Mama Mia --- We are under attack! ... Help our admins!

Meta
#21

Thx, but I am sure, I was not alone. Especially since I was late.

  • All the existing flags helped to remove the posts and the users quickly
    • So thx for all users that started to flag the posts
  • IMO completely stopping new user accounts temporarily may have helped too
  • It seems every IP address created 3 new accounts and started to spam posts
    • 3 accounts with one IP is a limit in the discourse settings
    • So this attack was driven from bots, with the API
  • If admins flag a post, there is a possibility in the UI, to remove all users and posts from the same IP at once
  • So every action seems to remove and block 3 users
  • While removing flagged posts, I did get some server errors. This usually means, that someone else did already remove the post.
  • Some posts where automatically “hidden” by the the “system” bot, which can detect bots.

Currently a new IP can only create 1 new user. The problem here is, that this may prevent users that have the same IP. Eg: 2 different users in 1 household, or users from the same company.

We should probably increase that limit again in the future.

Hope that make sense.

4 Likes
#22

So I wasn’t sure what the right approach was, flagging as spam or making the spam posts unlisted. I went for the latter as it seemed the fastest way to clean up the site for visitors, and marked a few dozen posts as unlisted. Did we catch those in the deletion and clean up?

#23

Yes. Admins and moderators can see hidden posts in their overview list.

I did flag them and got a dialogue to delete the user. The dialogue said that it can delete 3 users + their posts, with one action.

I think / hope we did not delete existing valid users, since the system can only delete users, that have no other existing posts. So removing a single flagged post can also delete the post + the spammer.

1 Like
#24

The moderator options are … weird. It doesn’t explain that when you delete the user the messages will also be deleted. I try to check that the user is brand new (they usually are).

It’s strange that a system that is so opinionated doesn’t think there is a problem with a brand new user posting a long message jam-packed with phone numbers. Phone numbers seem to be the new URL. I always wonder who would respond to this sort of advertising.

#25

is it possible to set a requirement of not being able to make a post unless you’ve been a member for a certain period of time without the assistance of an admin?

That could help mitigate it. I think reddit has a similar function of preventing new posts to a subreddit unless you have a certain amount of karma

1 Like
#26

Thank you, everyone for your vigilance! By the time I first looked, ~11:30 UTC, there was no sign of the problem except that the overview page told me there were 30+ new topics, which were gone by the time I visited the New page.

So great job turning back the attack. Maybe next time it will happen during my waking hour, and I can be one of the ones working on it. But here’s to it not happening at all!

1 Like
#27

Right.

I saw well over 100 SPAM messages as I happened to be here as it happened. @pmario and others did a great job keeping removing those posts so quickly few knew how extreme the alien post numbers were.

#28

Even if you’re not a moderator, your flag helps:

Sadly, the author can make it visible again by editing their post. But I don’t think spammers actually drop by to visit.

2 Likes
#29

Erm. Could we add a “Thumbs Down” to our emojis for signalling that?

#30

There’s a separate Flag icon in the More (three-dots) menu.

#31

You mean Bookmarks?  

#32

Nope, more like a flag:

image
image801×262 8.1 KB

image
image813×284 9.23 KB

#33

The biggest problem of this strategy is that it discourages new users from becoming regular members. New users often come looking for [quick] help and restrictions like these, even if they are justified technically, still look like bureaucratic measures to them. So they may never return. Which means the spammers have succeeded in disrupting the service.

2 Likes
#34

ah, fair point. definitely do Not want to discourage new users. The time out on repeat posts seems like a kuch better idea then

#35

Most emojis have no effect at all. They are pure cosmetics, except the “heart” :heart:, which counts as a like.

There are several thresholds for “trust levels”. One of them are likes which are very low. Eg: one threshold for TL3 is 20 likes received and 30 likes given.

Every user can flag a post that can hide posts and silence spammers. Moderators and admins are informed and they can then decide what to do on a per post / per user basis.

Info about trust levels can be seen at: Understanding Discourse Trust Levels

#36

That’s exactly right. That’s why the default was to allow new users to sign up and post. – New users have TL0 trust level 0, which already has many restrictions.

At the moment new accounts have to be approved by “staff” but I intend to change that “back
to normal” soon.

There are 3 possibilities.

  • Crating an account will need staff approval - active at the moment
  • Creating account is open, but every post must be approved – Very labour intensive for staff
  • Create account and start posting - (was default)
#37

There is also the “Flag” button at the bottom of the thread - I assume it flags the whole topic rather than a single post (amounts to the same thing with a single post spam). It’s a bigger target and not hidden behind the extra click of the ... so much faster and easier to use (still took me half a dozen flagging of spam before I realised it myself!)

#38

Is there a user trust level that allows posting to be pre-approved but no other privs granted? If so, that would could make a reasonable middle between where we are now, and were before. Anyone could make an account and post (though with the aforementioned delay depending on mod availability), and mods either approve their first post and elevate their privs, or deny as spam

#39

It is good to have that clarity!

I sometimes wonder if we should document that kind of thing a bit more?

#40

Question: This is manageable by staff?

I am very aware admins and moderators have to do work on demand.
So I’d like to know your point of view.

Right. And seems unneeded in this group. Meaning “guarding” against false “first group entry” seems most important?

Best, TT