 50 links, in a place where a dollar buys 3 days of rice. We're seeing the low end of the spectrum here. Even Google Translate produces better output than what we are seeing. Google Translate produces something almost resembling sentences. This is more like a program that produces random words and embeds links.

Editor Emeritus

Posts: 2528

Joined: December 31, 1969, 08:00:00 PM

Location: Mass, USA

Post December 28, 2012, 01:09:22 PM

Re: cyber war

More fun:
One SN claims to be a lawyer from Guam.
Another lists Nigeria. (Whether to cast apersions on Nigerians in a triple play, who knows).

Either way, lots of countries here, not just Russo-bloc countries.
User avatar

Master Critic

Posts: 1187

Joined: October 06, 2008, 06:53:45 AM

Location: Chantilly VA

Post December 28, 2012, 02:11:23 PM

Re: cyber war

Let me try this again. The master control is county XYZ and they take over computers in country : d, e, f, h, l, and m. The attacks seem to be coming from else where, these other countries listed but they are only proxies, or zombies as the term is used in these cases. The controlling system is one spot that cannot be tracked back with out the help of more sophisticated tools.

So if it seems to be coming from a lawyers office or a hotel it might be but they don't necessarily know it or have control over it because the CPU is controlled by the real offending party. That's one manner of DOS (denial of service).

What you're witnessing are computer security issues that are currently left up to the individual and the individual businesses while the government goes about its current attempts at developing and instituting a more complete COMPUSEC program.

Unless we do something to harden the site we will be bombarded by this until we fold. This is not a joke.

RT
User avatar

Long Fiction Editor

Posts: 2682

Joined: January 11, 2010, 12:03:56 AM

Location: by the time you read this, I'll be somewhere else

Post December 28, 2012, 04:14:54 PM

Re: cyber war

The controlling system is one spot that cannot be tracked back with out the help of more sophisticated tools.

So if it seems to be coming from a lawyers office or a hotel it might be but they don't necessarily know it or have control over it because the CPU is controlled by the real offending party. That's one manner of DOS (denial of service).
Yep. all it takes is for someone to thoughtlessly click a link in a bogus email, and their computer gets fed the nasties. They won't even know anything is wrong, unless they notice that their machine seems to run a little slow at times. In a place that they can't see, it's dialing up the spam for somebody on the other side of the planet.

Really, though, I think most of this is probably coming from 'boiler rooms' in countries that don't care whose laws they're breaking.
I was raised by humans. What's your excuse?

Master Critic

Posts: 3595

Joined: September 17, 2008, 10:10:20 PM

Post December 28, 2012, 10:06:26 PM

Re: cyber war

Those in charge of the "maintenance of the site" do nothing to close the door to these spam invaders, knowing that Lester is faithfully here to clean up the mess.

Remember the classic video game, "Space Invaders"...well, this reminds me of that.
User avatar

Long Fiction Editor

Posts: 2682

Joined: January 11, 2010, 12:03:56 AM

Location: by the time you read this, I'll be somewhere else

Post December 29, 2012, 12:06:29 AM

Re: cyber war

I always hated those video games . . . I'd get blown up within the first few seconds at the second level, and walk away a nervous wreck . . .

But, back to the topic of 'sandboxes,' I remember now where I found that:

https://www.google.com/intl/en/chrome/b ... l#security

I'd never seen the term before.
I was raised by humans. What's your excuse?

Editor Emeritus

Posts: 2528

Joined: December 31, 1969, 08:00:00 PM

Location: Mass, USA

Post December 29, 2012, 12:07:04 AM

Re: cyber war

rick tornello wrote:Let me try this again. The master control is county XYZ and they take over computers in country : d, e, f, h, l, and m. The attacks seem to be coming from else where, these other countries listed but they are only proxies, or zombies as the term is used in these cases. The controlling system is one spot that cannot be tracked back with out the help of more sophisticated tools.

So if it seems to be coming from a lawyers office or a hotel it might be but they don't necessarily know it or have control over it because the CPU is controlled by the real offending party. That's one manner of DOS (denial of service).

What you're witnessing are computer security issues that are currently left up to the individual and the individual businesses while the government goes about its current attempts at developing and instituting a more complete COMPUSEC program.

Unless we do something to harden the site we will be bombarded by this until we fold. This is not a joke.

RT


Naw Rick, what I meant was that someone actually took the time to write in some of the profile location information in these spam profiles, and they bothered to type in a country of origin location. So I agree and they're covering tracks, but it's funny that they would actually type in semi-strange countries like Guam. In my other note, when I said someone was Belarusian, I meant that they had actually typed Belarus into the profile location info. Its not IP locations I am getting this from. So that's why I said it was interesting what countries they chose to list as countries of origin.

Master Critic

Posts: 3595

Joined: September 17, 2008, 10:10:20 PM

Post December 29, 2012, 03:39:37 AM

Re: cyber war

Lester Curtis wrote:I always hated those video games . . . I'd get blown up within the first few seconds at the second level, and walk away a nervous wreck . . .

I hated that particular video game, because of a bad experience I had with it.

I was a teen after high shcool working at a drug store and would go to a bar next door for lunch. I played that game once or twice a day believing eventually...I could beat it!

One day I took it on...mano a mano with $10. worth of quarters. It asked me, "Is that a roll of quarters in your pocket or are you just glad to see me?"

I spent two thirds of them until finally...victory! I had wiped out all of the space invader aliens. I had won! I had beaten it! Yeah for persistence.

And then...

A new screen, with more aliens, moving faster than before.

I increasingly yelled...what! What! What!

The bartender said, "There's no end to it!

The police never found me OR my sledgehammer!

The End 8)
Next

Return to December 2012

Who is online

Users browsing this forum: No registered users and 1 guest

cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware.