Our Ferocious Warrior: Kotei-mahakala

Hi Niall,
yes, we are using it in the registration process, but there are already a lot of bots able to solve it. Sometimes when too many get through, we switch to asking questions and compare the text answers to a list. But some get through those, too. As the spammer, you can even book services, where you use an api to query your way in and there are humans clicking through the process and build a list of possible answers that are then used automatically.

There are those bots trying to register and spam us and there are those trying to brute force their way into our wordpress website and forum with scanning it for member names and launching dictionary attacks on their passwords, trying to hack the accounts.
I hope everyone here has a secure password, not just a simple word? (nudge nudge)

Then there are the AIs and search engines gathering all kinds of information that are spidering our forum. Some behave well and follow our definition file for those.
There are numbers of requests per minute and what not to index and all of those information in it.
Some are behaving very badly and bomb us with several 100 requests per second.

Some are just bad folks, running (D)DOS attacks to shut down the service.

Some of all the above are easy to catch, some not. Some hide behind anonymizers and come from a variety of different IP addresses.
There is the risk of getting through and logging in as individuals, spam us, gather private information or even passwords and accounts, they then try on other sites.
There needs to be a balance of security measures and expenditure of time and usability, too.
And we don't want to lock out members and the well behaving AIs and search engines, either.

A big issue is that all the above combined produces such a huge load on our server that it is not usable for us any more.

Gassho,
Kotei sat/lah today.

It’s amazing to me that people so badly want to mess with our humble little sangha over here. What’s the draw?

recaptcha probably stops more humans than bots at this point…I don’t know anyone who doesn’t struggle with them!

Gassho,
SatLah,
Chikyō

It´s not us IN PARTICULAR... I get a bunch of attacks on my work website as well, just cause there's a contact form on it. Wherever there's logins and passwords, there's attacks. People reuse passwords and emails, so if I can collect a bunch of accounts and passwords, I can see if they are reused and get to much bigger stuff!

Gassho
sat lah

Thank you for your endless service, Kotei.

Nine Bows,

On

If it’s really getting that bad, why not wall the forum off from the open internet and web crawlers entirely? With vBulletin, this is entirely doable you can configure user permissions to require login before viewing threads, disable guest access to forums, and use robots.txt to block crawlers from indexing your content. You can also implement .htaccess rules (if you're on Apache) to restrict access to key directories or limit traffic by IP. These steps would drastically reduce bot traffic, prevent scraping, lower server load, and protect user privacy essentially cutting off most automated threats at the door.

The downside, of course, is that it makes the forum invisible to search engines and inaccessible to casual visitors, which could slow organic growth and discourage new members from joining. Still, if the current path is causing significant hardship, we might need to ask whether we’re holding onto it out of habit or even a kind of vanity. Sometimes we become attached to the idea of total openness, even when it no longer serves us. Letting go of that ideal at least temporarily might not be a defeat, but a wise and practical adaptation to current conditions.

Humble suggestions (not that anyone asked)

Sat LAH
Gassho
Niall

Just to ask a question ... would it be possible to have part of the forum as a "public face," and part "walled off?" That is kinda like what we do now with have parts of the forum openly viewable, and parts only for registered members.

Gassho, J
stlah

Locking the forum for public access and allowing only members, removes only part of the problem.
I believe Treeleaf's mission is not only to teach and cater for the "little" Sangha, but also the "large" one... All those out there in the world.
Therefore being open and inviting, indexed by search engines and used for teaching AIs, is part of the mission. Of course that is only my limited view.
Locking part of the forum removes part of a part of the problem. Imho not sufficient to reduce it enough to be able to live with what is left.

Gassho,
Kotei sat/lah today.

Thank you so much Kotei for protecting us all this time. I am not a person who understands about this spam and hacker stuff, but after reading your explanation, I realize how scary those "Mara"'s attacks.

Bowing to you Kotei for your big contribution to our community.

Gassho, Mujo
Stlah

Thanks Kotei for doing so much work in the shadows.


Gassho
Satlah

Is this what all priests look like without their robes on? Asking for a friend.

Gassho
Onsho
satlah

I just realized Jundo did some of his photo editing art

Gassho
sat lah

That seems to be just me. Actually we come in all the colors of the rainbow.
Bows,
Kotei sat/lah today.