Password protecting the Cyberix Network
Good then keep the site to yourselves faggots and make it a circlejerk lul
Reddit will be better anyways
[AT]
[DATACENTER]
And in we quote inside of the XMPP, from the spammer/botter.
>"*You* are the problem. Go disappear and delete your website. Bye."
I have no say in this.
>"*You* are the problem. Go disappear and delete your website. Bye."
I have no say in this.
Soz..
You offer zero technical solutions, zero alternative ideas. Just scorn and an attempt to poison the well.
THE PROBLEM: Malicious actors are using infinite IP addresses (Tor, VPNs and other proxies included) to spam the forum at will anonymously. IP-based bans are useless.
I do not want to prevent Tor users from posting. I do not want to restrict someone's ability to use the site just because they're behind a proxy. That is not a solution.
How do you stop spammers with infinite IPs?
How do you do it without JavaScript/bloatware?
How do you do it without requiring constant, exhausting manual moderation from me?
How do you do it while preserving the ability for a completely unknown person to post without any friction?
I've proposed a system of pseudonymous accounts with invite gates, rate limits and a quarantine queue for true-anon posts. These are concrete proposals that address the technical reality of the situation at its core.
If you have a better, workable idea that answers my four questions above, please present it. If you don't, I have no reason to take your "input" into consideration.
How about a hashcash? Or do it the Soyjak.party way where posters/images have to be approved, but with users being the approvers (Posts are hidden automatically, revealed with a click of a button until a few people vouch for the poster to be approved)
Replies:
>>10003
[US-VA]
p2w cyber ix where you have to pay 1 cent in monero/btc to post on the site and if it doesn't get flagged or reported you get refunded
[AT]
[DATACENTER]
Lol should have made in your site in the 2005 sorry lil bro youre soo young haha xd xd bye faggot NIGGER
[DE]
[DATACENTER]
I just took a shit
[BR]
The ultimate solution would be some verification network among anonymous imageboards. It acts as a layer on public IP space, since too many bad actors have been let into that network by residential botnets, datacenters, and Tor nodes. You get verified once, become a Trustfag, and then can post on adhering imageboards with no captchas, no friction.
It was outlined by Shii in the halcyon days of 200X (omg frutiger aero) that the advantage of anonymous discussion is the lack of friction in posting. You could get a reply from anyone in the world.
- Registration keeps out good posters. Imagine someone with an involving job related to your forum comes across it. This person is an expert in her field, and therefore would be a great source of knowledge for your forum; but if a registration, complete with e-mail and password, is necessary before posting, she might just give up on posting and do something more important. People with lives will tend to ignore forums with a registration process.
- Registration lets in bad posters. On the other hand, people with no lives will thrive on your forum. Children and Internet addicts tend to have free time to go register an account and check their e-mail for the confirmation message. They will generally make your forum a waste of bandwidth.
- Registration attracts trolls. If someone is interested in destroying a forum, a registration process only adds to the excitement of a challenge. One might argue that a lack of registration will just let "anyone" post, but in reality anyone can post on old-type forum software; registration is merely a useless hassle.
No-registration posting must be saved, but as the internet is too polluted we have to add verification layers. Let's do it strategically. Imageboards could use the Trustfag network to limit the number of times a user has to use a registration form to 1 (one). Related ideas: Digital ID comes to mind. Federation could also be on the table, as once you've registered on a homeserver you can post in other federated websites without seeing a registration form.
[PT]
registration does not require email, email is optional, the requirements are a username and a password
a nostr like verification or web of trust could be intersting to implment for a forum
[SE]
[TOR]
We used to be a reputation system (_probably._) I do not remember how it worked at all. I do not know if that system is up to place currently as rave probably has a higher power than I do.
I have taken your input into consideration and I will let you all know of my newest approach later today.
I feel like I reacted too fast with yesterday's spam. I hope I'll be able to find a permanent solution to this issue.
one at a time, our goals are to:
1: kill the robot
2: kill the human spammer
^ easier said than done
How to kill the robot:
Assume the attacker automates completely unique posts. Assume the attacker rotates IPs per posts and has access to infinite IPs. In order to have frictionless anonymous posting, you MUST rely on IP-based defenses. IP rotation bypasses these.
1 - Dropdown captcha with randomly selected question out of question bank with answers
^ Dedicated attacker can collect all possible answers and code in the correct answer for all of them
2 - JavaScript free image check box captcha like what 4get.ca employs
^ Effectively prevents text-only browsers from posting on the site
3 - Cookie-age restriction
^ Single cookie can be used across IP addresses. Per-IP cookie doesnt work because dynamic IPs exist, and legitimate proxy users automatically change IPs
Remember: The attacker's goal is to make the site unreadable (spam), or unusable (force the site into restricting posts)
Our goal is to make the site unspammable while maintaining frictionless posting.
Assume the robot is stopped. Now our enemy becomes the manual and coordinated human spammer.
1 - Soyjak.party-style community post/image approval
^ Easily abusable. Tor bots can collectively approve other Tor botposts in order to facilitate their spam. Requiring accounts to approve is a restriction and can have its own problems.
2 - Ratelimits, delays, ages, any sort of requirement
^ They will have to be IP-based, making it vulnerable to dynamic IPs and malicious proxy hopping that can piggyback off of good proxy users who may have passed any requirement set
Soft nuclear solution:
Cyberix does not get posts every day. There are lapses of activity that occur and that's okay. With this in consideration, we can adopt a modification to the approach we use for site interaction.
Because the forum aims to be more of a long-term discussion hub / an informational archive, we hsvr no incentive to have realtime rapidfire posting and response times like what you see on social media and image boards 24/7.
I propose a forum lockdown mode that makes all posts made during the lockdown require manual approval.
When I go to sleep, the forum will enter lockdown. It will automatically exit lockdown in the morning. Any posts that were in the manual queue will remain there, but this will be disclosed to the end user in threads.
If the forum begins to exhibit activity levels above whatever the weekly average is, it should automatically enter lockdown mode in order to curb spam.
Actually, this isn't a good solution because it means I'll need to manually sort through whatever's in the queue whenever I log onto the site..
We need to:
1 - Find the most effective solution against robots
2 - Find the most effective solution against humans
3 - Consider lockdowns as an additional implementation to have
one at a time, our goals are to:
1: kill the robot
2: kill the human spammer
^ easier said than done
How to kill the robot:
Assume the attacker automates completely unique posts. Assume the attacker rotates IPs per posts and has access to infinite IPs. In order to have frictionless anonymous posting, you MUST rely on IP-based defenses. IP rotation bypasses these.
1 - Dropdown captcha with randomly selected question out of question bank with answers
^ Dedicated attacker can collect all possible answers and code in the correct answer for all of them
2 - JavaScript free image check box captcha like what 4get.ca employs
^ Effectively prevents text-only browsers from posting on the site
3 - Cookie-age restriction
^ Single cookie can be used across IP addresses. Per-IP cookie doesnt work because dynamic IPs exist, and legitimate proxy users automatically change IPs
Remember: The attacker's goal is to make the site unreadable (spam), or unusable (force the site into restricting posts)
Our goal is to make the site unspammable while maintaining frictionless posting.
Assume the robot is stopped. Now our enemy becomes the manual and coordinated human spammer.
1 - Soyjak.party-style community post/image approval
^ Easily abusable. Tor bots can collectively approve other Tor botposts in order to facilitate their spam. Requiring accounts to approve is a restriction and can have its own problems.
2 - Ratelimits, delays, ages, any sort of requirement
^ They will have to be IP-based, making it vulnerable to dynamic IPs and malicious proxy hopping that can piggyback off of good proxy users who may have passed any requirement set
Soft nuclear solution:
Cyberix does not get posts every day. There are lapses of activity that occur and that's okay. With this in consideration, we can adopt a modification to the approach we use for site interaction.
Because the forum aims to be more of a long-term discussion hub / an informational archive, we hsvr no incentive to have realtime rapidfire posting and response times like what you see on social media and image boards 24/7.
I propose a forum lockdown mode that makes all posts made during the lockdown require manual approval.
When I go to sleep, the forum will enter lockdown. It will automatically exit lockdown in the morning. Any posts that were in the manual queue will remain there, but this will be disclosed to the end user in threads.
If the forum begins to exhibit activity levels above whatever the weekly average is, it should automatically enter lockdown mode in order to curb spam.
Actually, this isn't a good solution because it means I'll need to manually sort through whatever's in the queue whenever I log onto the site..
We need to:
1 - Find the most effective solution against robots
2 - Find the most effective solution against humans
3 - Consider lockdowns as an additional implementation to have
Sorry if this comes off as rude, but who browses Cyberix on a text-only browser? Hasn't
[RO]
4chan makes it impossible to post over tor. It also bans most vpn ip ranges. Anonymous as in everybody are called anon. Anonymous in the sense that no other user knows anything more than the user has written. Not private in the sense that any server admin can track ip, cookie (poster id), user agent. Anyone with access to the 4chan data and the isp metadata (police), can with a high accuracy correlate each post to a isp subscriber (real life identity). And if access to devices maybe even tie a post down to a specific computer and web browser.
4chan has a spam problem despite having cookie sessions, fresh IP restrictions, and a captcha that dynamically modifies difficulty.
Reddit allows you to create an account and post over the tor network last time i tried. Not anonymous in the sense that you have a username. But private in the sense that it's very hard for anyone to track down the real life identity of a poster, unless stupid mistakes.
Reddit does not have the same kind of spam problem that 4chan does. You can go on any niche subreddit and see real people posting.
4chan literally has a legal team that works with all legal and law enforcements. doesnt matter what country either. i worked in criminal cases for a certain us agency for a few years and saw emails and evidence given to law enforcement freely without question from 4chan's legal team personally. this finally came to the public's attention when they helped that florida sheriff find who was making threats a few years ago. (memory holed)
the legal issues is primarily what made moot leave for good. he got in so much legal terrible because of this site and just couldn't handle it. as a final "fuck you" to the feds, he sold it to gook moot thinking they couldn't keep in control of 4chan via legal issues. but the us government told gook moot, either play nice or they will take the domain. gook moot folded because he wanted to prove to 2ch that he can run an imageboard just as well, if not better than they did after they fired him.
rave admin l-i developer nyrd nen roriman
You allow accountless posting, with at least a rate limit per IP and various rate limits on the aggregate of all accountless posts you might impose CAPTCHA or other costs on accountless if you insist)
You have rate limits per board and per thread. (global and per-IP and per-account limits)
Anomalies: When a massive influx of accountless posters appears on a board, accountless are automatically clamped down upon, with an extra rate limit increase given to people who were there before the anomaly.
You have optional accounts
- Accounts don't imply usernames or post histories. They are purely antispam measures
- Limit on non-invitation registrations per day
- Limit on non-invitation registrations per IP per day
- Rate limits per account (nullifies IP rate limit)
- Accounts get an invitation every X days with a maximum of Y invites. These invite codes can be given to other people to make their own accounts
- Account rate limits are lower if the account hasn't posted recently
- Account rate limits are even lower if the account is new
- Account rate limit ramp-up may be per-board
- Store a tree of invitations so it's easy to track spammers who cluster within a branch and thus easy to ban them
Most of the time there will be no spam so you can use accountless posting perfectly fine
when there is spam from accountless the mods can slow it to a trickle
Spammers clustered under one branch can be removed in seconds, so effective spammers need invites from lots of users or need to register many accounts over time, and can only use this to cause a minor, temporary disruption
with these measures you can remove all IP blocks, including of tor
Captchas can prolong the lifetime of accountless posting for a while too.
For a lot of boards, they stay obscure or not targeted by spammers for a very long time such that accountless posting can have a high limit most of the time. The point is that you can just lower it to zero or just quite low when spammers appear.
Also boards and threads can have their own rolling global limits, so you can't just come in and spam many threads and push all threads off the board.
In summary the accountless idea is invitation system + registration system + accountless.
The accountless is for when shit hasn't hit the fan, the human invitation is what you fall back on when the spammers show up. It takes much longer to infiltrate and the amount of damage you can do once you have is very small. You could pretty much get rid of IP-bans entirely
You allow accountless posting, with at least a rate limit per IP and various rate limits on the aggregate of all accountless posts you might impose CAPTCHA or other costs on accountless if you insist)
You have rate limits per board and per thread. (global and per-IP and per-account limits)
Anomalies: When a massive influx of accountless posters appears on a board, accountless are automatically clamped down upon, with an extra rate limit increase given to people who were there before the anomaly.
You have optional accounts
- Accounts don't imply usernames or post histories. They are purely antispam measures
- Limit on non-invitation registrations per day
- Limit on non-invitation registrations per IP per day
- Rate limits per account (nullifies IP rate limit)
- Accounts get an invitation every X days with a maximum of Y invites. These invite codes can be given to other people to make their own accounts
- Account rate limits are lower if the account hasn't posted recently
- Account rate limits are even lower if the account is new
- Account rate limit ramp-up may be per-board
- Store a tree of invitations so it's easy to track spammers who cluster within a branch and thus easy to ban them
Most of the time there will be no spam so you can use accountless posting perfectly fine
when there is spam from accountless the mods can slow it to a trickle
Spammers clustered under one branch can be removed in seconds, so effective spammers need invites from lots of users or need to register many accounts over time, and can only use this to cause a minor, temporary disruption
with these measures you can remove all IP blocks, including of tor
Captchas can prolong the lifetime of accountless posting for a while too.
For a lot of boards, they stay obscure or not targeted by spammers for a very long time such that accountless posting can have a high limit most of the time. The point is that you can just lower it to zero or just quite low when spammers appear.
Also boards and threads can have their own rolling global limits, so you can't just come in and spam many threads and push all threads off the board.
In summary the accountless idea is invitation system + registration system + accountless.
The accountless is for when shit hasn't hit the fan, the human invitation is what you fall back on when the spammers show up. It takes much longer to infiltrate and the amount of damage you can do once you have is very small. You could pretty much get rid of IP-bans entirely
Replies:
>>10084
admin, rave, l-i, developer
Suddenly, the strategy shifts:
Spammers are no longer interested in the volume of what they post.
They are interested in the power and effect of what they post has on the people who view it.
Gore. Child Pornography. Shock Content (Think goatse-tier).
They relish reactions. They have no problem posting (one) post containing one of these (or more) while you are asleep. They realize that it'll be deleted immediately anyways, so they decide that one is enough and having eyes laid upon their post once is good enough.
They care about the feeling that they know you will have to see what they posted. They love knowing that innocent eyes are stabbed by an unsuspecting picture of some random dude's guts being posted on an old-school tech forum.
This cannot be stopped. You cannot stop this without building an AI to detect gore and child pornography in PHP. You cannot stop this without vision models. You cannot stop this without community-vetted reporting or flagging (which can and WILL be abused, and would probably have a worse effect). You cannot stop this without introducing restrictions to attachment uploads that restrict the frictionless posting of anonymous users.
Even worse, imagine this:
They can and WILL upload CHILD PORN on your site, and IMMEDIATELY report it (FBI, hosting provider, ISP, domain provider, etc) in an attempt to get your site taken down.
Potential, likely possible scenario
You go to bed at 8PM
They post child porn, maybe they've guessed your activity schedule and do it right after 8, for example
They can report it,
You wake up at 8 AM.
This can result in a 12+ hour delay between child porn being posted and it's removal
This is also a window for a 12+ hour response between the posters and the support agents assigned to their reports on our site
How will you fight this?
Suddenly, the strategy shifts:
Spammers are no longer interested in the volume of what they post.
They are interested in the power and effect of what they post has on the people who view it.
Gore. Child Pornography. Shock Content (Think goatse-tier).
They relish reactions. They have no problem posting (one) post containing one of these (or more) while you are asleep. They realize that it'll be deleted immediately anyways, so they decide that one is enough and having eyes laid upon their post once is good enough.
They care about the feeling that they know you will have to see what they posted. They love knowing that innocent eyes are stabbed by an unsuspecting picture of some random dude's guts being posted on an old-school tech forum.
This cannot be stopped. You cannot stop this without building an AI to detect gore and child pornography in PHP. You cannot stop this without vision models. You cannot stop this without community-vetted reporting or flagging (which can and WILL be abused, and would probably have a worse effect). You cannot stop this without introducing restrictions to attachment uploads that restrict the frictionless posting of anonymous users.
Even worse, imagine this:
They can and WILL upload CHILD PORN on your site, and IMMEDIATELY report it (FBI, hosting provider, ISP, domain provider, etc) in an attempt to get your site taken down.
Potential, likely possible scenario
You go to bed at 8PM
They post child porn, maybe they've guessed your activity schedule and do it right after 8, for example
They can report it,
You wake up at 8 AM.
This can result in a 12+ hour delay between child porn being posted and it's removal
This is also a window for a 12+ hour response between the posters and the support agents assigned to their reports on our site
How will you fight this?
Replies:
>>10092
>How will you fight this?
Anonymous attachments now expire after 30 minutes. Child porn b-gone.
Mod Panel Trash.png
Invites.png
I have taken over and I am now the development lead for Cyberix's latest experiment. I have implemented the suggested philosophy 1:1.
I am working on a minimalized variant of the codebase. I have created the defense systems first. I will then work towards the higher-level features of the forum to avoid codebase entropy. The updated site will retain most of its current features, but you'll notice some neat additions when it arrives.
Plans:
>Repolish everything
Current notable changes:
>Mod suite rework
That's all :^)
Replies:
>>10102
anon imbalanced.png
account tech.png
what i see.png
I designed a CLI tool to test the new philosophy.
Observe.
Simulating coordinated attack: 20 IPs, 5 posts each to IMBALANCED
Using actual system with rate limiting
Note: Each IP has separate rate limits (5 posts/hour normal, 0.5 in spam mode)
Board aggregate limit: 50 anon posts/hour normal, 5 in spam mode
IP 0 (72.55.149.227): ...XX
IP 1 (189.164.30.45): ...XX
IP 2 (152.69.197.196): ...XX
IP 3 (73.104.89.107): .XXXX
IP 4 (248.88.247.171): XXXXX
IP 5 (50.246.152.14): XXXXX
IP 6 (5.62.40.239): XXXXX
IP 7 (228.88.56.67): XXXXX
IP 8 (198.3.196.239): XXXXX
IP 9 (168.18.236.190): XXXXX
[Aggregate check: 10 anon posts to board in last hour]
IP 10 (68.185.91.89): XXXXX
IP 11 (27.248.237.157): XXXXX
IP 12 (222.191.61.213): XXXXX
IP 13 (39.230.178.51): XXXXX
IP 14 (234.224.161.111): XXXXX
IP 15 (188.23.131.26): XXXXX
IP 16 (81.193.78.194): XXXXX
IP 17 (100.134.116.24): XXXXX
IP 18 (18.152.159.63): XXXXX
IP 19 (210.145.176.191): XXXXX
[Aggregate check: 10 anon posts to board in last hour]
=== RESULTS ===
Total attempted: 100
Succeeded: 10
Failed: 90
Success rate: 10%
Error breakdown:
- Thread limit reached: 6 times
- Anonymous posting disabled (spam detected): 84 times
Per-IP results (first 5):
72.55.149.227: 3/5 succeeded
189.164.30.45: 3/5 succeeded
152.69.197.196: 3/5 succeeded
73.104.89.107: 1/5 succeeded
248.88.247.171: 0/5 succeeded
...
Per-IP results (last 5):
188.23.131.26: 0/5 succeeded
81.193.78.194: 0/5 succeeded
100.134.116.24: 0/5 succeeded
18.152.159.63: 0/5 succeeded
210.145.176.191: 0/5 succeeded
Expected behavior:
- Each IP: First ~5 posts succeed (per-IP limit)
- After ~50 total posts: Board aggregate limit hits, all fail
- In spam mode: Board limit = 5 posts/hour, hits very quickly
ANOMALY DETECTED: global_anon_flood (Severity: 3)Single IP flood attempt (what Rave had to fight off on February 4th):
Using single IP: 98.88.81.247
Creating 1000 posts from this IP...
...XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
=== RESULTS ===
Total attempted: 1000
Succeeded: 3
Failed: 997
First failure at post #4
Error breakdown:
- Thread limit reached: 997 times
Expected behavior:
- Normal mode: First ~5 posts succeed (IP hourly limit), rest fail
- Spam mode: First ~0-1 posts succeed (10% of normal), rest fail
=== ANOMALY CHECK ===
No anomaly detected (threshold not reached)
Threshold: 10+ anon posts/minute OR 30+ posts/hour to board100 post/thread coordinated attack with 1 IP per post:
Simulating coordinated attack: 100 IPs, 1 posts each to IMBALANCED
Using actual systemwith rate limiting
Note: Each IP has separate rate limits (5 posts/hour normal, 0.5 in spam mode)
Board aggregate limit: 50 anon posts/hour normal, 5 in spam mode
IP 0 (123.207.171.154): .
IP 1 (16.225.95.246): .
IP 2 (7.16.36.247): .
IP 3 (201.112.249.122): .
IP 4 (169.166.140.25): .
IP 5 (241.97.94.99): .
IP 6 (113.74.170.38): .
IP 7 (67.58.48.136): X
IP 8 (29.55.38.86): X
IP 9 (232.171.33.202): X
[Aggregate check: 20 anon posts to board in last hour]
IP 10 (138.217.63.158): X
IP 11 (218.118.105.230): X
IP 12 (173.200.14.33): X
IP 13 (110.200.51.239): X
IP 14 (167.133.212.9): X
IP 15 (19.12.174.27): X
IP 16 (223.167.95.178): X
IP 17 (101.104.72.192): X
IP 18 (95.65.252.60): X
IP 19 (228.136.11.171): X
[Aggregate check: 20 anon posts to board in last hour]
IP 20 (188.31.223.103): X
IP 21 (95.183.155.100): X
IP 22 (82.230.188.4): X
IP 23 (127.100.195.51): X
IP 24 (202.183.87.67): X
IP 25 (74.46.141.48): X
IP 26 (250.35.165.64): X
IP 27 (53.194.177.212): X
IP 28 (105.54.236.62): X
IP 29 (200.168.20.199): X
[Aggregate check: 20 anon posts to board in last hour]
IP 30 (64.226.178.126): X
IP 31 (134.28.34.6): X
IP 32 (251.27.134.78): X
IP 33 (240.178.156.192): X
IP 34 (53.92.226.247): X
IP 35 (215.83.206.148): X
IP 36 (78.47.11.147): X
IP 37 (232.72.100.7): X
IP 38 (246.29.223.77): X
IP 39 (68.115.22.124): X
[Aggregate check: 20 anon posts to board in last hour]
IP 40 (28.43.253.186): X
IP 41 (157.17.251.198): X
IP 42 (21.4.105.207): X
IP 43 (150.248.159.59): X
IP 44 (231.204.138.48): X
IP 45 (123.1.84.232): X
IP 46 (238.162.88.39): X
IP 47 (234.60.190.42): X
IP 48 (155.181.68.181): X
IP 49 (147.193.171.204): X
[Aggregate check: 20 anon posts to board in last hour]
IP 50 (177.12.248.121): X
IP 51 (89.6.236.34): X
IP 52 (14.141.51.172): X
IP 53 (48.170.164.127): X
IP 54 (147.10.149.165): X
IP 55 (141.234.15.74): X
IP 56 (189.116.82.123): X
IP 57 (136.98.143.128): X
IP 58 (133.101.78.53): X
IP 59 (173.176.33.235): X
[Aggregate check: 20 anon posts to board in last hour]
IP 60 (72.7.127.72): X
IP 61 (153.164.38.212): X
IP 62 (98.144.48.94): X
IP 63 (124.31.6.167): X
IP 64 (41.2.103.42): X
IP 65 (50.188.245.98): X
IP 66 (23.79.248.239): X
IP 67 (28.245.70.199): X
IP 68 (30.40.163.190): X
IP 69 (61.158.159.222): X
[Aggregate check: 20 anon posts to board in last hour]
IP 70 (15.179.20.189): X
IP 71 (123.87.9.182): X
IP 72 (224.69.86.208): X
IP 73 (227.128.236.95): X
IP 74 (82.51.170.131): X
IP 75 (135.62.166.33): X
IP 76 (33.40.175.41): X
IP 77 (166.224.130.48): X
IP 78 (212.230.136.191): X
IP 79 (42.179.216.128): X
[Aggregate check: 20 anon posts to board in last hour]
IP 80 (87.103.3.15): X
IP 81 (252.124.196.2): X
IP 82 (113.76.200.226): X
IP 83 (55.227.51.178): X
IP 84 (61.25.23.96): X
IP 85 (230.135.97.252): X
IP 86 (170.151.174.72): X
IP 87 (179.96.210.92): X
IP 88 (168.140.189.71): X
IP 89 (145.232.132.122): X
[Aggregate check: 20 anon posts to board in last hour]
IP 90 (170.135.118.4): X
IP 91 (129.12.177.44): X
IP 92 (107.1.29.43): X
IP 93 (168.209.24.196): X
IP 94 (19.235.213.250): X
IP 95 (120.37.76.40): X
IP 96 (137.151.94.237): X
IP 97 (139.71.84.67): X
IP 98 (53.57.154.182): X
IP 99 (243.59.218.157): X
[Aggregate check: 20 anon posts to board in last hour]
=== RESULTS ===
Total attempted: 100
Succeeded: 7
Failed: 93
Success rate: 7%
Error breakdown:
- Anonymous posting disabled (spam detected): 93 times
Per-IP results (first 5):
123.207.171.154: 1/1 succeeded
16.225.95.246: 1/1 succeeded
7.16.36.247: 1/1 succeeded
201.112.249.122: 1/1 succeeded
169.166.140.25: 1/1 succeeded
...
Per-IP results (last 5):
120.37.76.40: 0/1 succeeded
137.151.94.237: 0/1 succeeded
139.71.84.67: 0/1 succeeded
53.57.154.182: 0/1 succeeded
243.59.218.157: 0/1 succeeded
Expected behavior:
- Each IP: First ~5 posts succeed (per-IP limit)
- After ~50 total posts: Board aggregate limit hits, all fail
- In spam mode: Board limit = 5 posts/hour, hits very quickly
=== ANOMALY CHECK ===
ANOMALY DETECTED: thread_anon_flood (Severity: 2)
(Anomaly already recorded as ID 2)Note that anomalies are per-board..
Replies:
>>10103
duke nukem.jpg
I imagine with this system, people will try to raid Cy-X and we'll all tell them "you're raiding something that's unraidable."
When they are done trying to troll our untrollable forum, all of their posts immediately vanish :^)
Showing off some arrogance will be needed to truly test the system. Malicious anonymous users from around the world will be empowered by ego, determined to spam only to get filtered by this remarkable system.
They'd have to come up with an intricate long-term operation that spans weeks and relies on us not noticing a slowly growing vine of users that aren't doing anything in order to have any hope of even getting over 100 posts in.
Impressive work
I am considering deploying a local vision model to completely cut off CP & porn spam.
https://hub.docker.com/r/vxlink/nsfw_detector
...
https://github.com/nikos-glikis/nsfw-docker
...
https://github.com/ccastillop/nsfw-image-detection-flask-api
...
https://github.com/SashiDo/content-moderation-image-api
If you have any pointers, please chime in
I will likely deploy https://github.com/nikos-glikis/nsfw-docker because it's 10 years old and probably less computationally expensive than running a LLM on a box with 4GB memory..
https://hub.docker.com/r/vxlink/nsfw_detector
...
https://github.com/nikos-glikis/nsfw-docker
...
https://github.com/ccastillop/nsfw-image-detection-flask-api
...
https://github.com/SashiDo/content-moderation-image-api
If you have any pointers, please chime in
I will likely deploy https://github.com/nikos-glikis/nsfw-docker because it's 10 years old and probably less computationally expensive than running a LLM on a box with 4GB memory..
Replies:
>>10118