Active Topics

 


Reply
Thread Tools
pichlo's Avatar
Posts: 6,445 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#11
Originally Posted by nieldk View Post
By not allowing posts from new accounts for a time period
By not allowing multiple posts within XX minutes
By observing nicks of spammers and removing them (This can somewhat be scripted btw)
This!

Whilst I understand that IP-based defence is quick and easy, I agree with nieldk that it is not the best option. The best defence would be behavioral based. It may require more effort to set up but should be easily automated once done, with no (manual) moderating involved.
 

The Following 12 Users Say Thank You to pichlo For This Useful Post:
Posts: 1,288 | Thanked: 4,316 times | Joined on Oct 2014
#12
Originally Posted by Copernicus View Post
Cool! So, this forum is entirely infeasible to begin with.
Absolutely. There is no point in trying to fight it by blacklisting tor, that is my point (well, one of them).
As You have noticed, we have also been spammed from other sources, like China.
There is not point, we cant prevent it from happening, but we can minimize it by making it harder.
The clever spammer, or professional if you want, dont need tor, and probably is not even using it.
Any proxy will do even better.
 

The Following 8 Users Say Thank You to nieldk For This Useful Post:
Copernicus's Avatar
Posts: 1,986 | Thanked: 7,698 times | Joined on Dec 2010 @ Dayton, Ohio
#13
Originally Posted by pichlo View Post
Whilst I understand that IP-based defence is quick and easy, I agree with nieldk that it is not the best option. The best defence would be behavioral based.
and...

Originally Posted by nieldk View Post
There is no point in trying to fight it by blacklisting tor, that is my point
So yeah, the problem here then is not with blacklisting TOR; it is with blacklisting.

I guess all I've been trying to say here is that there's no good reason to treat TOR any different than any other IP provider. Everyone should be treated equally.
 

The Following 6 Users Say Thank You to Copernicus For This Useful Post:
wicket's Avatar
Posts: 634 | Thanked: 3,266 times | Joined on May 2010 @ Colombia
#14
As I understand it, the primary reason for why Tor access has been blocked is to prevent spam. Whilst DDoS attacks are of course possible, I wouldn't have thought that TMO would be a likely target and even if we were targeted, anonymous proxies are only used in one fifth of DDoS attacks so blocking Tor does very little to prevent them.

A simple human verification question that everyone here can answer such as "What is the is the name of Jolla's OS?" or "Which company created Maemo?" would largely solve the spam problem and would help to prevent the spam attacks that still occur despite the current blacklist solution.

I do however think that HTTPS access to TMO should be set up first having read this earlier today.
__________________
DebiaN900 - Native Debian on the N900. Deprecated in favour of Maemo Leste.

Maemo Leste for N950 and N9 (currently broken).
Devuan for N950 and N9.

Mobile devices with mainline Linux support - Help needed with documentation.

"Those who do not understand Unix are condemned to reinvent it, poorly." - Henry Spencer
 

The Following 7 Users Say Thank You to wicket For This Useful Post:
Posts: 75 | Thanked: 269 times | Joined on Aug 2012
#15
Originally Posted by nieldk View Post
By not allowing posts from new accounts for a time period
By not allowing multiple posts within XX minutes
By observing nicks of spammers and removing them (This can somewhat be scripted btw)

Anyways, that is not an excuse for blocking tor services at all.
We have also seen massive spams from certain countries, why are those countries not entirely blocked ? I will answer that myself. We dont want to harm friendly users from those counties.
Why do we want to harm friendly tor users then?

edit: aboy (D)DoS: https://www.torproject.org/docs/faq-abuse.html.en#DDoS
What if a spammer creates a bunch of sleeper accounts?
It would bypass most of your suggested checks.

Also what if you remove legit accounts?
It would be the exact same issue as blocking legit Tor users.

Depending on how possible it would be, one option would be just to allow guest access to tor users. This would allow tor users to keep their privacy and read the forums and stop spammers from being able to use Tor.
 

The Following 5 Users Say Thank You to Ilew For This Useful Post:
peterleinchen's Avatar
Posts: 4,117 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#16
afaik the last attack was not only spam but more like a password-steal-attack. And all of above solutions/proposals would not have helped here.
But only blacklisting those adresses where the attack came from.
And yes it is inconvenient. But (just as an analogon): would you like to enter a plane where there is no security check at all? [me for sure not]
Not that I would like Datenvorratsspeicherung nor any other in-advance-protection-by-prediction. But tthere is a price to pay for security.

--
and always remember (at least my knowledge): the more often you use tor the more likely it is you hit an 'official' exit node (run by authorities) and getting noticed...
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature

Last edited by peterleinchen; 2015-06-26 at 22:50.
 

The Following 5 Users Say Thank You to peterleinchen For This Useful Post:
Posts: 1,288 | Thanked: 4,316 times | Joined on Oct 2014
#17
Originally Posted by peterleinchen View Post
afaik the last attack was not only spam but more like a password-steal-attack. And all of above solutions/proposals would not have helped here.
But only blacklisting those adresses where the attack came from.
And yes it is inconvenient. But (just as an analogon): would you like to enter a plane where there is no security check at all? [me for sure not]
Not that I would like Datenvorratsspeicherung nor any other in-advance-protection-by-prediction. But tthere is a price to pay for security.

--
and always remember (at least my knowledge): the more often you use tor the more likely it is you hit an 'official' exit node (run by authorities) and getting noticed...
I will repeat, I understand all the reasons behind the decision. But I still dont think it really helps using blacklisting.
As for "But tthere is a price to pay for security.". Why are we not using HTTPS all over TMO then ?
 

The Following 9 Users Say Thank You to nieldk For This Useful Post:
pichlo's Avatar
Posts: 6,445 | Thanked: 20,981 times | Joined on Sep 2012 @ UK
#18
TOR has been under a sustained propaganda attack in the British media. It has been referred to as "dark net", blamed for harbouring paedophiles etc. This image is hardly going to change if even the people who should know better sign up to the same bull****.
 

The Following 10 Users Say Thank You to pichlo For This Useful Post:
Posts: 1,994 | Thanked: 3,342 times | Joined on Jun 2010 @ N900: Battery low. N950: torx 4 re-used once and fine; SIM port torn apart
#19
My point of view is: if you are using a proxy, or a Tor exit node, be prepared to it being blocked for a duration of a spam attack ongoing through same proxy (or Tor exit node). To make matters easier for Tor users, the blocking could be of read-only kind: you can read forum, but you cannot log in aka send posts or private messages through it.

Since Tor's purpose is anonymity, logging into an account while using Tor doesn't make much sense, anyway. Right?

And if anonymous users were allowed to post without logging in... How would forum be protected from spambots? Registration of an account includes many "are you human?" checks, and spammers still like to bypass them (even if they have to use actual human-time to do it). Would you still enjoy anonymous Tor access if you had to jump through half a dozen different captchas for every post?

I would run a Tor exit node. But I would have to get a 24/7 server dedicated to it, first. And research the local implications of running it (high traffic? restrictive laws? whatever).

Tor isn't blocked here "just because it's Tor". Tor is blocked for duration of spam attack using this particular Tor exit node. It doesn't make sense to whitelist Tor exit node just because many other-non-spammer people are using it, unless you find a good way to protect forum against spam-attack (which doesn't involve too-many-human-hours of work from moderators). It could make sense to implement particularly nasty captchas-before-making-a-post against this particular IP for the duration of attack from it, if it's possible.

Just my personal opinion. And yes, I would support addition of https access to TMO.

Thank you. Best wishes.
 

The Following 10 Users Say Thank You to Wikiwide For This Useful Post:
endsormeans's Avatar
Posts: 3,139 | Thanked: 8,156 times | Joined on Feb 2013 @ From my Gabriola Island hermitage, near the Edge of the World
#20
I'm wading into the morass here too...
looks like fun
I concur with Wiki
In fact I go further.
I do believe in the individuals right to protect themselves.
That is something I think everyone here can agree on.
But an individual thinking they can comment anonymously.. express their views...and expect to "stay" anonymous ...and that the result of the state of technological security today is somehow the fault or responsibility of either "Powers" or "Authorities" or "Governments" or "whatever bad people/ groups" or "Maemo" or "TMO" ....and wish or demand some sort of compromise or allowance or whathaveyou...alllll because ...?
Because people wish to post from a position of anonymity in a public forum?
How does any open and accepting community embrace anonymity?
Not well ...when it boils down to it.
I think either an individual should be open and honest and simply accept the consequences for their words and actions uttered and done in the full view of the public...*
or ...don't bother saying a thing.


And please please please no one rear the specter of being "monitored" and "recorded "by your connection without safeties like tor...yet again.
Because the moment you get off your smart device or computer thinking you are so anonymous and walk outside your home...
there are countless cameras with footage of you walking down the street...there are drones everywhere now ..there are dashcams , atm's, store cameras, parking lot security cameras, cameras at street intersections, satellites in the heavens, and more..and don't forget there is everyone else walking beside you with their bloody iphone ...just hoping you'll snap from societal stresses.. so that they get to film you as the cops are hauling you away for attempting to go on a killing spree with a blunt tongue depressor and put the vid up on youtube before you are even "booked" at the station...as their "claim-to-fame" and subsequent hope to do the talk show circuit....

And if that isn't enough...All the people who have been "smart" to start using tor within the last few weeks, months, year, years, half decade...more...you don't think that the powerful governments of this planet do not have files on you and everyone else "predating" your and everyone else' new interest in security?
really?

Sooo...either man-up and speak your mind responsibly and join in community dialogue..like other people do.
or
do not engage in public discourse and remain anonymous as you wish or you truly, justifiably, and understandably need to be.
But I do believe the ability to have one's cake and eat it too is rapidly ending.



*which people are being put to task with now...
and in fact ...
now sites are going to be held responsible for the utterances of their members and their behaviour...directly.
Hell of a legal precedent was set..
I posted about the landmark decision here in the forum..

This means ...the boys at the helm of the good ship tmo have to steer this ship well or the site is held accountable...
and that means essentially no crap people...no hate mongering...or racism ...or ..well alotta the bad stuff people should know better than to speak anyway..... .
Anyway..in light of the fact sites are now legally accountable for the people in them...members, posts in their forums...etc.

I see the issue of needing a firm hand concerning tor...
in tandem with the issues of stringent moderation.
Both directly pertain to our sites safety, accountability and longevity.

I don't see it as a "desire" or a "wish" or whatever could be taken out of context from my words... that is truly not relevant .
It is what the civilization around us and their courts of law are beginning to demanding of us now.
That is what is truly relevant.
__________________
Lurker since 2007, Member since 2013, Certifiable since 1972

Owner of :
1-n770 (in retirement), 3-n800's / 3-n810's (still in daily use), 5-n900's ((3 are flawless, 1 loose usb ( parts), 1 has no telephony (parts))
3-nexus 5's : 1 w/ Floko Pie 9.1 (running beautifully) waiting for Stable Droid 10 rom, 1 w/ ̶Ubuntu Touch, 1 with Maru OS (intend maemo leste when ready)

1/2 - neo900 pre- "purchased" in 2013. N̶o̶w̶ ̶A̶w̶a̶i̶t̶i̶n̶g̶ ̶r̶e̶f̶u̶n̶d̶ ̶p̶r̶o̶c̶e̶s̶s̶ ̶l̶a̶s̶t̶ ̶f̶e̶w̶ ̶y̶e̶a̶r̶s̶ - neo900 start up declared officially dead -
Lost invested funds.


PIMP MY N8X0 (Idiot's Guide and a video walkthrough)http://talk.maemo.org/showthread.php?t=94294
THE LOST GRONMAYER CATALOGShttp://talk.maemo.org/showthread.php...ight=gronmayer
N8X0 VIDEO ENCODING THE EASY WAYhttp://talk.maemo.org/showthread.php...ght=mediacoder
242gb ON N800http://talk.maemo.org/showthread.php?t=90634
THE PAIN-FREE MAEMO DEVELOPMENT LIVE DISTRO-ISO FOR THE NOOB TO THE PROhttp://talk.maemo.org/showthread.php?t=95567
AFFORDABLE MASS PRODUCTION FOR MAEMO PARTShttp://talk.maemo.org/showthread.php?t=93325

Meateo balloons now available @ Dave999's Meateo Emporium

Last edited by endsormeans; 2015-06-28 at 06:28.
 

The Following 5 Users Say Thank You to endsormeans For This Useful Post:
Reply

Tags
https, legal hell

Thread Tools

 
Forum Jump


All times are GMT. The time now is 04:05.