PDA

View Full Version : Is a Treeleaf being hacked?



Tairin
12-23-2020, 11:18 PM
To our sysadmin wizards

I just want to make sure everything is legit. I occasionally look at the “Who’s Online” (link under quick links) to see who’s online. Last couple of times there has been a number of users (i to 10) I don’t recognize all looking at the same thing. When I check to see who the users are the forum software says I don’t have permission to view the profile. I can view every other profile. I have a screenshot of what I am seeing but he file is too large to upload so I can email it.

Maybe everything is ok but something seems suspicious to me.

Let me know if I can be of any more help

gassho2
Tairin
Sat today and lah

Ryumon
12-23-2020, 11:41 PM
Certainly not being hacked, but there is a setting that is misconfigured on that page. You should be able to view profiles wherever they display, such as on a forum page. Presumably the server tenzo will take care of this.

Gassho,

Kirk

sat

Jakuden
12-23-2020, 11:43 PM
To our sysadmin wizards

I just want to make sure everything is legit. I occasionally look at the “Who’s Online” (link under quick links) to see who’s online. Last couple of times there has been a number of users (i to 10) I don’t recognize all looking at the same thing. When I check to see who the users are the forum software says I don’t have permission to view the profile. I can view every other profile. I have a screenshot of what I am seeing but he file is too large to upload so I can email it.

Maybe everything is ok but something seems suspicious to me.

Let me know if I can be of any more help

gassho2
Tairin
Sat today and lah

Hi Tairin, yeah we are aware of this, but thanks for telling us! Our valiant warrior Sekishi is battling the bots I think.

Gassho
Jakuden
SatToday/LAH


Sent from my iPhone using Tapatalk Pro

Tairin
12-24-2020, 12:16 AM
Hi Tairin, yeah we are aware of this, but thanks for telling us! Our valiant warrior Sekishi is battling the bots I think.

Gassho
Jakuden
SatToday/LAH


Sent from my iPhone using Tapatalk Pro

Thanks Jakuden. Like I said, something seemed off.

Sekishi [jedi]

gassho2
Tairin
Sat today and lah

Jundo
12-24-2020, 03:34 AM
Thanks Jakuden. Like I said, something seemed off.

Sekishi [jedi]

gassho2
Tairin
Sat today and lah

But the bots are on the outside looking in (as unapproved registrants). They can only see the public sections of the forum (not those for registered and approved members, like the "All of Life" section).

A bot can register, but unless it writes me personally, introduces itself, and tells me a bit about its life and practice ... it ain't getting in as a member! [jedi]

Gassho, J

STLah

Shokai
12-25-2020, 07:33 PM
Miracle worker and Defender against Bots. What more could we ask for??

gassho, Shokai
stlah

Sekishi
12-26-2020, 12:25 AM
Hi Tairin, yeah we are aware of this, but thanks for telling us! Our valiant warrior Sekishi is battling the bots I think.


Jakuden has it. We have bots that try to create accounts on the forum. The ones that pass the captcha and such end up in a sort of "holding pattern" where they have created an account but it is not allowed to do anything (cannot read anything that isn't already public, cannot post, etc.). So they log in and attempt to post over and over again. Eventually they give up. I come through once a week or so and delete the accounts.

This activity has really ticked up the past 3 or 4 months and has more or less made the "1 of 10" feature ... not very useful. [indifferent]

Thank you for checking in on it. Same goes for everyone -- if you ever see something odd or funky about the forum, feel free to post or PM Jundo or one of the Unsui! Like Kannon, together we have many hands and eyes.

Gassho,
Sekishi

Ryumon
12-28-2020, 10:10 AM
No, this has nothing to do with bots. The report is that on the Who's Online page, clicking a user name to view a profile returns a permissions error.

Gassho,

Kirk

sat

Tairin
12-28-2020, 11:56 AM
No, this has nothing to do with bots. The report is that on the Who's Online page, clicking a user name to view a profile returns a permissions error.

Gassho,

Kirk

sat

Uh no. This was about the Bots. I just happen to notice them via the Who’s a online page. As was explained above, the user created by the bots are only partially created and awaiting Jundo’s approval to be fully created.

All is good. Our valiant warrior Sekishi is on the case. [jedi]

Thanks all

gassho2
Tairin
Sat today and lah

Ryumon
12-28-2020, 01:49 PM
If I look now, I can click through to profiles of users I know. But when this was first reported, I wasn't able to do this. So it is two problems, and perhaps one is solved.

Why don't we just have a captcha like other websites to thwart bots?

Gassho,

Kirk

bot

Kotei
12-28-2020, 04:48 PM
...
Why don't we just have a captcha like other websites to thwart bots?

Hi Kirk,
I've had a look at the registration page and there is a reCaptcha. Seems that the arms race got into the next round with bots solving those.
Gassho,
Kotei sat/lah today.

Jundo
12-28-2020, 10:57 PM
Hi Kirk,
I've had a look at the registration page and there is a reCaptcha. Seems that the arms race got into the next round with bots solving those.
Gassho,
Kotei sat/lah today.

I have even had a small numbers of human folks contact me after registering who struck me as suspicious, e.g., perhaps from some hacker operation in India or Vietnam or the like (they exist, with actual human beings in "call centers" registering with websites). However the person was unable to tell me the first thing about Zen or why they are interested, and other such folks did not even bother to write back. I think that simply communicating with most new registrees filters out the fakers. Maybe a few fakers got through anyway (I am still suspicious about Kotei :p ), but we catch the rest I think.

The only actual conman I encountered was in an brick and mortar Zen group I used to sit with in the USA. Fellow showed up with a hard luck story, secretly "borrowed" hundreds or a few thousand dollars from members to help him out (the people who helped him did not know about the other people helping him in the group), then he vanished ... turned out he runs the same scam at churches, Jewish temples, Buddhist and other groups all over the USA. And that was not even online!

In any case, no other signs of mischief, spam or trouble makers around here (other than Kotei), so looks pretty safe. [batman] Reminds me of this old Zen story:


A Zen Master lived the simplest kind of life in a little hut at the foot of a mountain. One evening, while he was away, a thief sneaked into the hut only to find there was nothing in it to steal. The Zen Master returned and found him. "You have come a long way to visit me," he told the prowler, "and you should not return empty handed. Please take my clothes as a gift." The thief was bewildered, but he took the clothes and ran away. The Master sat naked, watching the moon. "Poor fellow," he mused, " I wish I could give him this beautiful moon."

http://users.rider.edu/~suler/zenstory/graphics/moon.gif

Gassho, J

Kotei
12-29-2020, 06:18 AM
...
Maybe a few fakers got through anyway (I am still suspicious about Kotei :p ), but we catch the rest I think.
...

You know how it is with us AIs... we just have to watch enough of you 'real' guys to behave exactly like you. But as you are learning the same way... who's the fake one anyway :p

The thief left it behind:
the moon
at my window.
Ryokan

Gassho,
Kotei sat/lah today.