Message blocker for message board?

Discussion in 'Computer Security' started by Jay Cunnington, Sep 26, 2005.

  1. I'm new to the group. Just joined tonight as a matter of fact.

    I'm a nascent security guy (pursuing a Bachelor's in InfoSec) and one of
    my favorite web sites has a problem. It's a amateur site (hosted) that
    allows readers to post questions and answers on various topics dealing
    with the web site's subject (Chicago North Shore & Milwaukee Railroad).

    The webmistress has been bombarded lately with a bunch of offensive
    messages for phenteramine, gay sex, bestiality, etc. It's a pain for her
    to go in and remove these things manually, and she really doesn't want
    to invoke a registration on the site's users. If you want to see the
    extent of the problem, go to www.northshoreline.com before Oct 3, 2005
    (she'll be back then and probably cleaning up the mess), hit the Current
    Day NSL Topics, then Message Board.

    I'm not sure who her host is or what the OS of the server might be or
    even how much control she has over the posting script, but I suggested a
    while back using a Perl script to scan the postings before they are
    added to the board and to delete those that score high on the naughty
    words list.

    I know Snort can detect the offensive words in the packets if we design
    the rules, but can it block the packets? What I'm looking for is a kind
    of hands-off system to block the offensive crap, preferably before it
    hits the website; almost an IPS. I googled for open source solutions,
    but got no useful hits. I'd also be interested to find out if Snort
    could look past spoofed IPs to find the real one or how that could be
    done in a transparent manner. I figure these are probably bored kids or
    posting bots of some sort, and may be using zombied computers. I'd like
    to find out if the address is spoofed so we don't get a lot of people
    needlessly suspended from their ISPs.

    Does anyone have any ideas? Is there a program or utility I can adapt to
    suit our purposes? Does Apache come with anything like that? I want to
    stop the vermin from polluting one of my favorite sites.

    My background is 15 years programming in the mainframe world and
    client/server. I know VB but not C. I have been a PerlScript user in the
    past.
    Jay Cunnington, Sep 26, 2005
    #1
    1. Advertising

  2. Jay Cunnington

    Imhotep Guest

    Jay Cunnington wrote:

    > I'm new to the group. Just joined tonight as a matter of fact.
    >
    > I'm a nascent security guy (pursuing a Bachelor's in InfoSec) and one of
    > my favorite web sites has a problem. It's a amateur site (hosted) that
    > allows readers to post questions and answers on various topics dealing
    > with the web site's subject (Chicago North Shore & Milwaukee Railroad).
    >
    > The webmistress has been bombarded lately with a bunch of offensive
    > messages for phenteramine, gay sex, bestiality, etc. It's a pain for her
    > to go in and remove these things manually, and she really doesn't want
    > to invoke a registration on the site's users. If you want to see the
    > extent of the problem, go to www.northshoreline.com before Oct 3, 2005
    > (she'll be back then and probably cleaning up the mess), hit the Current
    > Day NSL Topics, then Message Board.
    >
    > I'm not sure who her host is or what the OS of the server might be or
    > even how much control she has over the posting script, but I suggested a
    > while back using a Perl script to scan the postings before they are
    > added to the board and to delete those that score high on the naughty
    > words list.
    >
    > I know Snort can detect the offensive words in the packets if we design
    > the rules, but can it block the packets? What I'm looking for is a kind
    > of hands-off system to block the offensive crap, preferably before it
    > hits the website; almost an IPS. I googled for open source solutions,
    > but got no useful hits. I'd also be interested to find out if Snort
    > could look past spoofed IPs to find the real one or how that could be
    > done in a transparent manner. I figure these are probably bored kids or
    > posting bots of some sort, and may be using zombied computers. I'd like
    > to find out if the address is spoofed so we don't get a lot of people
    > needlessly suspended from their ISPs.
    >
    > Does anyone have any ideas? Is there a program or utility I can adapt to
    > suit our purposes? Does Apache come with anything like that? I want to
    > stop the vermin from polluting one of my favorite sites.
    >
    > My background is 15 years programming in the mainframe world and
    > client/server. I know VB but not C. I have been a PerlScript user in the
    > past.



    Wow! Looked at the site and yup, she is being hit pretty hard...

    I would suggest the following:

    1) Enforce accounts to post on the system
    2) Construct a filtering engine that checks each post before it actually
    gets posted. Should a post have bad words, the person's account is
    automatically suspended.
    3) If your web site is regional (ie not foreign), I would filter out all
    foreign posters.

    All of these can be done easily (without Snort) by using a flexible language
    like PHP (www.php.net)...

    P.S. Using Snort has the following problems. Yes, you could use it to detect
    bad postings but that would be after the fact. It would also require some
    scripting and probably require a more flexible OS like linux/FreeBSD. That
    being said, you can achieve the same result and more by use #1 and #2
    above.

    Good luck!
    Imhotep
    Imhotep, Sep 26, 2005
    #2
    1. Advertising

  3. Jay Cunnington

    Jim Watt Guest

    On Mon, 26 Sep 2005 03:53:13 GMT, Jay Cunnington
    <> wrote:

    >The webmistress has been bombarded lately with a bunch of offensive
    >messages for phenteramine, gay sex, bestiality, etc. It's a pain for her
    >to go in and remove these things manually, and she really doesn't want
    >to invoke a registration on the site's users. If you want to see the
    >extent of the problem, go to www.northshoreline.com before Oct 3, 2005
    >(she'll be back then and probably cleaning up the mess), hit the Current
    >Day NSL Topics, then Message Board.
    >
    >I'm not sure who her host is or what the OS of the server might be or
    >even how much control she has over the posting script, but I suggested a
    >while back using a Perl script to scan the postings before they are
    >added to the board and to delete those that score high on the naughty
    >words list.


    Been there done that, contact me on email for further details, I guess
    someone has targeted wwwboards and written a script to spam them.

    What a strange hobby.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Sep 26, 2005
    #3
  4. Imhotep wrote:

    > Wow! Looked at the site and yup, she is being hit pretty hard...
    >
    > I would suggest the following:
    >
    > 1) Enforce accounts to post on the system
    > 2) Construct a filtering engine that checks each post before it actually
    > gets posted. Should a post have bad words, the person's account is
    > automatically suspended.
    > 3) If your web site is regional (ie not foreign), I would filter out all
    > foreign posters.
    >
    > All of these can be done easily (without Snort) by using a flexible language
    > like PHP (www.php.net)...
    >
    > P.S. Using Snort has the following problems. Yes, you could use it to detect
    > bad postings but that would be after the fact. It would also require some
    > scripting and probably require a more flexible OS like linux/FreeBSD. That
    > being said, you can achieve the same result and more by use #1 and #2
    > above.


    I talked to my prof for Hacking Methods about it. He said it's most
    likely a standard script (for Apache?) that bots can hit. He suggested
    changing the field names. Then at least someone will have to log on to
    the screen to get the current field names, or have another bot harvest
    them. Any ideas to proactively counter-attack the counter-attack or
    truth to that one?
    Jay Cunnington, Sep 30, 2005
    #4
  5. Jay Cunnington

    Jim Watt Guest

    On Fri, 30 Sep 2005 03:52:26 GMT, Jay Cunnington
    <> wrote:

    >Imhotep wrote:
    >
    >> Wow! Looked at the site and yup, she is being hit pretty hard...
    >>
    >> I would suggest the following:
    >>
    >> 1) Enforce accounts to post on the system
    >> 2) Construct a filtering engine that checks each post before it actually
    >> gets posted. Should a post have bad words, the person's account is
    >> automatically suspended.
    >> 3) If your web site is regional (ie not foreign), I would filter out all
    >> foreign posters.
    >>
    >> All of these can be done easily (without Snort) by using a flexible language
    >> like PHP (www.php.net)...
    >>
    >> P.S. Using Snort has the following problems. Yes, you could use it to detect
    >> bad postings but that would be after the fact. It would also require some
    >> scripting and probably require a more flexible OS like linux/FreeBSD. That
    >> being said, you can achieve the same result and more by use #1 and #2
    >> above.

    >
    >I talked to my prof for Hacking Methods about it. He said it's most
    >likely a standard script (for Apache?) that bots can hit. He suggested
    >changing the field names. Then at least someone will have to log on to
    >the screen to get the current field names, or have another bot harvest
    >them. Any ideas to proactively counter-attack the counter-attack or
    >truth to that one?


    I have a pretty good solution that works well for me which your
    friend can have for free.

    mail me at jimwatt (at) pobox (dot) com

    Methinks its a widespread problem and its being used as a means
    of promoting websites ands harassing BB users.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Sep 30, 2005
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Finbarr
    Replies:
    0
    Views:
    411
    Finbarr
    Feb 17, 2005
  2. nospam4me
    Replies:
    1
    Views:
    1,534
    Ralph Fox
    May 27, 2005
  3. Guest

    message board

    Guest, Jul 27, 2004, in forum: MCSE
    Replies:
    50
    Views:
    2,009
    The Poster Formerly Known as Kline Sphere
    Jul 29, 2004
  4. Jolene Williams
    Replies:
    1
    Views:
    756
    Casper
    Jul 17, 2003
  5. Giuen
    Replies:
    0
    Views:
    872
    Giuen
    Sep 12, 2008
Loading...

Share This Page