WrongPlanet is UNDER ATTACK! You may get DDoS warnings.

Post Reply New Topic

WP has been under spammer attack for nearly three days now. An automated spam bot has been registering 1000 new member accounts per day over this time with the sole purpose of linking to spam sites. This overload to the site software and database may result in knocking the site out and forcing it completely offline.

I have been unable to get in touch with Alex over this time and have been manually fighting off the attack deleting thousands of such fake member (spammer) accounts. However, this approach is not feasible to continue so Sliqua, the company that host WrongPlanet have increased the CloudFlaire setting telling it that we are under attack.

This may cause members some inconvenience. You may get messages saying your browser is being checked and asking you to wait a few moments. Hopefully this is a short term measure. It does appear to be keeping the automated spam attack at bay, but Alex needs to make changes to prevent this type of attack again.

Oh crap!

Sliqua had to lower the security setting as it was affecting members too badly; however it has now let the spam bot back again. It is a total unknown how long the site can continue in the face of this attack. Only Alex would know if this is a mere inconvenience or if the clock is ticking towards a major site failure. Since Alex isn't picking up PMs or emails all we can do is wait...

Oh no, I hope this gets sorted out.

P.S. When I tried to post a minute ago, I got a message from Cloudfaire saying that my browser was being checked for Ddos software. Apparently, some security is there.

^ Yes, Sliqua have managed to get some functionality in place as a temporary measure against the spammer, but it does mean members will get prompted about the browser being checked out. This is to keep the spammer at bay.

I've noticed this. It happened this morning on my tablet and a few minutes ago when I tried to access the site.

Spammers just love to pick on us, don't they?

Obviously this is a problem but the spammers are not going to force the site offline.

Am working on a solution to make it harder for spammers to sign up for Wrong Planet. In the meantime I'm going to make sure all links have a nofollow attribute.

Would be quite foolish of them to take the site down as they won't be having any reading pleasure anymore after they've taken it down.

Thanks for the heads-up, TallyMan. I've run into a couple of problems with this protection so far:

1) Yesterday, the first time I saw it, I got the "Checking your browser before accessing www.wrongplanet.net" page and after 5 seconds I was redirected to http://www.wrongplanet.net/jquery/js/jq ... 4.2.min.js instead of the actual page. Refreshing seemed to fix that one.

2) I had 3 different URLs open in 3 different Chrome tabs when I closed the browser yesterday. When I opened it today all 3 tabs got the "Checking your browser" page, but then all 3 got redirected to the same page, the one that was open in the last tab.

I was actually coming here to ask about the DDoS warning, and the seemingly random spike in new registrations per the "new today/new yesterday" counter (yes, I pay attention to these things ). I had wondered if they were related somehow.

That explains that.

I've noticed this now.......... oh, wow.

I was concerned that it was the symptom of WP having viruses.

By spammers, do we mean commercial spammers, or [EFF!]ing trolls who love nothing more than to spam the forum with all kinds of crap?

[quote="Quatermass"]I was concerned that it was the symptom of WP having viruses.

By spammers, do we mean commercial spammers, or [EFF!]ing

Commercial spammers created more than 2000 member accounts over two days which I deleted but their bot was automatically creating new, fake member accounts at a rate of 1000 per day. It was not possible to block them with conventional means and I got Sliqua involved who upped the CloudFlire security settings which has worked but has the downside of users getting the message about their browser being checked.

The commercial spammers create accounts on here just to put a link to spam sites in their profile. There are normally a few register per day (between 5 and 20) which I delete but these are done by humans and not that prolific and I've blocked most of their IP addresses. What started three days ago was new. Automated registrations at a rate of 1000 per day - there is no telling what that would do to the database if left to run unchecked.

Alex is now on hand and looking at a more permanent solution to the problem.

The ironic thing about them is that they're just a [EFF!]ing nuisance. More often than not, they don't post, although some that do the Nigerian romance scam do PM people.

I'm managed to track down and block the IP addresses of most of the Nigerian romance scammers (many originate from Senegal). The commercial spammers themselves aren't generally interested in posting in the forums, they get what they want from simply having links to their spam sites from their profiles... this is aimed at the Google bots to find and think the target website is popular and hence to boost its ranking in search results. All these spam accounts just to con Google!