Urban planning community

+ Reply to thread
Results 1 to 3 of 3

Thread: Bot attack

  1. #1
    Cyburbia Administrator Dan's avatar
    Registered
    Mar 1996
    Location
    Upstate New York
    Posts
    14,586
    Blog entries
    3

    Bot attack

    Since Friday, Cyburbia has been getting hit with a bot attack originating from Belarus. I blocked the offending IP block, but the bot still keep attempting to access the site - specifically the forums. The attack commenced with a ton of email spam to the forums account, advertising the usual assortment of prescription drugs.

    If you get ANY PM spam, see any spam posted on the message board, or otherwise encounter anything suspicious, please let me know. Thanks!

  2. #2
    Cyburbian statler's avatar
    Registered
    Jul 2002
    Location
    Boston Area
    Posts
    450
    Why? Are these types of attacks random or do you think you were targeted?
    "So, if a city has a personality, maybe it also has a soul. Maybe it dreams." -Gaiman
    ArchBoston

  3. #3
    Cyburbia Administrator Dan's avatar
    Registered
    Mar 1996
    Location
    Upstate New York
    Posts
    14,586
    Blog entries
    3
    I really don't know. The bot(s) kept reloading a certain thread in the forum, and accessing a "contact us" script -- at first every few seconds, but then tailing off to every few minutes. Another in the same range hammered away in short bursts at the location of a nonexistent Moveable Type blog script. As far as I know, the bot is still hammering away. Last night the VPS host (DEHE; great folks) helped me block a huge range of IPs from Belarus at the server level. Server tweaking caused some access problems for a bit, but that's mostly resolved.

    The bot managed to mail a bunch of drug spam the general Forums email contact account. Since the bot was visiting the site as an unregistered forum member, they had to validate a captcha image to use the contact form. The fact that they did -- every 10 to 20 minutes -- just to send one account drug the same drug spam over and over and over again, has us a little nervous. Worst-case scenario - the vBulletin 3.5 captcha is machine-crackable. I'm working with the good folks at vBulletin to see if there's a problem.

    We do get malicious bots from time to time, but not as persistent as the one from Belarus. Usually, they're trying to post comment spam to the addresses of blog scripts that aren't here, but they give up after a couple of attempts. The bots are sometimes hosted on hijacked PCs in the US and Canada, but most often they're on Web servers in Eastern Europe.

+ Reply to thread

More at Cyburbia

  1. Sneak(er) Attack!
    Friday Afternoon Club
    Replies: 10
    Last post: 27 Feb 2012, 9:34 AM
  2. When Budgies Attack!
    Friday Afternoon Club
    Replies: 4
    Last post: 22 Aug 2005, 6:38 PM
  3. This is NOT a Walmart attack....
    Friday Afternoon Club
    Replies: 26
    Last post: 05 Dec 2003, 2:31 PM
  4. When Homes attack!
    Friday Afternoon Club
    Replies: 25
    Last post: 30 Jul 2003, 9:15 PM