User Controls
How many requests is to much?
-
2018-11-05 at 5:53 AM UTCIf I ran a program that registered accounts on a web application(likely creating SQL entries), at what point and frequency would the admin stop my shit?
Lets just say that the accounts contained basic info, fist name, last name, address, phone number, email, pasaword, username, maybe a couple hint questions.
Would a throttle of one account every 10 seconds for 3 hours a day likely be noticed? That would be a little over 1000 accounts a day.
What would the factors be? What would the best approach be?
Would it make a difference if I made the accounts very similar(like username1, username2, username3)...would your typical admin on a large website likely notice?
How close are the accounts being created monitored on a large well known website?
Would you notice any of this on NIS Lamy? -
2018-11-05 at 5:57 AM UTCcreating fake facebook accounts is pretty badass dude
-
2018-11-05 at 6:03 AM UTC
-
2018-11-05 at 6:27 AM UTCSeriously, what's the point in multiple accounts? Trolling... ? What's the point in that, even? To me, it's just a form of internet stalking.
-
2018-11-05 at 7:09 AM UTCdepends on how closely monitored it is
if it's automated, I'd (as the site admin) probably set the threshold as one account per IP every 5-10 minutes. Even if you were switching IPs they'd likely notice the abnormal traffic fairly quickly.
that heavily depends on how many resources they have and how important that application is; if it's just one person's project and they don't have an infrastructure team it depends on how well they understand security (probably not very well) -
2018-11-05 at 7:09 AM UTC
Originally posted by Firekrochfatty Seriously, what's the point in multiple accounts? Trolling… ? What's the point in that, even? To me, it's just a form of internet stalking.
Monetary gain.
This particular site has had over 8 million visits in the last 6 months. NIS has had 94.74K visits. If I'm reading it all correctly. SO this site really isn't that big or popular. The company is, but people aren't really visiting the site so much.
https://www.similarweb.com/website/niggasin.space -
2018-11-05 at 7:09 AM UTC
-
2018-11-05 at 7:10 AM UTCdid you forget which account you were logged in to
-
2018-11-05 at 8:52 AM UTCYeah, like aldra said, it varies wildly depending on big the relevant website is.
ISS doesn't have anything for automatic detection of registration spam. It wouldn't be too hard to build but the volume and nature of abuse on here has been low enough that it's easier to spend a few minutes here and there to clean up spam by logging into the DB and throwing together some SQL to mop up spam accounts than it is to make some kind of automatic monitoring or mitigation system.
This is probably the usual mode of operation for most small and mid sized web services. Of course at some point abuse becomes enough of a problem that you can actually save money on moderation efforts by programming automatic mitigation. The general field is usually referred to as "anomaly detection" and the publications in that space are an interesting mix of garbage fluff systems papers that probably shouldn't have been published and actually interesting applied information theory/statistics.
As for noticing it on NiS, I'd notice if someone started abusing alt accounts, and if they really pushed beyond the normal level of account registration (which is fairly low) but didn't do anything with those accounts, that'd turn up and warrant investigation when I run aggregate statistics every now and then but could go unnoticed for a while. -
2018-11-05 at 11:05 AM UTC
Originally posted by Lanny Yeah, like aldra said, it varies wildly depending on big the relevant website is.
ISS doesn't have anything for automatic detection of registration spam. It wouldn't be too hard to build but the volume and nature of abuse on here has been low enough that it's easier to spend a few minutes here and there to clean up spam by logging into the DB and throwing together some SQL to mop up spam accounts than it is to make some kind of automatic monitoring or mitigation system.
This is probably the usual mode of operation for most small and mid sized web services. Of course at some point abuse becomes enough of a problem that you can actually save money on moderation efforts by programming automatic mitigation. The general field is usually referred to as "anomaly detection" and the publications in that space are an interesting mix of garbage fluff systems papers that probably shouldn't have been published and actually interesting applied information theory/statistics.
As for noticing it on NiS, I'd notice if someone started abusing alt accounts, and if they really pushed beyond the normal level of account registration (which is fairly low) but didn't do anything with those accounts, that'd turn up and warrant investigation when I run aggregate statistics every now and then but could go unnoticed for a while.
Lanny I don’t know what any of this means, but can you tell if you wanted to - if a user is posting from multiple accounts if they are using different proxy thingy’s? -
2018-11-05 at 11:07 AM UTC
Originally posted by Mewsik Lanny I don’t know what any of this means, but can you tell if you wanted to - if a user is posting from multiple accounts if they are using different proxy thingy’s?
I can usually tell just by the posting style, but since lanny has control of the site he could use browser fingerprinting among other ways to determine whether the same person is behind multiple accounts -
2018-11-05 at 11:17 AM UTC
Originally posted by Firekrochfatty Seriously, what's the point in multiple accounts? Trolling… ? What's the point in that, even? To me, it's just a form of internet stalking.
I’ve often wondered this myself. Especially here, but DH as well. Personally, I think often times (at least in the case of social boards) deception and control are important elements in the users character. They most likely are self loathing and lack compassion yet crave to be accepted but never able to achieve it, by being themselves. -
2018-11-05 at 11:27 AM UTC
Originally posted by aldra I can usually tell just by the posting style, but since lanny has control of the site he could use browser fingerprinting among other ways to determine whether the same person is behind multiple accounts
Is this something fairly new? This “finger printing” thing? I too am usually pretty good about recognizing alt’s, obviously if I “know” a poster well. However, it’s not a fact or science. On DH, other posters were constantly being accused of being me and others. I only know for myself, they were wrong. They posted nothing like me either. There have been a few posters over the years I can literally feel, before they post. Those are the ones usually who I have a strong dislike for, for good reason.
So if someone masks their IP (which makes no sense to me, since isn’t most IP’s dynamic? I really suck at understanding this stuff) this finger printing program will still uncover who they are? -
2018-11-05 at 11:48 AM UTC
Originally posted by aldra I can usually tell just by the posting style, but since lanny has control of the site he could use browser fingerprinting among other ways to determine whether the same person is behind multiple accounts
I'm not up on the latest techniques of it but to my understanding, at least from his perspective it would just provide circumstantial evidence (OS, date and time, flash cookies present etc.)
probably the type of thing Australians worry about.
btw the new issue of the economist has a good article on the successes of the Australian economy which is kind of interesting to me. Your country is also stupid easy to do fraud in -
2018-11-05 at 12:42 PM UTCthe economist is NWO propaganda
-
2018-11-05 at 1:07 PM UTCI just realized that if you have a bot create thousands of accounts on some website and have it mirror those accounts in a DB you keep locally you could probably scam some DB traders by selling the "unique" DB to them.
-
2018-11-05 at 8:36 PM UTC
-
2018-11-05 at 8:44 PM UTC
Originally posted by Mewsik Is this something fairly new? This “finger printing” thing? I too am usually pretty good about recognizing alt’s, obviously if I “know” a poster well. However, it’s not a fact or science. On DH, other posters were constantly being accused of being me and others. I only know for myself, they were wrong. They posted nothing like me either. There have been a few posters over the years I can literally feel, before they post. Those are the ones usually who I have a strong dislike for, for good reason.
So if someone masks their IP (which makes no sense to me, since isn’t most IP’s dynamic? I really suck at understanding this stuff) this finger printing program will still uncover who they are?
No. It's been used for a long time. It primarily detects browser settings aside from OS architecture and screen size.
There are programs that can detect simular writing styles. Also, the time a person posts can show similarities. Even the way a person browses a site can link accounts. -
2018-11-05 at 8:45 PM UTCThis site temporarily shut a service down but its back up now.
-
2018-11-05 at 9:44 PM UTCYou can bulk sell accounts on some sites, youtube and gmail for example. People into internet marketing and shit will always pay a few dollars for buying accounts by the hundreds.
.