Re: Bot Attack - Report Inappropriate Content

tyw · ‎01-06-2019

I was wondering if anyone has dealt with bot-driven Abuse Report attacks?

Yesterday our community received 4,375 abuse reports, every message was flagged multiple times with random text inserted in the body. All of this occurred within 60 minutes

As far as I can tell in the Admin, and Lithosphere there is no method for me to identify what IP is doing this since Abuse Reports do not go in the Audit Log. I also cannot turn off the ability for an anonymous user to report Abuse either, nor can I turn off the feature completely?

We are under attack again today, 25+ pages of reports, all within 20 minutes.

I've reached out to support but since its the weekend, and this isn't an outage I won't get an update until tomorrow at the earliest so I was wondering in the interim if anyone else has dealt with abuse report attack? If so how did you mitigate the issue?

RobertT · ‎01-07-2019

This is a new one, haven't seen that attack vector being used before.

I'm not aware of anything out of the box you could do without some development work around it. Ideally I'd recommend raising an idea for Captcha to be completed before an abuse report is raised (especially for anonymous users).

Robert

Click the Kudos button below if you find my posts helpful. If I've answered your query please click the Mark Solution button to help others find the same answer.

tyw · ‎01-07-2019

Captcha would be a great addition here, thanks @RobertT!

I'll ask Support if they can enable this ASAP to prevent further attacks and suggest, submitting an idea if needed that this feature should be rolled out to other Lithium customers.

kgroneman · ‎01-07-2019

Just FYI on our site if a not logged in user hits the abuse report link on a message, they are taken to the login page where they must login before completing the action. I don't know where this is set, but I'm posting just to let you know this can be done. Good luck. I hate spammers.

--
Community manager in the Micro Focus Community. My computer always used to beat me at chess, but it is no match for me now I changed the competition to kick boxing.

lilim · ‎01-07-2019

Yes, our abuse report page requires log-in too. I don't see any particular setting for this workflow. I wonder if its tied to anonymous users being able to leave comments? We have this disabled.

----------------------------------

Lili McDonald
Community Manager @ Amazon
Connect on LinkedIn

tyw · ‎01-07-2019

I was incorrect stating anonymous users can submit an Abuse report, it requires the user to login. Sorry all 😞

What led me to believe it was anonymous is the reports didn't have a username attached.

Digging further, it appears a user was able to register without specifying a username (despite it being required?) so I've flagged this to support asking how this occurred, and banned the user to stop the subsequent attacks.

I'll update this thread with the outcome for everyones awareness! Thanks all for your help 🙂

kgroneman · ‎01-07-2019

Curiousity question: Are you using Lithium for login or an external SSO?

--
Community manager in the Micro Focus Community. My computer always used to beat me at chess, but it is no match for me now I changed the competition to kick boxing.

tyw · ‎01-07-2019

Lithium at the moment, but planning to turn on SSO in a few days.

Bot Attack - Report Inappropriate Content

What permission(s) gets around flood control?

Search option on bg-p

How do you download/export a list of all RSVP'd us...

How do i get list of users deleted in the communit...