Thursday, April 14, 2011

Credibility of Stop Forum Spam

About the topic

Below is a screenshot from the page to add an IP address for blocking spam:

As you can see, the fields are so little and there is only a text box to allow you some flimsy evidence of forum spamming. Do note that computer forensics is a mammoth task and a pain. How would a small text box for evidence justify or proof wrong doing ?

We know that IP addresses are dynamic and have no credibility at identifying individual users and chances of proxies, secret proxies, accounts compromised .. etc... are very high. Email addresses can be re-made and can be spoofed.

How do you call to credibility of this architecture of preventing forum spams by Stop Forum Spam ?

The operators of Stop Forum Spam wouldn't check anyway, as it would be a trouble to wade through every case to vet... so they would simply just let all pass. 

Possible Routes of Attack
A vector of attack on Stop Forum Spam would be using proxies and gateways privately or quietly hosted or maybe through Tor as well. Fake accounts made with Stop Forum Spam could be created and used. The flimsy way to add "spammers" as shown above, could be falsified and no one would know how true it is. 

How would any staff at Stop Forum Spam verify the accused ? The so called admin of a forum (who is in fact an attacker who falsify his identity), could falsify computer logs and even metadata to show that the accused is really the spammer.

Making The Attack a Step Up

Now, let's apply to real world scenario with a malicious twist. Most forum do not protect themselves with the minimal form of protection via the flawed SSL/TLS connection (by the way, SSL/TLS is already broken), sniffing of passwords and login credentials could be done - especially to forum admin accounts. 

With the login credentials of Super Users of the forums, the attacker could do a database dump of the members credentials and IP addresses and maybe use an automated script to post all the credentials to Stop Forum Spam with some variation of evidences. It is possible that the mass upload of credentials would cause suspicion and the attacker may have already figured that out, so an artificial intelligence in the script could regulate the amount of loaded credentials and falsified evidences.

The attacker may register with different accounts user of the Stop Forum Spam and subsequently, could upload more credentials. 

Finally, to inconvenience the forum admins that he have attacked, he could have placed all the forum admins credentials onto Stop Forum Spam too and fully lock out the owners and admins of the targeted forum they own.


The model used by Stop Forum Spam is extremely flawed and not trust worthy because of the nature of the Internet. It is a broken model in an attempt to fix something but fails very badly at doing so.


The only solution that would make Stop Forum Spam, is for forum owners to register themselves and proof their ownership of the domain or website. 

All forums need to have the use of SSL/TLS or better security to protect their accounts from attacks.

For the owner of a forum to report an incident to Stop Forum Spam, the owner MUST produce database files (yes... the physical database files as it contain metadata) while redacting the sensitive credentials of all users. A fully qualified computer forensics staff would do the job of proving or disproving the entry of an incident. Stop Forum Spam and the reporting owner of a domain MUST enter into a legal contract of not revealing any details of the database files and protect the database files with utmost security and when the investigation is completed, the database files must be encrypted as best as possible with the highest security.

No comments: