Jump to content

New possible Bot alert


rockhead15

Recommended Posts

Just curious, was there any logs signed @ the actual caches? If not, it seems to me that would be a clue that something was up. Not trying to be mean,just trying to find some lesson that can be gotten from this adventure to prevent it from happening again. Or @ least make it easier to spot.

 

There is no way they could have signed all those logs in one day. A cacher would be hard pressed to sign all my caches in one day just because of the terrain and distances involved.

Link to comment

Likewise here. To do all my caches, even with a mountain bike, would take all afternoon at best. To be active in MN, TX and CA signing hundreds of logs on the same day is pretty much a stretch.

And, as was reported in this thread, Kablooey was looking at the blank cache log when he got an email stating that the cache had been found by the first of these.

Link to comment

Part of my thinking was that "he" could've found a number of them over a period of time & then posted the finds when they got home. Plus, if a series of finds were posted in rapid succession without the logs being signed, it could be shut down earlier. I know it's not very likely, but just playing a bit of devils advocate in cast someone did that & not mention it in the loggings.

Link to comment

Part of my thinking was that "he" could've found a number of them over a period of time & then posted the finds when they got home. Plus, if a series of finds were posted in rapid succession without the logs being signed, it could be shut down earlier. I know it's not very likely, but just playing a bit of devils advocate in cast someone did that & not mention it in the loggings.

 

its not the case at all

 

seriously, i don't get it what is it that he/she/it thinks does achieve with all this

 

hardly any inconvenience for the cache owners as such bogus logs can be deleted with a couple of clicks

Edited by t4e
Link to comment
hardly any inconvenience for the cache owners as such bogus logs can be deleted with a couple of clicks

Or in my case, about 350 clicks. ;)

 

1 ) Click on notification email.

2 ) Click "Visit Log" link.

3 ) Click "Delete Log" button.

4 ) Click "Confirm" button.

5 ) Click "X" to close page.

 

Repeat 70 times.

 

More steps for the newer bots:

 

6) Visit cache page again

7) Post "Owner Maintenance" Log to clear the "Needs Maintenance" attribute the NM or NA log added

8) Delete "Owner Maintenance" Log

Link to comment

7) Post "Owner Maintenance" Log to clear the "Needs Maintenance" attribute the NM or NA log added

8) Delete "Owner Maintenance" Log

I just edited the attributes and removed it that way. Might as well reduce to emails to the people watching the listing.

 

The addition of the NM attribute when someone posts a NA is annoying.

Link to comment

Has there been any thought about cleaning up the bogus logs caused by this bot? Or is this gong to be strictly cache owners responsibility? I realize deleting logs with out the cache owners input could be a bit tricky.

We only take action on cache logs in limited situations such as profanity and personal attacks that violate the Terms of Use Agreement. Other than that, taking action on someone's cache page is out of bounds for us. I regret the burden this places on the affected cache owners.

 

I might suggest that Groundspeak think a little further about this current policy.

Fake find logs can affect real cachers.

 

This cache, for example, would previously have appeared to many cachers (especially GSAK users) as questionable and possibly one to avoid wasting time on, based on the string of DNFs without a Find. Now, it shows up as recently found.

Edited by kablooey
Link to comment

Has there been any thought about cleaning up the bogus logs caused by this bot? Or is this gong to be strictly cache owners responsibility? I realize deleting logs with out the cache owners input could be a bit tricky.

We only take action on cache logs in limited situations such as profanity and personal attacks that violate the Terms of Use Agreement. Other than that, taking action on someone's cache page is out of bounds for us. I regret the burden this places on the affected cache owners.

 

I might suggest that Groundspeak think a little further about this current policy.

Fake find logs can affect real cachers.

 

This cache, for example, would previously have appeared to many cachers (especially GSAK users) as questionable and possibly one to avoid wasting time on, based on the string of DNFs without a Find. Now, it shows up as recently found.

I understand your point, kablooey, and suggest you make note of it on the feedback page and/or by writing to contact@geocaching.com

 

Personally, I would prefer to see development resources applied to projects that would positively impact the greater geocaching community, but it's a long way from being my call.

Link to comment

The latest incident included one of my caches. The log was actually customized to the cache. He included words based on the cache name.

 

I wouldn't expect a bot to do this.

 

I retract that. After looking at some of his logs, he was searching for caches with names that included "Stupid" or in my case, "Barf".

 

My cache had the name Barfoot in it.

 

 

.

Link to comment
hardly any inconvenience for the cache owners as such bogus logs can be deleted with a couple of clicks

Or in my case, about 350 clicks. :blink:

 

1 ) Click on notification email.

2 ) Click "Visit Log" link.

3 ) Click "Delete Log" button.

4 ) Click "Confirm" button.

5 ) Click "X" to close page.

 

Repeat 70 times.

 

Remember that Tom Hanks and Leonardo DiCaprio movie where Leo is a con artist. The FBI finally catches him and makes him work for them.

 

Maybe GS needs to find this guy and put him to work creating a bot that automatically deletes BS logs on all caches by the username of the faker. Then of course go all Hustler on him and break all his fingers. JK about the last part.

Link to comment

He logged all of my caches at 3:00 am. Name of AutoJoey,member as of today....

What some people will do for kicks...... :D

AutoJoey has logged all my caches too. Is it possible to ban a user by IP address (Wikipedia can do this). Clearly this joker is going to continue to create accounts and run the bot. A ban-by-IP would almost certainly limit his ability to operate. The danger there of course is that if he's running this from a public terminal (i.e. from Starbucks or a library), no one else from there can log. Wikipedia will allow registered (and unbanned) users to operate even from a banned ip, but will not allow account creation from a banned ip. So that would help mitigate the problem.

 

Unless his bot is out there infecting hapless Internet users, and is operating from hundreds of ip's.

Link to comment
I might suggest that Groundspeak think a little further about this current policy.

Fake find logs can affect real cachers.

 

This cache, for example, would previously have appeared to many cachers (especially GSAK users) as questionable and possibly one to avoid wasting time on, based on the string of DNFs without a Find. Now, it shows up as recently found.

In a case like this, the cache owner is not being responsive to the Needs Maintenance log that another user posted after seeing that the cache was not hidden where they had found it.

 

If the owner is not responding, someone should contact the owner directly (maybe their email program put the NM log into a junk folder or something, and the owner isn't even aware of it), or someone should post a Needs Archived log to bring it to the attention of the reviewer. The reviewer will contact the owner and remind them to check on it. If the owner doesn't, the cache may get archived.

Link to comment
Is it possible to ban a user by IP address (Wikipedia can do this). Clearly this joker is going to continue to create accounts and run the bot. A ban-by-IP would almost certainly limit his ability to operate.

The problem is that it's relatively easy to get around blocked IPs, and someone smart enough to create a bot probably knows all the tricks.

 

I didn't realize bots were so smart until a local forum I belong to got attacked with all kinds of new accounts signing up one day. The admin blocked the IPs, but they were still able to sign up, and they were smart enough to get around the Captcha screens, the verification questions like, "Is an apple orange or red," and even the email verification where the site sends out an email where the new account needs to click on a link to activate the account.

 

It got so bad that the site admin finally just locked the ability for new accounts to post messages until he manually verified each one and gave them access. Obviously, that wouldn't work for a site like this.

Link to comment

Hi

 

As the volunteer reviewer primarily affected by the user "JoeyBot" / "AutoJoey" over the weekend. It's good to see how responsive and attentive the caching community has been to this issue. JoeyBot attacked Vermont Sunday logging about 1500 bogus cache finds. AutoJoey is currently logging finds in NH. For those of you who contacted me yesterday I immediately forwarded concerns to Groundspeak and JoeyBot has been banned from the website. Earlier this morning I contacted Groundspeak requesting bannination of the AutoJoey account.

 

For the health of your PC. Please do not click any of the links included in the found it logs.

 

Traditionally Groundspeak will only take action on cache logs in limited situations such as profanity and personal attacks that violate the Terms of Use Agreement. Other than that, taking action on someone's cache page is typically not performed. Please delete any bogus 'found it' logs from your caches. I regret the burden this places on the affected cache owners.

 

Thanks

 

Zamboni / Trevor

Link to comment
It seems Joeybot has become Autojoey.

 

http://www.geocaching.com/profile/?guid=80...3f-7935310c712d

 

I see that this bot is still active. Can you verify that it has been reported, Skippermark?

Autojoey was reported earlier today and has been taken care of.

 

Wanted to add that the bots seem to be doing their thing very quickly, so by the time they get reported, they are almost always done.

 

But, please keep letting us know about them.

Edited by Skippermark
Link to comment
Skippermark-"…Wanted to add that the bots seem to be doing their thing very quickly, so by the time they get reported, they are almost always done."
In the attack this morning in NH that wasn't the case. I know Groundspeak was notified by our reviewer before 6:20AM eastern when there were about 1800 bogus logs but the account wasn't disabled until about 4 hours later when there were 3500+ bogus logs. Apparently Groundspeak is on pacific time and understandably no one was there to get the message when it was sent. From what I could gauge the BOT was logging in the vicinity of 500 logs per hour so the logging isn’t instantaneous. It took about 7 hours to log all the caches it did in NH this morning. If this had happened mid-day when everyone was awake I believe it would have been stopped much sooner. Because some of the cache owners affected are no longer active, some of these bogus logs may just stay there. The bogus log is an active link that could be used to infect your computer so don't click on it.
Link to comment

I didn't realize bots were so smart until a local forum I belong to got attacked with all kinds of new accounts signing up one day. The admin blocked the IPs, but they were still able to sign up, and they were smart enough to get around the Captcha screens, the verification questions like, "Is an apple orange or red," and even the email verification where the site sends out an email where the new account needs to click on a link to activate the account.

Wouldn't it be beneficial to Groundspeak to include a Captcha (or similar) image-to-text-based verification that would take a very small bit of programming to include on the "Log Cache" page, but which could potentially eliminate a high percentage of all of the simpler bots? Right now, it just seems incredibly easy (even with a keyboard/mouse macro program like AutoHotKey) to "bot" this particular site. Isn't it worth it to make it even just a little bit more bot-proof?

Link to comment

The problem is that it's relatively easy to get around blocked IPs, and someone smart enough to create a bot probably knows all the tricks.

 

I didn't realize bots were so smart until a local forum I belong to got attacked with all kinds of new accounts signing up one day. The admin blocked the IPs, but they were still able to sign up, and they were smart enough to get around the Captcha screens, the verification questions like, "Is an apple orange or red," and even the email verification where the site sends out an email where the new account needs to click on a link to activate the account.

 

It got so bad that the site admin finally just locked the ability for new accounts to post messages until he manually verified each one and gave them access. Obviously, that wouldn't work for a site like this.

 

Maybe Groundspeak should consider limiting new members to 10 logs per day... It wouldn't stop the bots, but it would at least limit their damage.

 

twilighter

Link to comment

Maybe Groundspeak should consider limiting new members to 10 logs per day... It wouldn't stop the bots, but it would at least limit their damage.

 

twilighter

Not to mention it would be a good way to put an end to those evil power trails. :anitongue:

 

It wouldn't stop the bots because this guy is obviously already able to create a new account as soon as the old one is banned. If each account was limited to 10 logs per day, he would be simply create a new account every 10 logs. The idea that he is motivated by the find count and is trying to set a record or something using a bot is likely misguided. If there is an active link in the logs, his goal is either spam or perhaps a attack to get people to visit a malicious website. Better just to delete his logs.

Link to comment

The problem is that it's relatively easy to get around blocked IPs, and someone smart enough to create a bot probably knows all the tricks.

 

I didn't realize bots were so smart until a local forum I belong to got attacked with all kinds of new accounts signing up one day. The admin blocked the IPs, but they were still able to sign up, and they were smart enough to get around the Captcha screens, the verification questions like, "Is an apple orange or red," and even the email verification where the site sends out an email where the new account needs to click on a link to activate the account.

 

It got so bad that the site admin finally just locked the ability for new accounts to post messages until he manually verified each one and gave them access. Obviously, that wouldn't work for a site like this.

 

Maybe Groundspeak should consider limiting new members to 10 logs per day... It wouldn't stop the bots, but it would at least limit their damage.

 

twilighter

 

So a bot is sitting dormant for Xnumber of days before it can strike? Or will it need Xnumber of logs before it can go crazy? Either doesn't sound too difficult to defeat.

Link to comment

Maybe Groundspeak should consider limiting new members to 10 logs per day... It wouldn't stop the bots, but it would at least limit their damage.

 

twilighter

Not to mention it would be a good way to put an end to those evil power trails. :anitongue:

 

It wouldn't stop the bots because this guy is obviously already able to create a new account as soon as the old one is banned. If each account was limited to 10 logs per day, he would be simply create a new account every 10 logs. The idea that he is motivated by the find count and is trying to set a record or something using a bot is likely misguided. If there is an active link in the logs, his goal is either spam or perhaps a attack to get people to visit a malicious website. Better just to delete his logs.

 

Did you miss the "new members" part of the post?

Link to comment

Maybe Groundspeak should consider limiting new members to 10 logs per day... It wouldn't stop the bots, but it would at least limit their damage.

 

twilighter

Not to mention it would be a good way to put an end to those evil power trails. :anitongue:

 

It wouldn't stop the bots because this guy is obviously already able to create a new account as soon as the old one is banned. If each account was limited to 10 logs per day, he would be simply create a new account every 10 logs. The idea that he is motivated by the find count and is trying to set a record or something using a bot is likely misguided. If there is an active link in the logs, his goal is either spam or perhaps a attack to get people to visit a malicious website. Better just to delete his logs.

 

Did you miss the "new members" part of the post?

New members can look for power trails. New members can easily find more than 10 caches in a day. I found 6 cache my second day Geocaching back in 2003, so I suspect 10 or more would be easily done nowadays. However the the power trail line was mostly a throw away. The main point is that if the bot can change names each time an account is banned, it can change names every 10 logs.

Link to comment

I didn't realize bots were so smart until a local forum I belong to got attacked with all kinds of new accounts signing up one day. The admin blocked the IPs, but they were still able to sign up, and they were smart enough to get around the Captcha screens, the verification questions like, "Is an apple orange or red," and even the email verification where the site sends out an email where the new account needs to click on a link to activate the account.

Wouldn't it be beneficial to Groundspeak to include a Captcha (or similar) image-to-text-based verification that would take a very small bit of programming to include on the "Log Cache" page, but which could potentially eliminate a high percentage of all of the simpler bots? Right now, it just seems incredibly easy (even with a keyboard/mouse macro program like AutoHotKey) to "bot" this particular site. Isn't it worth it to make it even just a little bit more bot-proof?

 

I got a better idea. Instead of taking a reactive approach that provides no negative consequences for someone that runs a bot against the site, but adds an additional step for those that legitimately log caches how about going after the source.

 

Use whatever technical and legal means necessary to identify and prosecute, if possible, those that are launching bots against the site. If something like captcha is used in an attempt to block bots, whoever is trying run them is likely not just going to give up. They're more likely going to try and find a way around it, and if they can't escalate to a denial of service attack.

 

Go after whoever is running these bots and put them in jail if that's what it takes. I know it's a lot easier just to install something that will attempt to block misuse of the system, but from my 30 something years experience using the internet I'm pretty convinced that it's not an effective deterrent.

Link to comment
In the attack this morning in NH that wasn't the case. I know Groundspeak was notified by our reviewer before 6:20AM eastern when there were about 1800 bogus logs but the account wasn't disabled until about 4 hours later when there were 3500+ bogus logs. Apparently Groundspeak is on pacific time and understandably no one was there to get the message when it was sent.
They logged a find on a cache I'm watching. When I checked, the number of finds didn't increase for awhile, so I thought they were done. I didn't realize they logged so many after that.

 

Groundspeak is on PST, plus being Sunday, I'm guessing no one was at HQ, but if you post about it here, the proper person will see it and can jump into action. If you want to PM me through the forums or my profile, I can let them know too. Emailing your reviewer is another option too.

 

Wouldn't it be beneficial to Groundspeak to include a Captcha (or similar) image-to-text-based verification that would take a very small bit of programming to include on the "Log Cache" page, but which could potentially eliminate a high percentage of all of the simpler bots?
The idea was brought up in this thread when the auto-loggers first appeared. The biggest criticisms are that it would put a burden on regular users and relatively easy for a programmer to bypass.

 

Maybe Groundspeak should consider limiting new members to 10 logs per day... It wouldn't stop the bots, but it would at least limit their damage.
A month or two ago, there were some accounts with zero finds that started spamming the forums, but they had been created months earlier. There are some cachers who sign up but don't log their first find for weeks or only log 1 or 2 finds their first few times going out. There are others that find 100 their first couple weeks. I'm not sure what criteria would be used to be considered "new." Edited by Skippermark
Link to comment
Maybe Groundspeak should consider limiting new members to 10 logs per day... It wouldn't stop the bots, but it would at least limit their damage.
A month or two ago, there were some accounts with zero finds that started spamming the forums, but they had been created months earlier. There are some cachers who sign up but don't log their first find for weeks or only log 1 or 2 finds their first few times going out. There are others that find 100 their first couple weeks. I'm not sure what criteria would be used to be considered "new."

 

"New" could be defined as signed up in the last week or someone with less than 10 finds. (Or whatever limits Groundspeak thinks make the most sense.) Numbers aside, I was just kind of thinking of some sort of "trial" period where they don't have full capabilities to abuse the system. The bottom line is that we don't want to make things any more difficult for the rest of us "trusted" users every time we enter a log.

 

I know everyone is trying to think of rare cases where these limits might impact someone, but the fact is that the system right now is wide open for major abuse -- as evidenced by the 3000+ bogus logs added just today to caches all over NH.

Edited by twilighter
Link to comment

I didn't notice, but were ANY of the NH logs on Premium Caches?

 

All but 1 of mine were logged, and I deleted them as soon as I noticed the pattern.

 

I dont have any Premium hides so I was wondering if ANY were logged?

 

I had a PM cache logged by Saturday's bot. He was searching for caches that had the sequence "Barf" in the title.

 

No idea if it is the same bot as NH.

 

.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...