If we do our job right, most members here will have no idea how much spam we fight here every day. Normally it's not too much, just a dozen members who have spam links in their profile. But over the last week, DIY Drones, like most of the other networks hosted on the Ning platform, has been hit by the biggest botnet attack we've ever seen, with hundreds of fake member accounts being created every day to post Canadian pharmaceutical ads. The graph above, from this article, shows the rise of these botnet attacks in recent weeks.

The reason members shouldn't know anything about this is because of the heroic work of your 30 administrators and moderators, who have been manually banning these accounts and deleting the posts before they're published (that's why we moderate all posts). The posts can come at the rate of dozens per hour, so this is a big job; I just wanted to publicly thank the moderators, especially Morli and Thomas Coyle for their tireless work in fending off these bots.

Just to give you and idea of what they're dealing with, here is about 30 minute's worth of banned members from today (don't worry; I'm not invading anyone's privacy--those are all bots):

The good news is that Ning is putting in place measures to stop this. Every time we ban a member for spam, that information is propagated throughout the Ning system (they have more than a million network like DIY Drones) and if an account is banned on one network, it will be banned on all of them. But we're up against a botnet of millions of zombie PCs, so sometimes the bad guys get ahead.

Ning just posted the new tactics it will be putting in place to turn the tide: "We have the initial captcha for first time posters now and will be adding a temporary suspension too." Hopefully, this will start to take effect soon and our moderators can take a break. Until then, a huge thanks!

Views: 361

Comment by Sgt Ric on March 10, 2010 at 9:18am
They aren't using a single spam site, -they use unsuspecting highjacked PCs as bots, so IP address blocking will be as huge a task as suspending them.

Comment by Mark Colwell on March 10, 2010 at 9:42am
Heres an idea that could be refined a little to auto kill there bots,

if (blog text contains "order" or "free" or "now" and "click here") then suspend member and delete all posts

Comment by Jordi Muñoz on March 10, 2010 at 10:14am
We need Captchas security on every post: http://recaptcha.net/ at least for not moderators.

Comment by Mark Colwell on March 10, 2010 at 10:18am
Maybe just to create new accounts?

Comment by Jordi Muñoz on March 10, 2010 at 10:24am
We can also "Approve new members before they can join".

Comment by Jordi Muñoz on March 10, 2010 at 10:25am
I think both is the best solution (members and posts)...

Comment by Sami Finnila on March 10, 2010 at 10:31am
I've heard that bots are pretty good at bypassing these image recognition tests these days and even if they get 1/100 of these image recognitions tests right that's still too much when there are 1000 bots attempting it at once.
Comment by Rana on March 10, 2010 at 10:41am
Chris, I agree with Mark and Jordi.

Comment by Sami Finnila on March 10, 2010 at 11:00am
It's pretty hard to tell actual human nick names from a name that a bot has chosen from a list, though... I mean this might lead to some actual people being rejected but there's not going to be spam, that is true...

3D Robotics
Comment by Chris Anderson on March 10, 2010 at 11:06am
Jordi, you're right. I had hoped not to have to approve members, because I want people to be able to comment spontaneously, without having to wait for approval, but until this botnet storm passes we should clamp down a bit. So I've implemented membership approval for now. We've had post approval for a while and will continue that.


You need to be a member of DIY Drones to add comments!

Join DIY Drones


Season Two of the Trust Time Trial (T3) Contest 
A list of all T3 contests is here. The current round, the Vertical Horizontal one, is here

© 2020   Created by Chris Anderson.   Powered by

Badges  |  Report an Issue  |  Terms of Service