Message blocker for message board?

Discussion in 'Computer Security' started by Jay Cunnington, Sep 26, 2005.

  1. I'm new to the group. Just joined tonight as a matter of fact.

    I'm a nascent security guy (pursuing a Bachelor's in InfoSec) and one of
    my favorite web sites has a problem. It's a amateur site (hosted) that
    allows readers to post questions and answers on various topics dealing
    with the web site's subject (Chicago North Shore & Milwaukee Railroad).

    The webmistress has been bombarded lately with a bunch of offensive
    messages for phenteramine, gay sex, bestiality, etc. It's a pain for her
    to go in and remove these things manually, and she really doesn't want
    to invoke a registration on the site's users. If you want to see the
    extent of the problem, go to www.northshoreline.com before Oct 3, 2005
    (she'll be back then and probably cleaning up the mess), hit the Current
    Day NSL Topics, then Message Board.

    I'm not sure who her host is or what the OS of the server might be or
    even how much control she has over the posting script, but I suggested a
    while back using a Perl script to scan the postings before they are
    added to the board and to delete those that score high on the naughty
    words list.

    I know Snort can detect the offensive words in the packets if we design
    the rules, but can it block the packets? What I'm looking for is a kind
    of hands-off system to block the offensive crap, preferably before it
    hits the website; almost an IPS. I googled for open source solutions,
    but got no useful hits. I'd also be interested to find out if Snort
    could look past spoofed IPs to find the real one or how that could be
    done in a transparent manner. I figure these are probably bored kids or
    posting bots of some sort, and may be using zombied computers. I'd like
    to find out if the address is spoofed so we don't get a lot of people
    needlessly suspended from their ISPs.

    Does anyone have any ideas? Is there a program or utility I can adapt to
    suit our purposes? Does Apache come with anything like that? I want to
    stop the vermin from polluting one of my favorite sites.

    My background is 15 years programming in the mainframe world and
    client/server. I know VB but not C. I have been a PerlScript user in the
    past.
     
    Jay Cunnington, Sep 26, 2005
    #1
    1. Advertisements

  2. Jay Cunnington

    Imhotep Guest


    Wow! Looked at the site and yup, she is being hit pretty hard...

    I would suggest the following:

    1) Enforce accounts to post on the system
    2) Construct a filtering engine that checks each post before it actually
    gets posted. Should a post have bad words, the person's account is
    automatically suspended.
    3) If your web site is regional (ie not foreign), I would filter out all
    foreign posters.

    All of these can be done easily (without Snort) by using a flexible language
    like PHP (www.php.net)...

    P.S. Using Snort has the following problems. Yes, you could use it to detect
    bad postings but that would be after the fact. It would also require some
    scripting and probably require a more flexible OS like linux/FreeBSD. That
    being said, you can achieve the same result and more by use #1 and #2
    above.

    Good luck!
    Imhotep
     
    Imhotep, Sep 26, 2005
    #2
    1. Advertisements

  3. Jay Cunnington

    Jim Watt Guest

    Been there done that, contact me on email for further details, I guess
    someone has targeted wwwboards and written a script to spam them.

    What a strange hobby.
     
    Jim Watt, Sep 26, 2005
    #3
  4. I talked to my prof for Hacking Methods about it. He said it's most
    likely a standard script (for Apache?) that bots can hit. He suggested
    changing the field names. Then at least someone will have to log on to
    the screen to get the current field names, or have another bot harvest
    them. Any ideas to proactively counter-attack the counter-attack or
    truth to that one?
     
    Jay Cunnington, Sep 30, 2005
    #4
  5. Jay Cunnington

    Jim Watt Guest

    I have a pretty good solution that works well for me which your
    friend can have for free.

    mail me at jimwatt (at) pobox (dot) com

    Methinks its a widespread problem and its being used as a means
    of promoting websites ands harassing BB users.
     
    Jim Watt, Sep 30, 2005
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.