Page 1 of 1
Internet security is serious business
Posted: Tue Jul 26, 2005 6:47 pm
by Red Squirrel
I started working on a little something our mod and admin team will enjoy next time we get trolls of any sort.
Here's a screenshot of the interface. Now that I designed the interface, I just have to code the php part of it, which should be relatively simple. Well the backup part may be long as I will make it produce an actual sql file, but I may go lazy and just make it produce a flat text file or something. It's mostly for if the user ID is not entered properly or something.
I had to make it all red, it just looks more, cool.
Seems when I get right into coding, is when friends want to go out, so I may not get the chance to finish it.
Archived topic from Anythingforums, old topic ID:2326, old post ID:36986
Internet security is serious business
Posted: Tue Jul 26, 2005 6:54 pm
by Cicero
Cool. That looks handy.
Archived topic from Anythingforums, old topic ID:2326, old post ID:36989
Internet security is serious business
Posted: Tue Jul 26, 2005 7:38 pm
by Red Squirrel
Wow, that forum is already freaking out over this, and I'm only half way done. I have to leave in about 30 minutes, I'll try to finish it by then, maybe if I stop checking by I'll get work done.
Remember kids, Internet security is serious business.
Archived topic from Anythingforums, old topic ID:2326, old post ID:37017
Internet security is serious business
Posted: Tue Jul 26, 2005 10:41 pm
by Mr Smith
Stupid Question: What does it do?
Archived topic from Anythingforums, old topic ID:2326, old post ID:37062
Internet security is serious business
Posted: Tue Jul 26, 2005 11:34 pm
by Red Squirrel
Pretty straight forward by looking at the screenshot.
It basically does what I did with the sql query, but with a GUI interface so anyone can use it, and I don't have to worry about entering a bad SQL query that could wipe the entire forum or do something like that. Unlike what it looks like, the sql query is not constructed directly with the inputed data, it goes through conditional statements, that way none of the inputed data (but the text box) is put directly in the query, and the text box is filtered for bad chars. But since this is internal use only the filtering is less intense but covers most bases.
Archived topic from Anythingforums, old topic ID:2326, old post ID:37104
Internet security is serious business
Posted: Wed Jul 27, 2005 12:00 am
by Jack Potato
ok.
Archived topic from Anythingforums, old topic ID:2326, old post ID:37113
Internet security is serious business
Posted: Wed Jul 27, 2005 12:10 am
by Red Squirrel
By anyone I mean authorised people other then myself... I kind of worded that wrong. Otherwise, yeah, I'd make that face too.
Archived topic from Anythingforums, old topic ID:2326, old post ID:37119
Internet security is serious business
Posted: Wed Jul 27, 2005 11:10 pm
by Red Squirrel
The new system is almost ready for deployment. I just have to add the raid detection system to it, to avoid the ability of being able to delete legit members. It will basically do a special set of calculations using time, number of posts, and other algorithms. I'll try to make it as simple as possible but yet as accurate as possible, with a bit of leeway towards false positives (letting you delete legit posts), because the last thing we want is that we try to delete a raid but it says it's not one, because of someone trying to circumvent the detection system by tricking the algorithm. Besides this system will only be accessible by mods and admins, so this extra security is mostly to avoid mistakes, or if somehow someone compromised a mod account or something.
Once this system is in place I may also implement one based on the same algorithms, but it will run in real-time (sort of like the spam detection system) and block raiders on action, but like anything else automatic, this won't be perfect, and I rather have false negatives than false positives so the system that will soon be deployed will still be a needed tool as the auto one wont catch everything.
I stopped posting at that forum to avoid throwing logs in the fire, but it seems that they are still wanting to attack, and I have a big feeling I’m not seeing everything, as I have not found all their refuges yet, and I’m sure the ones I’ve found have hidden forums, including the official base.
I think this weekend I'll stay in town to complete all the legal proceedings along with the various security implementations, as I figured this would die down, but it’s not. I have a special contact with someone that I may want to consider as well. Give it a few months and everything will be over, but not to worry, most of the stuff nobody should see here anyway.
Archived topic from Anythingforums, old topic ID:2326, old post ID:37369
Internet security is serious business
Posted: Thu Jul 28, 2005 7:44 pm
by Red Squirrel
Been busy with other stuff, such as installing a furnace blower switch at my sister's house. Ok, so that took like 5 minutes, but yeah, busy.. other stuff.
Anyway, the script is done, just have to test it. The raid validation system is WAY more accurate then I figured it would be, and I only used very basic math to calculate it. I took a few members in the database and ran a test and most people were registering at like 0.05, while a test raid I did on the forum (on my LAN server) registered at about 5. So basically anything above 1 is most likely a raid. I have to take into account if they post like 20 times, wait a month then do a raid, as this would decrease the value. So I might even have to go with like a 0.5 or higher being considered a raid. If this system proves acurate enough for me, I may use this statistical analysis in an automated solution. BUT I will have to use higher values to avoid false positives, since a false positive would be very nasty. If you have a new member that just likes to post allot, he will register higher on the scale so would not want that to trigger the raid system. So that's why this tool is still useful, as not all raids will be stopped automaticly, if I do make this system.
Good news is, the automated system would be very simple to do, the long part is tweaking it to near perfection.
Also I can't forget this script won't only be for raids, but for spammers in general, it will make it easier to delete a few spam posts by a member and ban him at the same time. But the spam filter seems to work decent most of the time on these. Double security is always good. 1 non script automated layer, then a manual layer to weed out what the automated one misses.
Edit: after some more intensive testing the algorthm is not all that great. I have an idea on how it will be improved, but it's not really needed for this part, only if I decide to make it automated. I'm testing all the sql query combinations and then I'll deploy it. There will be a note in the admin forum for details on how to use it.
Archived topic from Anythingforums, old topic ID:2326, old post ID:37469
Internet security is serious business
Posted: Thu Jul 28, 2005 9:11 pm
by Red Squirrel
The system is completed, admins/mods please check admin forum for more details and questions on how to use it.
Wallace, bring 'em on! I double dare ya!
Archived topic from Anythingforums, old topic ID:2326, old post ID:37486
Internet security is serious business
Posted: Thu Jul 28, 2005 11:21 pm
by Jack Potato
ok
Archived topic from Anythingforums, old topic ID:2326, old post ID:37526
Internet security is serious business
Posted: Fri Jul 29, 2005 4:19 am
by Cereal_Killer
There are no secret forums, there is no attack being planned on you. You've become their latest 'fad'. Ignore them and they'll get bored very quickly.
Archived topic from Anythingforums, old topic ID:2326, old post ID:37544
Internet security is serious business
Posted: Fri Jul 29, 2005 8:52 am
by Jack Potato
or go into a fetal position...*curls up into a ball *
Archived topic from Anythingforums, old topic ID:2326, old post ID:37567
Internet security is serious business
Posted: Fri Jul 29, 2005 3:20 pm
by Red Squirrel
Or squirrel attack position, squirrels are freaky when they're in that position.
Archived topic from Anythingforums, old topic ID:2326, old post ID:37600
Internet security is serious business
Posted: Fri Jul 29, 2005 3:21 pm
by Red Squirrel
Cereal_Killer wrote: There are no secret forums, there is no attack being planned on you. You've become their latest 'fad'. Ignore them and they'll get bored very quickly.
No will actually posted about doing another attack. I'm just waiting for it. Maybe they changed their mind though. I have legal plans though, just unsure if I should wait for the next attack to get more data, or go ahead with what I have on my hard drives.
Archived topic from Anythingforums, old topic ID:2326, old post ID:37601
Internet security is serious business
Posted: Fri Jul 29, 2005 5:39 pm
by Cicero
I think you should wait. It might never happen.
Archived topic from Anythingforums, old topic ID:2326, old post ID:37626
Internet security is serious business
Posted: Fri Jul 29, 2005 5:54 pm
by Red Squirrel
Yeah, right now it's mostly all on standby with only small research and download going on. Theres a few members there I may decide to contact their ISP, but that too, is on hold. Someone else who has been harassed by them PMed me here so we're sort of working together on this case.
Archived topic from Anythingforums, old topic ID:2326, old post ID:37628
Internet security is serious business
Posted: Fri Jul 29, 2005 6:44 pm
by Cereal_Killer
Ok, red squirrel, seriously, they're just taking the mick out of you.
A ) Will was pretty much the only member that spammed your forums, maybe two other little known ones.
B ) They used proxies, so you probably don't have the right IP's.
C ) You'll have difficulty finding a law he has broken.
I know it's frustrating, but going on about it is just more likely to get the attention of the whole forum. At the moment you're harassing them, by threatening to get any forum the members move to closed down. That's just gonna cause a bigger attack to happen, which you still won't be able to do anything about, from a legal standpoint. The security you have in place right now is plenty to easily stop any spamming, so you shouldn't be worrying so much.
Archived topic from Anythingforums, old topic ID:2326, old post ID:37636
Internet security is serious business
Posted: Fri Jul 29, 2005 8:46 pm
by Red Squirrel
Yes will was responsible, but most forum members support it. I'd post screenshots but they're all high res and I'm too lazy to compress them more, but I have plenty of evidence. Beside, if the forum did not support him, he would be banned right now.
Most of them don't even know what a proxy is... most of them don't even know what security is... they're mostly all 13 year olds. When I was that age, I was playing with legos and micro machines. LOL The high end security here is overkill for them, but figured I'd go big to prevent future attacks in case people who know what they're doing ever decide to attack.
Plenty of laws have been broken. Ever hear of pipeda? That's one right there, then there's slander, cyberstalking, and I could probably find out more if I took it to atorneys.
I'm not just fighting this for me, but for others that get harrassed. Also, it's sad to think that the parants of these kids allow their kids to use the computer without any type of supervision, or simply don't care. I'm sure they're also bullies at school and bullie around other people their age. I think their net being cut off is the best thing that can happen for them, and their parants and even teachers.
Archived topic from Anythingforums, old topic ID:2326, old post ID:37647
Internet security is serious business
Posted: Mon Aug 01, 2005 1:51 am
by Red Squirrel
BTW I had a topic about not going to that forum due to a virus (bypasses firefox too) I found (still did not get a chance to investigate it's code, or it's exact origin) but I deleted it. It was just adding wood to the fire and I think now that I have the FBI involved in this it's probably best I keep quiet about the case anyway. I'll wait for their advice and see what happends from there.
It's certainly not something on their priority list so don't exact any super fast response, but because the site has racism, harasement, hacking and other questionable activitities they won't ingore it either. I also know another legal firm I may get involved in this, if I don't hear from the FBI.
But in terms of AF's security, I think we're fine now, I doubt they'll launch another attack. If they do, they're complete idiots for sure... Even if they use proxy chains or clusters of proxies, at this point I will actually bother to trace the whole chain up to the originating IP address.
So best thing now is just waiting to see what happends from here and as always, happy posting.
Archived topic from Anythingforums, old topic ID:2326, old post ID:38032
Internet security is serious business
Posted: Mon Aug 01, 2005 9:52 am
by Cereal_Killer
They use anonymous Proxies in foreign countries a lot of the time. The only way to trace it further would be to email the people who have the proxy server, and ask them to check the logs to find out the referring ip. Since most of them are in countries that don't speak english, it's a little difficult.
Archived topic from Anythingforums, old topic ID:2326, old post ID:38050
Internet security is serious business
Posted: Mon Aug 01, 2005 12:33 pm
by Red Squirrel
It can be done.
I can block all proxies at once if worse comes to worse but that could potentialy block legit users so I want to use that as last resort. Not sure yet if it's possible or not but from what I know on the http protocol it should be possible if php supports the lower level packet checking I'd have to do.
Archived topic from Anythingforums, old topic ID:2326, old post ID:38055