Notices


Reply
Thread Tools
Posts: 634 | Thanked: 1,666 times | Joined on Aug 2009
#11
@nieldk
i think there is no problem, i will try to produce some number about the blacklist effects.

@nthn
have you read anything from my posts or are you just polling tor, tor, i want tor....
 

The Following 3 Users Say Thank You to xes For This Useful Post:
nthn's Avatar
Posts: 476 | Thanked: 1,559 times | Joined on Jun 2014
#12
Originally Posted by xes View Post
@nthn
have you read anything from my posts
Yes, did you read mine?
 

The Following 2 Users Say Thank You to nthn For This Useful Post:
Community Council | Posts: 3,886 | Thanked: 8,995 times | Joined on May 2012 @ Southerrn Finland
#13
What happened for the initiave to allow Tor access to TMO as a hidden service?

That could be done so that either the access would be read-only or accepted-login only and it would be very easy to set up as there'd be only the one channel to block (meaning, Tor-internal access as hidden service)

Additionally I guess it would cut just about all the random-access-malicious-users-using-Tor-just-to-try-it as not so many would even try to find out that we actually have a hidden gateway.
 

The Following 3 Users Say Thank You to juiceme For This Useful Post:
Posts: 634 | Thanked: 1,666 times | Joined on Aug 2009
#14
@juiceme
who proposed this thing has also an idea about how to realize it?

If the point is ensure that Tor ip could have access, it means give to a bunch of potentially dangerous ip addresses a priority.

If the point is use a blacklist ip based or not, it requires an alternative.

Another example is wiki. The same blacklist protects also wiki and bugs since there is no other plugin that we can use to stop spam there.
What do you suggest to apply there?
 

The Following 2 Users Say Thank You to xes For This Useful Post:
Community Council | Posts: 3,886 | Thanked: 8,995 times | Joined on May 2012 @ Southerrn Finland
#15
I propose this as a study item.

In simplest implementation would be to run a Tor node on one of our VM's to use it as the hidden site access gateway.
Yes, I grant it it sounds dangerous but there are ways to isolate the traffic and keep the node contained. Access to TMO (and wiki I suppose) would only be allowed either read-only or authenticated from that node.
It could even be set up as a request-only use; an user wanting to have Tor access to our sites would need to be pre-authenticated by staff to do that.
 

The Following User Says Thank You to juiceme For This Useful Post:
Posts: 634 | Thanked: 1,666 times | Joined on Aug 2009
#16
An example of the blacklist job:
On 20 October 2016 we stopped 35916 requests.

Here are listed the 100 ip more present in the block log:

https://public.etherpad-mozilla.org/p/XV1d8eHFTY

Feel free to check these ip against http://www.stopforumspam.com/search

and evaluate the statistical possibility to match username/email - ip and what those ip are doing during the last months.

I hope this could explain why tor is only the smallest part of the problem.

Last edited by xes; 2016-10-25 at 11:48. Reason: ip list moved on external link to avoid search engines indexing..
 

The Following 4 Users Say Thank You to xes For This Useful Post:
Posts: 634 | Thanked: 1,666 times | Joined on Aug 2009
#17
Originally Posted by juiceme View Post
I propose this as a study item.

In simplest implementation would be to run a Tor node on one of our VM's to use it as the hidden site access gateway.
Yes, I grant it it sounds dangerous but there are ways to isolate the traffic and keep the node contained. Access to TMO (and wiki I suppose) would only be allowed either read-only or authenticated from that node.
It could even be set up as a request-only use; an user wanting to have Tor access to our sites would need to be pre-authenticated by staff to do that.
@juiceme
I appreciate your point of view, your idea and your try to find a solution to satisfy all....but sincerely talking, do you really want to try to secure a service creating an even bigger risk running a tor node?

I think that evaluating the situation of the community (active members, number of people involved into techstaff and maintenance tasks..) choose a conservative approach is the only possibility we have to survive.

For sure we can decide to upgrade some service,wiki, vbb..or others but create a situation of risk bigger than the actual imperfect status could make damages unfixable for all the servers of the community.
 

The Following 4 Users Say Thank You to xes For This Useful Post:
chemist's Avatar
Administrator | Posts: 1,032 | Thanked: 1,983 times | Joined on Sep 2009 @ Germany
#18
You guys are talking like we block TOR in general, we don't. The blacklists in use contain major exit-nodes most commonly used by bot-nets as they are fast. I do not like the idea of a limited node on our infra, but how about an onion route to tmo? Block registration from within tor? Then as soon as you log in to a site you authenticate your tor connection to be one of our members which is as stupid as it sounds... you can track single IDs within a browsing history even if the browsing was from different devices and with different cookie settings. For some IDs it is enough to determine the kind of searches they do on google as they can be reverse engineered to be lined up to your "put public accounts here"

How do we measure that the blacklist is actually working?
How about that as soon as we activated we have 90% less registrations of sleeper accounts, they get active after exactly 31 days to circumvent a basic 30day grace period of most forum software - we even filter that to some extend but the plug-in we use is failing too.

All those single-link-spam-posts are a mystery. There is no filter or any plug-in that detects them properly.

If anything, we should think about if it is time to get a new forum and use something that is state of the art in any aspect, incl. using garage accountsDB, replacing the wiki software and midgard all at once.
 

The Following 13 Users Say Thank You to chemist For This Useful Post:
Posts: 922 | Thanked: 2,974 times | Joined on Oct 2014
#19
My guess, recent spammers are using an open proxy server.
Do we block those ?
 

The Following 2 Users Say Thank You to nieldk For This Useful Post:
mosen's Avatar
Posts: 682 | Thanked: 4,158 times | Joined on Nov 2014 @ germoney
#20
slightly OT because not tor related:
But how many legit registration of new users are there in a week or day?
My guess is there are fewer legit new users than successful spam attempts, right?
So if manuall work is necessary anyway, why not turn it around and only activate the legit ones on daily basis instead of being forced by the spammers to react more often?

Is it fisable to restrict new accounts to only sent a pm to admins or post in a special thread and ask for activation before posting anywhere else?
 

The Following 8 Users Say Thank You to mosen For This Useful Post:
Reply

Tags
literally, modsellingusoff, qwerty21, timetoforkoff?

Thread Tools

 
Forum Jump


All times are GMT. The time now is 08:07.