Technical Question What should be done if the site is being hacked?

Status
Not open for further replies.

egor

Est. Contributor
Messages
5,440
Role
  1. Diaper Lover
Today the site was being vandalized and there was no administrators on line.

What could be done to stop the attack until someone gets on line that can stop the person?

Also Can anything be done to them for doing this action?

Egor.
 

starpup

Est. Contributor
Messages
225
Role
  1. Diaper Lover
  2. Diaperfur
I just saw what you are talking about. *sigh*
Perhaps a mix of admin from varying timezones so there is more likelihood someone will be able to take action.
 

begard

Est. Contributor
Messages
42
Role
  1. Little
Hacked? there ain't much can be done. That needs serious skills (and privileges) to deal with.

Attacked like today though maybe it's possible to set something up e.g. If a post from a user is reported a couple of times by 2 or 3 other users (or ECs?) their account gets put on hold and their posts hidden until a mod can take a look? requires the time and energies of someone who can code to implement though.

Don't know...

Sorry starpup wish there was a way to erase that from your (and my!) memory
 

HoganBunny

Legendary Bun
Est. Contributor
Messages
5,216
Role
  1. Adult Baby
  2. Babyfur
  3. Little
Gah, those were terrible images...you might try some mind bleach: www.mindbleach.org. :)

Technically, it was a troll, not a hacker. A hacker is someone who tries to break into a site and steal passwords or other confidential info. A troll is someone who tries to stir people up by making offensive posts.

I'm not really sure there's much that can be done. It's impossible for the staff to be on the site 24/7. In this case, the timestamps indicate a little over an hour between when the user's first post and its deletion. That's not terribly long, tbh.

I'm leery of a system that would moderate a user if lots of people reported them. It seems ripe for abuse - a few people could gang up on people they didn't like. In the past, the solution was to neg rep them into moderation. However, all neg rep requires moderator approval today because, unfortunately, neg rep has been abused too much in the past.
 

Scaramouche

Lover of Life, Singer of Songs
Est. Contributor
Messages
4,761
Role
  1. Incontinent
Mind Bleach helped a little. The image is still engraved on in my mind. It is unfortunate that the neg rep was abused. I can only think that if a few trusted members (ahem) from around the world had certain emergency privileges that something like that could be stopped as quick as possible. Obviously the chosen few wouldn't ban for name calling, but that was extreme and downright scary.
 

HoganBunny

Legendary Bun
Est. Contributor
Messages
5,216
Role
  1. Adult Baby
  2. Babyfur
  3. Little
Mind Bleach helped a little. The image is still engraved on in my mind. It is unfortunate that the neg rep was abused. I can only think that if a few trusted members (ahem) from around the world had certain emergency privileges that something like that could be stopped as quick as possible. Obviously the chosen few wouldn't ban for name calling, but that was extreme and downright scary.

Do you mean access to neg rep w/out mod approval or the banhammer?
 

egor

Est. Contributor
Messages
5,440
Role
  1. Diaper Lover
Gah, those were terrible images...you might try some mind bleach: MindBleach!™ [SFW]. :)

Technically, it was a troll, not a hacker. A hacker is someone who tries to break into a site and steal passwords or other confidential info. A troll is someone who tries to stir people up by making offensive posts.

I'm not really sure there's much that can be done. It's impossible for the staff to be on the site 24/7. In this case, the timestamps indicate a little over an hour between when the user's first post and its deletion. That's not terribly long, tbh.

I'm leery of a system that would moderate a user if lots of people reported them. It seems ripe for abuse - a few people could gang up on people they didn't like. In the past, the solution was to neg rep them into moderation. However, all neg rep requires moderator approval today because, unfortunately, neg rep has been abused too much in the past.

Thank you for the response. I was not sure of the correct term so I used "Hacker". For some reason troll never entered my mind.

I am not sure what or how to describe the process I am suggesting. I guess the closes thing would be something like a panic button in the administration field that only a established contributor or higher could use and it only works if no staff are on line. I would not want power to discipline or anything like that just a button that could be activated that would stop all contributors ability too post and thus disable the trolls ability to continue until staff gets back and can clean up the mess. Of course the person activating it had better have good reason or risk a trip to the shed with MOO.

Side note for the record; From the field of work I was in, Pictures like that are nothing to me, but I knew that other people do not tolerate pictures like that.

The staff does such a good job and I understand that it is not 100% possible for someone to be on 24/7. However it is everyone responsibility to protect the integrity of the site at all time.
 

Moo

ADISC Admin
Staff
Messages
5,770
Role
  1. Private
Today the site was being vandalized and there was no administrators on line.

What could be done to stop the attack until someone gets on line that can stop the person?

Also Can anything be done to them for doing this action?

Egor.

A few things:
- This was a spammer, not a hacker.
- Spammers can be dealt with by most of our moderators. They don't require an admin (me).
- For a volunteer site in the middle of the workday (when you'd expect everyone to be at work), our response time was fairly good, I think.
- The best countermeasure to this sort of attack is to filter images/links. E.g: require EC+ status to post them to the forum.
- We could implement that - but it would potentially cause issues for all new users into the future. Is it worth it?
- Given that this attack is the first we've had of this nature in years, I'm not sure it is. If the guy comes back to harass us repeatedly, then sure, but for the moment, I'm not sure its worth it.
 

egor

Est. Contributor
Messages
5,440
Role
  1. Diaper Lover
Thank you Moo.

Our posts are passing like ships in the night, so I do understand the nature of the response.

Thank you for all that you do.
 

Moo

ADISC Admin
Staff
Messages
5,770
Role
  1. Private
Thank you Moo.

Our posts are passing like ships in the night, so I do understand the nature of the response.

Thank you for all that you do.

You're welcome. :)

After talking it over with some staff members, I've implemented a softer, temporary version of the filter.

This softer, temporary filter will probably only last a few weeks, long enough to catch him if he tries the same thing again soon.

While this filter is active, posts by new users containing URLs will be held for moderator approval prior to being shown to non-moderators.

This doesn't stop someone spamming us, but it should stop a spammer blasting us with anything that includes links or images (which tends to be the really nasty stuff).

ECs+ are unaffected by the filter. Even new accounts and contributors will still see their valid posts appear, it may just take a day or two for someone to approve them.
 

Scaramouche

Lover of Life, Singer of Songs
Est. Contributor
Messages
4,761
Role
  1. Incontinent
Do you mean access to neg rep w/out mod approval or the banhammer?

I guess I was thinking of the banhammer. Or maybe a way to suspend the guilty party until a mod could take corrective action? Graphic images and extreme vulgar language would be the triggers.

But, as always, Moo seems to have it under control! Thanks guys! :)
 

Traemo

Est. Contributor
Messages
1,192
Role
  1. Adult Baby
  2. Diaper Lover
  3. Babyfur
  4. Diaperfur
  5. Carer
Moo usually does; the man has been serious thought into ADISC, its policies and procedures.
Personally, I'm glad we have him.
 

Eulogy

ADISC Moderator
Staff
Messages
1,497
Role
  1. Adult Baby
  2. Babyfur
Moo usually does; the man has been serious thought into ADISC, its policies and procedures.
Personally, I'm glad we have him.

Plus, he's filled with robo-steak!
 

KuroCat

Est. Contributor
Messages
2,728
Role
  1. Adult Baby
  2. Babyfur
I missed something, I guess. Images?

Sounds exciting.
 

ade

Est. Contributor
Messages
4,597
Role
  1. Other
Yeah, I missed something as well.

worth missing, for it's lameness. the image was what you've already seen, from a site only visited by people in their first couple of weeks of internetting, and the insults were what you'd expect from a 12 year old; although, the poster was right about one thing: i really am a "sit-eater" (yum, yum).
 

KuroCat

Est. Contributor
Messages
2,728
Role
  1. Adult Baby
  2. Babyfur
worth missing, for it's lameness. the image was what you've already seen, from a site only visited by people in their first couple of weeks of internetting, and the insults were what you'd expect from a 12 year old; although, the poster was right about one thing: i really am a "sit-eater" (yum, yum).

I can only assume it was a goatse from that description.
 

Moo

ADISC Admin
Staff
Messages
5,770
Role
  1. Private
Thanks for the kind thoughts, everyone. *hugs*

If you notice issues with the filter, please PM me.

In the meantime, I'm closing this, as is standard for all resolved AS threads.
 
Status
Not open for further replies.
Top