Simviation Forums

[pete]

"Captcha" verification.

One of the methods used on some Sites to ensure that real people are signing up....>>>

http://www.google.com/recaptcha/captcha

Paul.

... yes we already have that --- these are people hired to do this .. not bots

[Jetranger]

Guess what I don't understand

is,, that stuff take a lotts time to post that junk, ain't they got something better to do, I mean Geezzzzz, get a frickin life or something !

They must be punk kids under 25, with screws loose, too much time on their hands, NO Girl Friend, nothing better to do than be a real pain in the Azz !!

its just stupid if ya ask me !

their messin with Flight Sim. Com too, this morning that site was sooooo Slowwwww, you'd thought I was on Dial up from 1999 !

Think its time to hire some Hitman to go after these young punk jerkwads !

[Jetranger]

Captchas

I always like the ones that make users ADD numbers for an answer !

[pete]

Coupled with deliberate and targeted attacks on our main site I suspect this was also a deliberate spam attack (people in china or india, wherever - easily hired for a few bucks on freelance websites) .

Our hosts and my own server admin will confirm we've been severely attacked professionally many times in the past and particularly this year.

Here is an earlier ticket from our hosts (one of many)

Hello Pete,

We were able to get the tcpdump and nfdump information from our switch.

** nfdump -M /usr/local/var/profiles-data/live/crb2r1a5_ams01:crb1r1a5_ams01:crc2d3s2_phx01:crc1d3s2_phx01:dr6506a_ord03:dr6506a_ord02:dr6506b_ord03:dr6506b_ord02 -T -r 2013/06/09/nfcapd.201306090720 -n 10 -s ip/flows
nfdump filter:
net 198.143.185.234/29
Top 10 IP Addr ordered by flows:
Date first seen Duration Proto IP Addr Flows(%) Packets(%) Bytes(%) pps bps bpp
2013-06-09 07:19:48.333 308.866 any 198.143.185.238 2898(100.0) 3.0 M(100.0) 3.0 G(100.0) 9800 77.3 M 985
2013-06-09 07:19:48.333 308.429 any 2.221.99.240 205( 7.1) 265216( 8. 272.9 M( 9.1) 859 7.1 M 1028
2013-06-09 07:19:48.345 301.565 any 105.229.98.63 65( 2.2) 66560( 2.2) 62.3 M( 2.1) 220 1.7 M 935
2013-06-09 07:19:52.298 303.528 any 117.197.122.230 42( 1.4) 43008( 1.4) 37.6 M( 1.3) 141 991693 874
2013-06-09 07:19:49.020 303.874 any 222.110.58.120 37( 1.3) 37888( 1.3) 35.6 M( 1.2) 124 936998 939
2013-06-09 07:19:59.757 296.935 any 95.16.137.87 36( 1.2) 36864( 1.2) 28.2 M( 0.9) 124 759539 764
2013-06-09 07:19:49.544 296.861 any 87.165.146.28 36( 1.2) 36864( 1.2) 34.1 M( 1.1) 124 918319 924
2013-06-09 07:21:59.422 95.929 any 115.133.237.64 36( 1.2) 36864( 1.2) 32.7 M( 1.1) 384 2.7 M 888
2013-06-09 07:20:05.585 280.948 any 90.246.86.73 36( 1.2) 36864( 1.2) 34.6 M( 1.2) 131 985612 938
2013-06-09 07:19:58.294 283.424 any 188.78.114.224 34( 1.2) 34816( 1.2) 32.5 M( 1.1) 122 917374 93

It appears that your server is getting a 3GB attack with around 10K packets per second incoming.

This is surely a distributed attack, allthough it appears to be a spoofed TCP attack over multiple different ports. There is no source IP we can provide as it is spoofed, although we would suggest that we nullroute that IP address for atleast a 12 hour period.

You can understand why I naturally think it's probably deliberate when this is fairly regular. Luckily we have a very good server admin guy (& of course everything is backed up every day = not to mention raid = so if one disc went down another will automatically kick in).

Who and why?

[Fozzer]

Ta for that info, Pete.

It certainly is an ongoing nightmare for Internet Site owners!

Some affected worse than others for some reason?

Paul.

[beaky]

Yes, a captcha protocol might hp...just a few days ago, I deleted a bunch of obviously bot-generated spam posts, all gibberish, and all from the same user.

[expat]

Spammers are after a quick hit. If the sign up process was lengthened maybe it would not be worth it to them. By lengthened, I mean no instant sign up to the forums. Downloads could be instant access, but the forums you must wait 24 hours. Or what about you can only access the forums after you have made three downloads. I know it would be a hindrance to join, but if you are a true aviation fan you would understand, especially if this was made clear at sign up due to the spamming problem.........??

Matt

[ozzy72]

That is pretty much how it is these days Matt. If we made it an even lengthier process to sign up we'd scare off news blood.

[expat]

That is pretty much how it is these days Matt. If we made it an even lengthier process to sign up we'd scare off news blood.

OK, naturally it is some ten years or so since I signed up.................. It is bound to have changed a bit in that time......

Matt

[ozzy72]

Indeed, but on the bright side I've only gotten more fabulous!

[expat]

Indeed, but on the bright side I've only gotten more fabulous!

I feel a poll coming on, for example........

1. Has Ozzy remained the same, corked like a bottle of wine that has not been stored properly....

2. Has Ozzy increased his fabulousness as he has aged just like a fine wine......

3. I am afraid to answer this question as the Mods can probably see how we vote........

Matt

[Zaphod]

Indeed, but on the bright side I've only gotten more fabulous!

I feel a poll coming on, for example........

1. Has Ozzy remained the same, corked like a bottle of wine that has not been stored properly....

2. Has Ozzy increased his fabulousness as he has aged just like a fine wine......

3. I am afraid to answer this question as the Mods can probably see how we vote........

Matt

Definitely 3, although Ozzy could stall any further debate by posting a more up to date profile photo

Zaphod.

[Fozzer]

Indeed, but on the bright side I've only gotten more fabulous!

I feel a poll coming on, for example........

1. Has Ozzy remained the same, corked like a bottle of wine that has not been stored properly....

2. Has Ozzy increased his fabulousness as he has aged just like a fine wine......

3. I am afraid to answer this question as the Mods can probably see how we vote........

Matt

Definitely 3, although Ozzy could stall any further debate by posting a more up to date profile photo

Zaphod.

Like Ozzy.....I'm sticking with my year-2000 photograph on my Driving Licence....

...the "Young Fozzer" one!.... .... ....!

Paul.... ... ...!

[Bass]

Maybe its just the colours that've changed

[Fozzer]

:lol:
Maybe its just the colours that've changed

Its generally best not to use the image that you see first thing in the morning in the Shaving Mirror, after a heavy session the previous night at the Pub with your Mates, followed by that fiery Vindaloo Curry!....

...trust me!... ... ...!

Paul.... ... ...!