Jump to content

New possible Bot alert

rockhead15

By rockhead15
in General geocaching topics

Followers 9

Recommended Posts

Keystone

Keystone

Posted
Posted

Already sent Groundspeak a 'Ban' request.

That account is already banned.

 

one solution to this would be to require the first 25-50 logs of any new member be approved by the CO before they actually show up on the cache page

 

where CO are not active a system can be in place where the Reviewers in the area would approve those logs

Ummm, no thanks. Not without a paycheck.

Link to comment
Mr.Yuck

Mr.Yuck

Posted
Posted

 

I've only been on the forums a few months, is this a new phenomenon that has just started in the last few weeks, or has it gone on before and run out of steam?

 

I've been on the forums about 3.5 years and this is the first time that I an remember seeing a persistent bot like this. Coincidentally, it falls on the heels of someone getting spanked off the forums and then off Groundspeak entirely. Someone earlier posted that a captcha or some sort of bot blocker needs to be put in place as the site is vulnerable to bots. As far as I can tell, it's been vulnerable to bots for 10 years but only recently has it become an issue.

 

As I wrote earlier, instead of trying to block bots, I'd rather see efforts made to going after whoever is creating them legally. Put them in jail if that's what it takes. Make them an example as a deterrent to anyone else that is considering launching bots against the site.

 

I've been around even longer, and have posted way too much. :lol: I don't ever remember any cache logging bot incidents, although don't take my word for it as just an observer, and not a Groundspeak employee. I also believe (my guess only), that GC.com has always been vulnerable to this kind of attack.

 

Yes, a user was recently spnaked, and is probably ticked off. I have heard that he has tried to blame internet enemies from other forums for framing him. Or it could very well be another highly ticked off banned user from the past, taking advantage of the window of opportunity so the spnaked user would get blamed.

 

Either way, how come no one in the 200 parking lot/roadside micro per weekend numbers crowd ever came up with an auto logging bot?? Or maybe they did, and never publicized it. :lol: Well, gotta go, notes on my cache pages to delete.

Link to comment
t4e

+t4e

Posted
Posted (edited)

 

one solution to this would be to require the first 25-50 logs of any new member be approved by the CO before they actually show up on the cache page

 

where CO are not active a system can be in place where the Reviewers in the area would approve those logs

Ummm, no thanks. Not without a paycheck.

 

how many inactive CO's still have caches out there? can't be that many

 

and how many new members sign up in a week in an area?

 

if you don't want to do it without a paycheck that's fine, a lot of people would be happy to help on volunteer basis....i would

you intentionally left out the rest of my post, is GC "closed" for accepting help from the community?

 

GC has to do something and really soon

 

and on that note they should mass email an official message about what's going on

so many CO's don't visit the forums to see this thread so they have no idea wth is going on

some caches now have up to 4 logs

Edited by t4e
Link to comment
OldLog

+OldLog

Posted
Posted (edited)

If you desire to keep Bots off fine but to suggest no new user can log a cache without contacting owners is not a good idea. Considering the shape of a lot of caches out there I find it hard to believe they even look at the logs or maintain the cache. There are many Caches around Indianapolis that look like the have not be tended to in a long time. A lot of one star s that all of a sudden are getting DNF and ignored by the owners. So until cache owners can conform to a standard then don't be quick to jump on newbies becasue some idiot uses a bot to play mind games.

Edited by OldLog
Link to comment
t4e

+t4e

Posted
Posted (edited)

If you desire to keep Bots off fine but to suggest no new user can log a cache without contacting owners is not a good idea. Considering the shape of a lot of caches out there I find it hard to believe they even look at the logs or maintain the cache. There are many Caches around Indianapolis that look like the have not be tended to in a long time. A lot of one star s that all of a sudden are getting DNF and ignored by the owners. So until cache owners can conform to a standard then don't be quick to jump on newbies becasue some idiot uses a bot to play mind games.

 

no, you don't have to contact the CO, i see you're not familiar with "moderation"

cachers will log as usual but log will not show up

CO would get notification of the log as usual and would have to click "approve", which would make the log visible

 

this would also be a good time to filter out and archive any unkempt caches

Edited by t4e
Link to comment
Mr.Yuck

Mr.Yuck

Posted
Posted

Newbie question:

 

Can I assume that ForestDefender did not actually vandalize my cache and that this is simply a log entry (placed by whatever means)?

 

Forest Defender is the self-given name of a real cache/letterbox thief in the Pacific Northwest. Chances are pretty good, especially in Massachusetts, that this was just part of the recent bot attacks, and your cache is most likely fine.

Link to comment
BunsenH

+BunsenH

Posted
Posted

Newbie question:

 

Can I assume that ForestDefender did not actually vandalize my cache and that this is simply a log entry (placed by whatever means)?

 

Forest Defender is the self-given name of a real cache/letterbox thief in the Pacific Northwest. Chances are pretty good, especially in Massachusetts, that this was just part of the recent bot attacks, and your cache is most likely fine.

 

Thanks Mr. Y..................no tase for you!

Link to comment
Tequila

+Tequila

Posted
Posted

 

.......cachers will log as usual but log will not show up

CO would get notification of the log as usual and would have to click "approve", which would make the log visible

 

 

OMG!!!!! I can just see the forum thread now:

 

I logged a find two hours ago and the CO has not approved it.

 

This is a horrible idea and puts even more onus on the innocent caching community to fix a problem that belongs to Groundspeak.

 

.

Link to comment
yawppy

+yawppy

Posted
Posted

Have heard of this "forest defender" else where, as I am sure it's lurking on this thread this very moment, well they have what they came for, publicity, well time to delete those 147 bogus logs! Perhaps well need PIN numbers or some form of security for the future?

 

Pretty sure this zealot is not quite done with the stupidity!

Link to comment
Capt. Bob

+Capt. Bob

Posted
Posted

Do these ‘Bot’ accounts register as Premium or Basic accounts? I suspect they are probably Basic. If so, it may be time to limit Basic members to 20 logs per day while premium accounts remain unchanged. It’s regrettable, but when one maladjusted individual can affect on so many others through selfish maliciousness it may be necessary.

Link to comment
t4e

+t4e

Posted
Posted (edited)

 

.......cachers will log as usual but log will not show up

CO would get notification of the log as usual and would have to click "approve", which would make the log visible

 

 

OMG!!!!! I can just see the forum thread now:

 

I logged a find two hours ago and the CO has not approved it.

 

This is a horrible idea and puts even more onus on the innocent caching community to fix a problem that belongs to Groundspeak.

 

.

 

no its not a horrible idea, read the rest of my post it will only be for a few of the first finds 10-15-25

 

please do come up with a better one

 

with a note informing the cachers that it may take few days would be fine

 

not any different than submitting a new cache for review

 

"not my problem, its GC's problem".."i won't do it without a paycheck" , those are the kind of attitudes that this person hopes for too

Edited by t4e
Link to comment
Tequila

+Tequila

Posted
Posted (edited)

 

no its not a horrible idea, read the rest of my post it will only be for a few of the first finds 10-15-25

 

 

Why would inconveniencing hundreds, if not thousands, be better than simply deleting the few bot accounts?

 

Are you suggesting this only be done for new cachers? That is a little less onerous but still shifts the responsibility away from GS where it belongs.

 

If you are suggesting all cachers have to wait to have their logs approved, it will never work. CO's will be swamped. Cachers won't be able to run their My Finds report at the end of a weekend of caching because logs haven't been approved. And what does a cacher do when a CO is on vacation for three weeks and not checking email? Etc. Etc. Etc.

 

 

 

please do come up with a better one

 

 

I did. Have GS step up the plate, take ownership of this problem and delete any bot accounts and associated logs. This won't stop bots; nothing will. But it would reduce innocent cacher responsibility to simply reporting a bot.

 

 

with a note informing the cachers that it may take few days would be fine

 

not any different than submitting a new cache for review

 

 

Most cachers submit very few new caches and there is an inherent amount of checking required for the approval. Waiting a day or two for a few caches to be published is not the same as waiting for your logs to appear.

 

To expect CO's or reviewers to start verifying logs is insane. They did not cause this problem. Why should they be saddled with fixing it. Let GS take ownership and fix it internally.

 

Did Tylenol ask consumers to sort through their pill bottles and check to see which pills were tampered with?

Edited by Tequila
Link to comment
northernpenguin

+northernpenguin

Posted
Posted

Why not just add a CAPTCHA for logging on basic (or unverified) accounts, like some of the social networking sites do?

 

Once you become a premium member or some verification is satisified that's bot resistant, you remove the CAPTCHA requirement for logging.

 

Basic members can still log that 200 find power trail they did on their first day, and we don't have additional load on the CO's or reviewers.

Link to comment
Avernar

+Avernar

Posted
Posted

Why not just add a CAPTCHA for logging on basic (or unverified) accounts, like some of the social networking sites do?

The problem with this is that it will punish the community and not the bot owner. Now we'll get even shorter logs as people will be wasting time entering CAPTCHA's.

 

I think Tequila's idea is better. All Groundspeak needs to do is add a Report Bot button next to the Delete and Encrypt buttons. Then they'd have a report screen where they could see that users logs and a button that would ban the user and archive their logs.

 

This way the bot owner won't get publicity in the forums.

Link to comment
t4e

+t4e

Posted
Posted (edited)

 

Are you suggesting this only be done for new cachers? That is a little less onerous but still shifts the responsibility away from GS where it belongs.

 

 

no offense, but perhaps reading before assuming what i said or not would make the conversation better

 

my original post #150

 

one solution to this would be to require the first 25-50 logs of any new member be approved by the CO before they actually show up on the cache page

 

where CO are not active a system can be in place where the Reviewers in the area would approve those logs

 

don't want to burden the Reviewers?...get more staff to help, i'm sure a lot of people would be more than happy to do so

 

no, it will not shift the responsibility from GS, it would buy them some time to deal with the situation

this is a situation where pulling together as a community would help defeat the "evil"

as it stands now he wins because we don't care and pass the buck to GS

 

if the general stand is "every man for himself" i have a good solution for my own caches and i can implemented with few clicks

 

its not as simple as banning the BOT accounts, if you don't delete the messages they are there to be edited and who knows what else added later on

also they replace valid logs that people will benefit from when out in the field as opposed to seeing spam

 

the majority of CO's don't visit the forums so they have no idea what's going on, as i suggested in a previous post GS should send an official message to let people know

 

some caches have 3-4 logs from this BOT, here's one example

 

http://www.geocaching.com/seek/cache_detai...af-a75c1966f7ff

Edited by t4e
Link to comment
knowschad

knowschad

Posted
Posted

As I wrote earlier, instead of trying to block bots, I'd rather see efforts made to going after whoever is creating them legally. Put them in jail if that's what it takes. Make them an example as a deterrent to anyone else that is considering launching bots against the site.

On what grounds? I can't imagine that there is any law being broken here.
Link to comment
Geldhart

+Geldhart

Posted
Posted

one solution to this would be to require the first 25-50 logs of any new member be approved by the CO before they actually show up on the cache page

 

where CO are not active a system can be in place where the Reviewers in the area would approve those logs

 

don't want to burden the Reviewers?...get more staff to help, i'm sure a lot of people would be more than happy to do so

 

OR - after say 20 logs in one day from one IP address - start requiring CAPTCHA's every x logs - where x is a random number. If the logs are coming from the iPhone or Android app - they are not subject to the CAPTCHA.

 

Premium members get up to 100 in one day from the same IP address.

 

I'm guessing bots don't become PM.

Link to comment
northernpenguin

+northernpenguin

Posted
Posted

Why not just add a CAPTCHA for logging on basic (or unverified) accounts, like some of the social networking sites do?

The problem with this is that it will punish the community and not the bot owner. Now we'll get even shorter logs as people will be wasting time entering CAPTCHA's.

 

I think Tequila's idea is better. All Groundspeak needs to do is add a Report Bot button next to the Delete and Encrypt buttons. Then they'd have a report screen where they could see that users logs and a button that would ban the user and archive their logs.

 

This way the bot owner won't get publicity in the forums.

 

That only works for me if Groundspeak will purge the bot logs from the system. I'd rather the new cacher have to fill out a CAPTCHA or purchase a premium membership than have to spend an hour a day deleting 100 bogus logs from my caches.

 

What happens when this bot maker figures out a way to bot new registrations automatically with some trashmail emails or google + email addresses?

 

Groundspeak won't block based on IP address, as most people have dynamic IP addresses these days. Can't use email to prove identity/human-ness.....

Link to comment
GeoGeeBee

+GeoGeeBee

Posted
Posted

As I wrote earlier, instead of trying to block bots, I'd rather see efforts made to going after whoever is creating them legally. Put them in jail if that's what it takes. Make them an example as a deterrent to anyone else that is considering launching bots against the site.

On what grounds? I can't imagine that there is any law being broken here.

If the servers were in North Carolina or Virginia, laws would have been broken. I can't speak for other states. The applicable laws would be those dealing with unauthorized access to a computer system. The bot violated the terms of service, therefore it's logs were accessing Groundspeak's servers without authorization.

Link to comment
BuckeyeClan

+BuckeyeClan

Posted
Posted

 

the majority of CO's don't visit the forums so they have no idea what's going on, as i suggested in a previous post GS should send an official message to let people know

 

 

Which is exactly why GS should automatically delete all the logs and notes by these bots. Which is also why requiring CO's to approve the logs of new cachers would be a mess. How many CO's read every word of each log notification? How many CO's read every log right away? How many wouldn't understand why or how to approve logs by new members? How many logs would go unapproved, with new members fuming and frustrated?

 

I'm not a programmer, I have no idea how hard it is to write the code to mass delete logs by a particular user. A few people have already suggested that it's not hard at all. It certainly would make more sense than expecting CO's to delete them, one by one.

Link to comment
knowschad

knowschad

Posted
Posted

As I wrote earlier, instead of trying to block bots, I'd rather see efforts made to going after whoever is creating them legally. Put them in jail if that's what it takes. Make them an example as a deterrent to anyone else that is considering launching bots against the site.

On what grounds? I can't imagine that there is any law being broken here.

If the servers were in North Carolina or Virginia, laws would have been broken. I can't speak for other states. The applicable laws would be those dealing with unauthorized access to a computer system. The bot violated the terms of service, therefore it's logs were accessing Groundspeak's servers without authorization.

 

 

I am not a lawyer, but I have little doubt that these actions go against the ToU, but I would seriously doubt that it would be anything other than a civil case. Nobody is stealing credit card numbers or other personal information.

 

It would also take a lot of time and money to identify the person well enough to be able to prove it in court.

Link to comment
Avernar

+Avernar

Posted
Posted

That only works for me if Groundspeak will purge the bot logs from the system.

Exactly. That's what several people in this thread want.

 

I'd rather the new cacher have to fill out a CAPTCHA or purchase a premium membership than have to spend an hour a day deleting 100 bogus logs from my caches.

They can make it so that the Report Bot button temporarily hides all the logs from that owner in that COs caches until Groundspeak can make a decision to ban or not.

 

Or they can make it that if enough COs report the same person it can auto hide it everywhere until Groundspeak reviews it.

 

What happens when this bot maker figures out a way to bot new registrations automatically with some trashmail emails or google + email addresses?

What happens when the bot maker figures out a way to bot the CAPTCHAs?

Link to comment
Eagleblazer

+Eagleblazer

Posted
Posted
:lol: I've heard about the bots for a week now and last night it hit 12 of my caches here in Md. along with dozens of others. It seems to just be logging in order of the GC #s. Wasn't there some site or person dedicated to removing geocaches named Forest Defenders or something like that a while back? I don't get on the forums much so I know I'm out of any loop.
Link to comment
t4e

+t4e

Posted
Posted (edited)

 

I think Tequila's idea is better. All Groundspeak needs to do is add a Report Bot button next to the Delete and Encrypt buttons. Then they'd have a report screen where they could see that users logs and a button that would ban the user and archive their logs.

 

This way the bot owner won't get publicity in the forums.

 

you do realize that the vast majority of people have no idea what a BOT is, right?

 

besides, can be easily abused

Edited by t4e
Link to comment
4wheelin_fool

4wheelin_fool

Posted
Posted

As I wrote earlier, instead of trying to block bots, I'd rather see efforts made to going after whoever is creating them legally. Put them in jail if that's what it takes. Make them an example as a deterrent to anyone else that is considering launching bots against the site.

On what grounds? I can't imagine that there is any law being broken here.

 

It's harassment. A class action lawsuit with one lawyer representing all of the defendants, as well as Groundspeak, would put a stop to it. There really is no reason why users are more uniquely identified with anything other than a throwaway e-mail address anyhow. Next, he could be spamming private property areas with nanos. :lol:

Link to comment
Avernar

+Avernar

Posted
Posted (edited)

you do realize that the vast majority of people have no idea what a BOT is, right?

 

besides, can be easily abused

So you put an "are you sure?" question after they press it with explanation text just like when you post a needs archive log.

 

How would it be abused? It's only a reporting mechanism. Groundspeak would do the ban/archive part. It's just like the REPORT button at the bottom of each post here.

Edited by Avernar
Link to comment
knowschad

knowschad

Posted
Posted

you do realize that the vast majority of people have no idea what a BOT is, right?

 

besides, can be easily abused

So you put an "are you sure?" question after they press it with explanation text just like when you post a needs archive log.

 

How would it be abused? It's only a reporting mechanism. Groundspeak would do the ban/archive part. It's just like the REPORT button at the bottom of each post here.

Except that one wouldn't time out on you when you hit it. :lol:
Link to comment
northernpenguin

+northernpenguin

Posted
Posted

you do realize that the vast majority of people have no idea what a BOT is, right?

 

besides, can be easily abused

So you put an "are you sure?" question after they press it with explanation text just like when you post a needs archive log.

 

How would it be abused? It's only a reporting mechanism. Groundspeak would do the ban/archive part. It's just like the REPORT button at the bottom of each post here.

 

Just wondering how long before CO's start mashing that button every time someone logs "TFTC" "+1" or "." in (as) their cache logs .....

Link to comment
t4e

+t4e

Posted
Posted

you do realize that the vast majority of people have no idea what a BOT is, right?

 

besides, can be easily abused

So you put an "are you sure?" question after they press it with explanation text just like when you post a needs archive log.

 

How would it be abused? It's only a reporting mechanism. Groundspeak would do the ban/archive part. It's just like the REPORT button at the bottom of each post here.

 

the "are you sure" part is not the problem and has nothing to do with not knowing what a BOT is

people will see the option there and wouldn't know what it means or relates to

 

reporting someone based on personal issues

 

and the "Report Post" in the forums is NOT working, no matter what any of the staff keep saying

Link to comment
Avernar

+Avernar

Posted
Posted

Just wondering how long before CO's start mashing that button every time someone logs "TFTC" "+1" or "." in (as) their cache logs .....

Put in the confirmation text that those examples are not a bot. If a CO abuses the button then Groundspeak can taketh the button away from said CO.

 

Then again, it may be incentive for people to log more than just TFTC. :lol:

Link to comment
Avernar

+Avernar

Posted
Posted

the "are you sure" part is not the problem and has nothing to do with not knowing what a BOT is

people will see the option there and wouldn't know what it means or relates to

I can't win here. Northernpenguin is arguing that people will press the button more than they should. You're arguing that they won't push it because they don't know what it is. Sheesh. :lol:

 

But seriously, if they don't know what it is then not pressing it is a good thing. If the press it by accident or out of curiosity then they'll get some more information about what it does.

 

reporting someone based on personal issues

Reporting someone doesn't actually affect that person if it's a false report. Groundspeak can just send them a message saying that's not what the button is for.

 

and the "Report Post" in the forums is NOT working, no matter what any of the staff keep saying

Nah, they're just ignoring you. :lol:

Link to comment
GOF and Bacall

GOF and Bacall

Posted
Posted

I don't think identifying the bots has been a problem and that is what a report button would be for. I think they just need to accept that there needs to be a way that they can bulk delete logs by identified bots and get on with it. TPTB are, understandably, reluctant to get involved in policing cache logs. But in this situation it just doesn't make sense to leave it on the shoulders of the COs.

Link to comment
northernpenguin

+northernpenguin

Posted
Posted (edited)

 

I can't win here. Northernpenguin is arguing that people will press the button more than they should. You're arguing that they won't push it because they don't know what it is. Sheesh. :lol:

 

 

I was just pointing out human nature.

 

Kinda like the reason we don't put big red shutdown buttons in datacentres anymore ... some people just gotta hit the button.

 

I'm pretty confident we'll see more "false positives" on the button than actual bots. Now what you were saying at lunch about things like making the button appear only after a set of conditions is met, like the bot has been logging at a certain rate per hour, or after 20 logs on the same day .... that could be helpful.

 

Mind you, why not just flag a reviewer account that someone's logging a little too quickly and never even involve the COs.

 

Or perhaps throttle the site logs, like the forums .... ever try to post a reply within 15 seconds in here? You get a too fast, come back later message. You post 20 logs in 5 minutes, the site shuts you down for an hour.

Edited by northernpenguin
Link to comment
Knight2000

+Knight2000

Posted
Posted

If the bot is only logging the cache in question once then what is the fretting about? Is it because someone might get a smiley they don't deserve? It seems that the more attention is given to this the bigger the problem will become. Put it to bed and let GS handle it.

 

Don't worry! Be happy! :lol:

Link to comment
knowschad

knowschad

Posted
Posted
If the bot is only logging the cache in question once then what is the fretting about? Is it because someone might get a smiley they don't deserve? It seems that the more attention is given to this the bigger the problem will become. Put it to bed and let GS handle it.

 

Don't worry! Be happy! :lol:

It is one of my responsibilities as cache owner to remove apparently bogus logs on my caches. There are a number of reasons for this, and I'm certain you are aware of at least some of them.

 

Apparently you haven't been hit by one of these bots yet? Don't worry! Be Happy!!

Link to comment
Avernar

+Avernar

Posted
Posted

I was just pointing out human nature.

 

Kinda like the reason we don't put big red shutdown buttons in datacentres anymore ... some people just gotta hit the button.

The still have the buttons. They just get a protective glass/plastic cover after the first time they're pushed. :lol:

 

That's why I said there should be an "Are You Sure?" question with some helpful text explaining what should or should not be reported.

 

I'm pretty confident we'll see more "false positives" on the button than actual bots. Now what you were saying at lunch about things like making the button appear only after a set of conditions is met, like the bot has been logging at a certain rate per hour, or after 20 logs on the same day .... that could be helpful.

 

Mind you, why not just flag a reviewer account that someone's logging a little too quickly and never even involve the COs.

 

Or perhaps throttle the site logs, like the forums .... ever try to post a reply within 15 seconds in here? You get a too fast, come back later message. You post 20 logs in 5 minutes, the site shuts you down for an hour.

If they can automatically detect it, all the better. Basically the process for GS would be:

 

1. Get a report of a possible bot either by a report but or a detection algorithm

2. Have a screen to review the logs of the account in question

3. Have a button to bad that user and nuke their fake logs

Link to comment
mtn-man

+mtn-man

Posted
Posted
and the "Report Post" in the forums is NOT working, no matter what any of the staff keep saying

This is not true. The report button is working.

 

Just not properly.

Yes, it will look like it failed, but it will have gone through correctly.

We just ignore your reported posts. :lol:

 

 

 

:lol: I kid, I kid...

Link to comment
knowschad

knowschad

Posted
Posted
and the "Report Post" in the forums is NOT working, no matter what any of the staff keep saying

This is not true. The report button is working.

 

Just not properly.

Yes, it will look like it failed, but it will have gone through correctly.

We just ignore your reported posts. :lol:

 

 

 

:lol:I kid, I kid...

Its a good thing, too. I was just about to report your post! :lol:
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Followers 9
Go to topic listing
×
×
  • Create New...