Russians

Kizzie · July 31, 2024, 07:05:38 PM

Does anyone here understand bots? Every day I have a number of Russian registrations and today it was 6. I don't let them on because they have such a bad rep and I want to keep the forum safe.

I'm just curious why they would keep on trying when I have never let registration from Russia go through. Why on earth do they keep trying? Even if it's a bot they must get report saying "Nope this web site will not accept any of our tries to register." It's a bit of a mystery to me. The only thing I can think is that they somehow earn money for pinging a site?

Lakelynn · July 31, 2024, 11:25:24 PM

Kizzie, I asked this on my security forum and received this answer. Keep in mind, these guys are high level programmers, who spend 14 hours a day, every day, for years on end, "Hunting Threats."

https://www.cloudflare.com/learning/bots/what-is-a-social-media-bot/

https://niccs.cisa.gov/sites/default/files/documents/pdf/ncsam_socialmediabotsoverview_508.pdf

When concerning Russian Bots, we may be in the realm of state sponsored use of Media Bots for disinformation and malicious reasons.
Often orchestrated by Cozy Bear. (aka; Advanced Persistent threat 29 or APT29).

Sorry I can't give the Reader's Digest version, but I am grateful that you are savvy enough to recognize the Russian bots and deny them. Thank you for your continued care to ensure the safety of our forum.

Kizzie · August 01, 2024, 12:54:42 AM

Tks for the links etc Lakelynn. I have jokingly said to my H I could see a big Russian troll farm and one hacker says to another "Hey Vlad, they still won't let me in to OOTS. How about you give it a try?" That may not be far from the truth. We are afterall an international site with 86 countries represented so perhaps we are seen as a kind of an asset.

I still wonder why they don't disguise their ISPs though, that can't be beyond them and that's how I find them.

Maybe once I do a bit more reading it will make sense. Kind of crazy how determined they are though. Some of the names they come up with that they think sound North American are hilarious.

Desert Flower · August 01, 2024, 10:55:16 AM

Hi Kizzie, I'm both surprised and not. I'm glad your vigilant. Apparently they would think the forum is important enough to be of influence, and we could take that as a compliment. But they would obviously want to use the forum to distribute disinformation, which is terrible. I'll ask my husband about it, he's an IT-security engineer/consultant. What I heard, is they would use great numbers to get in, so this may take a while to get rid of. And maybe they're assuming there's a whole team of administrators, and they only need one who's not vigilant so they keep trying.

Hope67 · August 01, 2024, 11:03:35 AM

Hi Kizzie,
I am very grateful to you for keeping the forum so safe. Thank you so much.

Hope

Kizzie · August 01, 2024, 04:10:07 PM

Tks so much DF, I'd be interested to hear anything your H has to pass along. I don't think there's any real way to get rid of them and it's more a nuisance than a threat. Every morning I run each registration through a IPS tracker and that is where I see them then I just hit reject. So it's just a few minutes of my time. Still, I marvel at how persistent they are (which is why I think they must be bots and yet they make it through so

).

Tks Hope, we have come a long way from 10 years ago. I upped the security quite a while back to stop any bots which does seem to work except for the Russians. I wonder if the Russians are using a more sophisticated bot or it is real people trying to get in. A mystery for sure and I'm definitely not going to ask them.

Desert Flower · August 04, 2024, 09:09:44 AM

Hi Kizzie, I just spoke to my husband a little bit about this.
He says he doesn't really think this is an organised attack on the forum. Because it would be very easy to organise many thousands of applications everyday just by himself.
And anyway, an amount of six or so per day still seems manageable to evaluate each day, albeit it somewhat troublesome of course.
If you want, in your security application, you could make a geolocation filter to block all Russians, but that would mean you might also miss real Russian survivors if they were to apply. And in my husband's opinion, this would seem like an exaggerated security measure in proportion to the nuisance/threat you're now experiencing.
(He also says he thinks they/some of them may be real survivors after all.)

Kizzie · August 04, 2024, 02:46:42 PM

Tks DF! I do often wonder if some of them could be real survivors but I don't want to take the chance frankly. They have such a bad rep. I keep wondering if anyone in this position might email me (my email is available) but so far not one has which is why I tend to think they are not legit. One of those cyber mysteries we will never know about I guess.

nybell · August 20, 2024, 04:29:45 PM

Kizzie - thanks and you are right to keep denying them. My H works in the intelligence community space here in the US. Russia, China, Iran are all significant threats not only to internet infrastructure, but to western society as a whole. There are state sponsored programs in each that are directed to do anything they can to destabilize western societies. If someone was truly a survivor, they'd be able to make that clear. I'm always amazed that they don't use VPN...

Kizzie · August 21, 2024, 02:26:02 PM

Tks Nybell, that confirms what I thought! We've never had anyone from China or Iran try to register, but oh boy those Russians - every . single . day.

I wonder why on earth they don't use VPN too.