I see why you chose the date for The Lounge software update

GeoffW
PlatinumLounger
Posts: 4023
Joined: 24 Jan 2010, 07:23

Re: I see why you chose the date for The Lounge software upd

Post by GeoffW »

Yes, thanks Kim. It only occurs with the themes Minimal and Subsilver2.

User avatar
HansV
Administrator
Posts: 78231
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: I see why you chose the date for The Lounge software update

Post by HansV »

The Minimal and Subsilver2 styles are not available any more after the update...
Best wishes,
Hans

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: I see why you chose the date for The Lounge software upd

Post by ChrisGreaves »

StuartR wrote:
27 Apr 2020, 18:43
One possible cause of our recent lockout problems may be the very large number of bots trying various attacks against the lounge software.
Speaking of bots, and regardless of privacy concerns, can the Lounge axe access by bots?
If so, then that might be a simple test if/when login probems arise again.
Thanks
Chris
An expensive day out: Wallet and Grimace

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: I see why you chose the date for The Lounge software upd

Post by StuartR »

ChrisGreaves wrote:
17 Jun 2020, 13:28
Speaking of bots, and regardless of privacy concerns, can the Lounge axe access by bots?
If so, then that might be a simple test if/when login probems arise again.
I was thinking of the kind of BOT that carries out attacks from slave PCs that have been taken over Chris. You can reduce the impact with varying levels of (potentially costly) DDoS protection service. But that isn't going to happen.
StuartR


User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: I see why you chose the date for The Lounge software upd

Post by ChrisGreaves »

StuartR wrote:
17 Jun 2020, 13:35
I was thinking of the kind of BOT that carries out attacks from slave PCs that have been taken over Chris. You can reduce the impact with varying levels of (potentially costly) DDoS protection service. But that isn't going to happen.
Thanks for this response Stuart.
Speaking for myself on my own behalf ... I don't have a problem with privacy. I saw "bots" and started thinking.
(1) Benign bots are indexing Eileen's Lounge and we will turn up on a web search; correct?
(2) Malignant bots have the potential to attack the lounge and possibly shut us out/down; correct?
If I am correct, then let me rephrase my question:
(3) IF we find ourselves in a login-problem, is it possible to axe bot access for, say, 48 hours and see if that cures the problem?
Thanks muchly
Chris
An expensive day out: Wallet and Grimace

User avatar
HansV
Administrator
Posts: 78231
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: I see why you chose the date for The Lounge software update

Post by HansV »

"Benign bots" make themselves known in the user agent string:

S3363.png

"Malignant bots" intent on disrupting or hijacking us most probably will NOT tell us that they are bots and use a generic user agent string, just like ordinary visitors:

S3364.png

(The screenshot just shows some random guest users; I have no reason to suspect them of being malignant bots)

So we cannot simply block malignant bots.
You do not have the required permissions to view the files attached to this post.
Best wishes,
Hans

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: I see why you chose the date for The Lounge software update

Post by ChrisGreaves »

HansV wrote:
17 Jun 2020, 14:12
... So we cannot simply block malignant bots.
Thank Hans,
Just to see if I understand this ...
Suppose the "can't login" problem erupted again.
Then it would be possible to "lock out" all bots - the malignant and the benign - for 48 hours just to see if that removed the problem?
A bot-lock-out that was accompanied by no login failures would suggest that the login was caused by bot behaviour.
It would not prove cause, but it might suggest a place to look?

Thanks
Chris
An expensive day out: Wallet and Grimace

User avatar
HansV
Administrator
Posts: 78231
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: I see why you chose the date for The Lounge software update

Post by HansV »

It would be a lot of work!
Best wishes,
Hans

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: I see why you chose the date for The Lounge software update

Post by ChrisGreaves »

HansV wrote:
18 Jun 2020, 18:05
It would be a lot of work!
(rats!)
WHY would it be a lot of work? Is there not a switch you can throw that says "No bots allowed", then throw the switch back after 48 hours?
Even if it is a Whitelist, copy it, empty it, then 48 hours later refill it.

This is getting deeper than I intended it to; I don't want to reverse-engineer the Lounge software. I have four litres of ice-cream to get through ... :munch:

Cheers
Chris
An expensive day out: Wallet and Grimace

User avatar
HansV
Administrator
Posts: 78231
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: I see why you chose the date for The Lounge software update

Post by HansV »

ChrisGreaves wrote:
18 Jun 2020, 18:56
Is there not a switch you can throw that says "No bots allowed"
Nope, there isn't!
Best wishes,
Hans

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: I see why you chose the date for The Lounge software update

Post by ChrisGreaves »

HansV wrote:
18 Jun 2020, 18:58
ChrisGreaves wrote:
18 Jun 2020, 18:56
Is there not a switch you can throw that says "No bots allowed"
Nope, there isn't!
:wordsfailme:, also :hairout: :sad: :scratch: :aflame: :boxedin: :blackhole: :beep: :bananas: :bummer: :brickwall: :headthrob: :frown: :dizzy: :disappointed: :crybaby: :crazy: :cooked: :confused3: :confused: :censored: :catty: :bwaah: :burnup: :puke: :ouch: :nuts: :mad: :igiveup: :hiding: :yikes: :weep: :surrender: :stupidme: :sigh: :shocked: :scream: and in conclusion I would like to say :rtfm:

Cheers
Chris
An expensive day out: Wallet and Grimace

User avatar
HansV
Administrator
Posts: 78231
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: I see why you chose the date for The Lounge software update

Post by HansV »

Alternatively, we could block smileys for 48 hours... :evilgrin:
Best wishes,
Hans

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: I see why you chose the date for The Lounge software update

Post by ChrisGreaves »

HansV wrote:
18 Jun 2020, 19:39
Alternatively, we could block smileys for 48 hours... :evilgrin:
:yikes: :woops: :weep:
An expensive day out: Wallet and Grimace

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: I see why you chose the date for The Lounge software update

Post by StuartR »

There is no way to identify a bot from any other traffic. It is just a computer that has been taken over by a bad actor and is then used to launch attacks on other web sites.
StuartR


User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: I see why you chose the date for The Lounge software update

Post by ChrisGreaves »

StuartR wrote:
18 Jun 2020, 23:10
There is no way to identify a bot from any other traffic. It is just a computer that has been taken over by a bad actor and is then used to launch attacks on other web sites.
Ah! Thank you Stuart. This makes sense to me (famous last words!).

Those Google bots that index Lounge pages are computers programmed to behave like humans, but they proudly bear the identifier "I am a Google bot doing good things". Only in the identifying title do we have a suspicion that they are indeed "computers programmed to behave like humans".
I suppose that were I an evil person I could dress up my computer and make it announce a title "Google bot" while I programmed my computer to engage in a DOS attack, and you (admins) could not know just by looking at my title.

For that matter I could use a new email, register as a new user, identify myself as "GoogleBot" instead of "ChrisGreaves" and make an extremely ineffective DOS at the speed of the two-fingered typist that I am.

Cheers
Chris
An expensive day out: Wallet and Grimace

User avatar
StuartR
Administrator
Posts: 12577
Joined: 16 Jan 2010, 15:49
Location: London, Europe

Re: I see why you chose the date for The Lounge software update

Post by StuartR »

A bot could take over someone's computer and then attempt to register as new lounger StuartGreaves. You don't actually need to include the word bot, or look like an indexing engine, to be a bot.
StuartR


User avatar
HansV
Administrator
Posts: 78231
Joined: 16 Jan 2010, 00:14
Status: Microsoft MVP
Location: Wageningen, The Netherlands

Re: I see why you chose the date for The Lounge software update

Post by HansV »

:cheers: Happy Birthday, Chris! :fanfare:
Best wishes,
Hans

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: I see why you chose the date for The Lounge software update

Post by ChrisGreaves »

StuartR wrote:
19 Jun 2020, 08:55
A bot could take over someone's computer and then attempt to register as new lounger StuartGreaves. You don't actually need to include the word bot, or look like an indexing engine, to be a bot.
Quite so. But I could title the scheme as "Google Bot" (whatever it is) to fool some admins who were trying to filter out malign bots.
I am supposing that this is a continual arms race between the good guys and the bad guys.
I recall that the older software had that one-minute between posts delay which (Hans I think, told me) was a counter to bot attacks.
Cheers
Chris
An expensive day out: Wallet and Grimace

User avatar
ChrisGreaves
PlutoniumLounger
Posts: 15498
Joined: 24 Jan 2010, 23:23
Location: brings.slot.perky

Re: I see why you chose the date for The Lounge software update

Post by ChrisGreaves »

HansV wrote:
19 Jun 2020, 08:56
:cheers: Happy Birthday, Chris! :fanfare:
That's the problem with growing old.
It seems like only yesterday that you last wished me "Happy Birthday", which would make today's celebration particularly miserable.
At this rate I'll be a 103 before I click "Preview" and 127 when I get to, in a manner of speaking, Submit!
Cheers :thankyou:
Chris
An expensive day out: Wallet and Grimace

User avatar
Argus
GoldLounger
Posts: 3081
Joined: 24 Jan 2010, 19:07

Re: I see why you chose the date for The Lounge software update

Post by Argus »

ChrisGreaves wrote:
18 Jun 2020, 16:12
HansV wrote:
17 Jun 2020, 14:12
... So we cannot simply block malignant bots.
Thank Hans,
Just to see if I understand this ...
Suppose the "can't login" problem erupted again.
Then it would be possible to "lock out" all bots - the malignant and the benign - for 48 hours just to see if that removed the problem?
From what Hans said (in the post you replied to), you would need to block all guests, incl. loungers currently not logged in.
Happy Midsummer!
Byelingual    When you speak two languages but start losing vocabulary in both of them.