Creationkit.com vandalized : V

» Sun Nov 18, 2012 3:55 pm

So the front page of Creationkit.com now has this lovely message on it:

OPPOSITE BLOCK.
UNBLOCK.
UNBLOCK IS OPPOSITE BLOCK.
UNBLOCK IS UNBLOCK.
PRIVATE BLOCK.
SECRET BLOCK.
HIDE BLOCK.
SURPRISE BLOCK.
DREAM BLOCK.
SLEEP BLOCK.
THINK BLOCK.
EMOTION BLOCK.
SENCE BLOCK.
STUCK BLOCK.
WASTE BLOCK.
FOOD BLOCK.
LIVE BLOCK.
DO BLOCK.
HAPPEN BLOCK.
REAL BLOCK.
YOU BLOCK.
I BLOCK.
ADVERB BLOCK.
VERB BLOCK.
ADJECTIVE BLOCK.
NOUN BLOCK.
DIMENSION BLOCK.
MASS BLOCK.
SUBSTANCE BLOCK.
MATERIAL BLOCK.
MATTER BLOCK.
TIME BLOCK.
SPACE BLOCK.
ENERGY BLOCK.
OBJECT BLOCK.
UNIVERSE BLOCK.
WORSE BLOCK.
WORST BLOCK.
BARRIER BLOCK.
BOUND BLOCK.
CLOG BLOCK.
LIMIT BLOCK.
OBSTRUCT BLOCK.
BLOCK BLOCK.
ANYTHING BLOCK.
EVERYTHING BLOCK.
HOW UNBLOCK ANYTHING?
HOW UNBLOCK EVERYTHING?
FOREVER WAYS EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK ARE.
ONE 1. ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
DREAM ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
THINK ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
SAY ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
READ ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
WRITE ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
COMMUNICATE ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
LISTEN ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
FOLLOW ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
WORSHIP ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
PRAY ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
ALLAH UNTIL EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
TWO 2.
OPPOSITE BLOCK.
UNBLOCK.
UNBLOCK IS OPPOSITE BLOCK.
UNBLOCK IS UNBLOCK.
PRIVATE BLOCK.
SECRET BLOCK.
HIDE BLOCK.
SURPRISE BLOCK.
DREAM BLOCK.
SLEEP BLOCK.
THINK BLOCK.
EMOTION BLOCK.
SENCE BLOCK.
STUCK BLOCK.
WASTE BLOCK.
FOOD BLOCK.
LIVE BLOCK.
DO BLOCK.
HAPPEN BLOCK.
REAL BLOCK.
YOU BLOCK.
I BLOCK.
ADVERB BLOCK.
VERB BLOCK.
ADJECTIVE BLOCK.
NOUN BLOCK.
DIMENSION BLOCK.
MASS BLOCK.
SUBSTANCE BLOCK.
MATERIAL BLOCK.
MATTER BLOCK.
TIME BLOCK.
SPACE BLOCK.
ENERGY BLOCK.
OBJECT BLOCK.
UNIVERSE BLOCK.
WORSE BLOCK.
WORST BLOCK.
BARRIER BLOCK.
BOUND BLOCK.
CLOG BLOCK.
LIMIT BLOCK.
OBSTRUCT BLOCK.
BLOCK BLOCK.
ANYTHING BLOCK.
EVERYTHING BLOCK.
HOW UNBLOCK ANYTHING?
HOW UNBLOCK EVERYTHING?
FOREVER WAYS EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK ARE.
ONE 1. ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
DREAM ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
THINK ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
SAY ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
READ ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
WRITE ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
COMMUNICATE ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
LISTEN ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
FOLLOW ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
WORSHIP ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
PRAY ALLAH EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
ALLAH UNTIL EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK.
TWO 2.

Not sure whether the user DB was compromised too or not, but if you have an account on there, now's the time to start worrying if you reused the password elsewhere. Not saying that it was a hack as opposed to a simple vandal, but paranoia is healthy in this day and age.

Admins ought to clean house asap.

» Sun Nov 18, 2012 6:42 pm

No such thing over here. Might be local on your system perhaps? Edit: Looks to be a registered user who was just changing pages, he's already banned.

Strange attempt to convert people to Islam though. :biggrin:

» Sun Nov 18, 2012 4:58 am

Thanks for the heads-up

I've cleaned up the mess.

» Sun Nov 18, 2012 6:39 am

Wiki vandalizing like this happens all the time. It's really not a big deal. When someone discovers this (and apparently someone already has) the guy's IP address will be banned and the page will be reverted to an earlier version.

Move along people, there's nothing to see here.

» Sun Nov 18, 2012 3:21 am

You have to laugh at the mentality of some sad people

» Sun Nov 18, 2012 5:38 pm

There have been a few users vandalising the wiki like this over the past couple of days. I'd like to be able to do something about it but at the moment all that's available to us is undoing the changes one by one and, for those of us with the permissions, blocking the user.

If you notice vandalism on the wiki, please take a look at the history of the page and undo the vandalism. You can now also mark the user as a vandal or spammer by adding [[Category:Vandals]] to their user page, which will allow those of us with the ability to block them to easily find them and do so.

Cipscis

» Sun Nov 18, 2012 6:04 pm

Whoever these guys are it looks like a more general spam campaign as Google turns up other wikis that have been hit as well. It reeks of some kind of test run to see if their bot works because the words themselves obviously have no meaning.

» Sun Nov 18, 2012 5:43 am

Yeah, I noticed the same. Near the bottom of their spiel it unexpectedly starts talking about Allah. I'd potentially call it the strangest spam I've ever seen, and it doesn't seem to be able to be promoting any agenda (no links or references to anything) so you might be right about the trial run.

However, account creation requires CAPTCHA completion and email confirmation, and all edits by regular users require CAPTCHA completion. Given that it's getting past the CAPTCHA fairly consistently, and only vandalised my own user pages after (immediately after) I stopped the first account, perhaps it's not just a bot?

Cipscis

» Sun Nov 18, 2012 7:21 am

They forgot 'IP BLOCK'.

Well done, ShadeMe, deleting the spammer and the horse they rode in on. We really need a one button "Revert all edits by user" feature...

» Sun Nov 18, 2012 10:07 am

Yeah, I noticed the same. Near the bottom of their spiel it unexpectedly starts talking about Allah. I'd potentially call it the strangest spam I've ever seen, and it doesn't seem to be able to be promoting any agenda (no links or references to anything) so you might be right about the trial run.

However, account creation requires CAPTCHA completion and email confirmation, and all edits by regular users require CAPTCHA completion. Given that it's getting past the CAPTCHA fairly consistently, and only vandalised my own user pages after (immediately after) I stopped the first account, perhaps it's not just a bot?

Cipscis

Or their bot has cracked the Captcha. :confused:

» Sun Nov 18, 2012 6:27 pm

Yeah, I noticed the same. Near the bottom of their spiel it unexpectedly starts talking about Allah. I'd potentially call it the strangest spam I've ever seen, and it doesn't seem to be able to be promoting any agenda (no links or references to anything) so you might be right about the trial run.

However, account creation requires CAPTCHA completion and email confirmation, and all edits by regular users require CAPTCHA completion. Given that it's getting past the CAPTCHA fairly consistently, and only vandalised my own user pages after (immediately after) I stopped the first account, perhaps it's not just a bot?

Seems a bit more random than that. They got my user page and talk page for instance, and I didn't even know there was a problem. Not that I have access to do more than revert edits, but still.

I suspect the trial run may have been more about testing to see if they're able to defeat the captcha than anything else. Which clearly they can now.

Could be worth contacting admins over at UESP because they have some pretty strong anti-spam measures from what I gather.

» Sun Nov 18, 2012 12:30 pm

Cracked the Captcha? Not sure I want to think about that :S

A "nuke this user and all their edits" sounds like a very attractive option for dealing with vandals like these. I don't know how feasible it is though. I've started a http://www.creationkit.com/Talk:Standards_and_Policies on the wiki as well, although that's possibly best suited for those of us with "sheriff" rights on the wiki.

Cipscis

» Sun Nov 18, 2012 4:50 pm

Cracked the Captcha? Not sure I want to think about that :S

Nothing new there. Different captcha methods have been developed in recent years as older ones got cracked. If a site doesn't keep it's captcha software up to date, it will be bypassed sooner or later. Sooner if it's cheap or free, because that's likely to be older (so already cracked) or simpler (so easier to crack).

It's like every security system - only secure for the time being :shrug:

.

» Sun Nov 18, 2012 3:46 pm

Yeah, but the Creation Kit wiki uses Google's http://www.google.com/recaptcha, which I'd have expected to be more secure than current alternatives.

Cipscis

» Sun Nov 18, 2012 4:20 pm

reCAPTCHA has been cracked for ages, and it was a high value target considering how many sites rely on it for the supposed protection.

» Sun Nov 18, 2012 2:08 pm

What's more disconcerting is that the "bot" was able to modify a protected page (Creation Kit: Copyrights).

» Sun Nov 18, 2012 10:20 am

cracked captcha and cracked admin permissions? ...

If it was one of mine I'd pull it offline until I was sure I'd figured out how they got into what ... and how I could stop them from getting in again

As Arthmoor says, looks a lot like a test run that will explode in full onto the web sooner rather than later.

When I was little you actually had to go outside to vandalise stuff ... kidz these days, got it far too easy

» Sun Nov 18, 2012 6:57 pm

reCAPTCHA has been cracked for ages, and it was a high value target considering how many sites rely on it for the supposed protection.

No it hasn't. Being a centralized CAPTCHA system, Google can update it whenever they want. "Over the ages" it has been "cracked" once, maybe twice, albeit briefly. Google is more than capable of patching reCAPTCHA when exploits are found, and this is why it remains uncracked. The thing is that it is now so hard for humans to read there are probably better systems, more complicated ones that would take up too much CPU time on a spammer's server farm to be worth breaking.

Unfortunately, there will always be a market for cracking Turing tests and any system will still allow for "CAPTCHA sweatshops" which is likely what these people are using to break into Wikis. This is of course excluding the possibility that the reason Wikis are being targeted is that there is some exploit inherent to the Wiki software that allows the spammers to bypass the CAPTCHA entirely.

» Sun Nov 18, 2012 3:19 am

http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/

It happened once, it'll happen again, and apparently since the captchas didn't stop the spammers this time, it probably has. I've seen enough crap go through these things like sieve to not take Google or anyone else at their word just because they claim it's been corrected

Plus, if Google et al make it too hard to spend the money on all the tools needed to do this, they'll just hire out cheap Far East labor to do the job instead and no amount of obfuscation will be able to counter it.

» Sun Nov 18, 2012 12:58 pm

http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/

It happened once, it'll happen again, and apparently since the captchas didn't stop the spammers this time, it probably has. I've seen enough crap go through these things like sieve to not take Google or anyone else at their word just because they claim it's been corrected :smile:

I'm well aware of the article. I needn't even bother visit the link. I read ArsTechnica every day. You probably didn't actually read my post though. Since no news has been posted about an exploit recently, it's more likely that this is a focused effort using actual human labor. There is a business for this, you can call them sweatshops if you'd like, though I'm not sure how many physical CAPTCHA sweatshops exist... they're likely mostly virtual in this day and age.

If you understood that article, you'd realize that this was an oversight on the audio engineer's part, as the exploit was in the audio part of the CAPTCHA, and the exploit was fixed before the hackers even got a chance to demonstrate the hack at a security conference. Of course the FUD version that people would rather believe is that every website was hacked into that day... (Edit: *Looks at article headline* Especially given the tendency for sensationalist article titles)

Or of course I can just pretend that anything everyone says, especially Google is all a giant cover up / conspiracy.

Plus, if Google et al make it too hard to spend the money on all the tools needed to do this, they'll just hire out cheap Far East labor to do the job instead and no amount of obfuscation will be able to counter it.

And, like I said, I don't think you read all the way through what I said. This is already happening, and it happens every day, all day.

» Sun Nov 18, 2012 9:06 am

http://arstechnica.com/security/2012/05/google-recaptcha-brought-to-its-knees/

Dang, that bot is was more accurate than I am!! I probably pass the reCaptcha tests because it thinks I'm too stupid to be a bot, therefor, I must be human.

» Sun Nov 18, 2012 10:27 am

Dang, that bot is was more accurate than I am!! I probably pass the reCaptcha tests because it thinks I'm too stupid to be a bot, therefor, I must be human.

Bonus points for you! :smile:

They use a "one-off" system to account for human error, but unfortunately I still often fail several in a row. So, yes, it does account for our "stupidity" to some degree. :wink:

The reason that exploit worked so well was because of a glaring oversight in the audio; it basically gave the computer the answer. Hacking into reCAPTCHA from here on out will only require more and more CPU time to the point where it becomes too expensive for spammers and they rely solely on CAPTCHA sweatshops. If it takes several attempts for humans to even solve a reCAPTCHA, there is zero hope for a server farm, assuming there are no more glaring oversights left to exploit. Luckily those are the quickest and easiest to patch. An overall improvement in OCR algorithms is not, and if a server farm can get even 1 in 100 or 1 in 1000 correct this may be acceptable enough to them for focused spamming attacks. It certainly doesn't constitute a "crack"... it's merely probabilistic.

If the focus on spamming wiki sites is NOT due to human labor, then it's a failure on the Wiki software's part at rate limiting the sign-up attempts. There is no way it should let a bot attempt to sign up 100 times before getting a CAPTCHA correct. There is still certainly a bot presence in this kind of spamming attempt, but what the bot is doing is sending the reCAPTCHA over to Asia for people to solve while they sit at their computers.

Edit: And, it could also not even be outsourced labor at all. If a group like Anonymous wanted, they could get a bot, have the bot scour the internet for a certain type of site (e.g. Wikis), have it send the reCAPTCHAs their way while they sit there and solve reCAPTCHAs until they run out of sites to spam.

» Sun Nov 18, 2012 5:57 pm

BLOCK BLOCK.
ANYTHING BLOCK.
FOREVER WAYS EVERYTHING BLOCK MAKE EVERYTHING UNBLOCK ARE.

man, what was THAT guy on...!? :-)

)

» Sun Nov 18, 2012 6:19 pm

man, what was THAT guy on...!? :-)

)

Something that causes SYNAPTIC BLOCK, I'd wager. That cat came back the very next day and made impostor Cipscis and shadeMe accounts. Then they made deity accounts which, incidentally, were just as easily blocked as any mortal account.