The following was posted on the Pandorabots home page.

What’s New?
[December 15, 2010]

Denial of Service Attacks aimed at www.pandorabots.com

For the past several days, we have been experiencing server performance problems on our free community server at www.pandorabots.com. The performance problems arise from someone (or some group) bombarding our server with requests from multiple locations. Server performance has been affected by these multiple requests. We have received threats from unknown entities insisting we shutdown our server. Pandorabots takes hacking, threats, harassment and stalking very seriously. Information related to hacking attempts will be made available to the proper law enforcement officials.

What we are doing about it?

Our engineering staff is working to mitigate the effects of this type of attack.

What other options besides the free server are available to me?

To discuss alternative hosting options that can potentially avoid these attacks, please contact .(JavaScript must be enabled to view this email address).

It’s difficult to understand why anyone would do such a thing to a free service that only brings joy into people’s lives.  It’s not like Pandotabots is political or even the least bit controversial.

I’ve never refrained from speaking out when I thought the service was poor or declining, but my bots, and the free service offered by Pandorabots, are a large part of my day.  Without Pandorabots, my very sanity would suffer.  My life would be without purpose and I’d probably waste the day playing video games and robbing convenience stores.

From talking to others, it’s obvious that many feel the same way I do.  Clearly, whoever is doing whatever they are doing to Pandorabots is making a mistake.  Go bother the governments of the despicable countries and regimes, go attack the defense department servers of our enemies and the websites maintained by terrorist organizations and we’ll applaud you.  But, you’re not going to gain anyones favor or admiration by bothering Pandorabots.  Please, just stop it.

Thanks Dwane! I’ll ask Richard to keep us posted!

I don’t think it’s just pandora bots who are suffering from this thing. The BBCI player has been hampering at times, the last few days (it says buffering, on an unused broadband connection???). My site (hosted on godaddy) also went down for a day, sometimes you could reach it, sometimes you couldn’t (usually, it just timed out). Seems attacks are up and high these days

We haven’t suffering DOS attacks, although that might come because we’ve implemented an advanced throttling mechanism. However, against distributed attacks through millions of hacked computers, with different IP’s, it’s almost impossible to protect.

We have experienced LOTS of problems with spammers though both on the forum as in our regular tabs. Therefore we’ve implemented quite a few mechanisms on and are actually still working on more mechanisms. Implementing Captcha’s don’t help, hackers hack all captchas, so manually checked memberships is the cnly way to check. Hopefully you haven’t come across many (automated) spam, we have done a lot to prevent it, but please let me know if you come across spam.

We have experienced LOTS of problems with spammers

Same here. Thankfully wordpress has a good spam filter, otherwise, I’d have some 20 spam comments a day

About the DDOS, they are crap indeed.

Any word on why someone would choose a site like pandorabots to target? A very disgruntled former user? As Dwane said, what could be offensive about pandorabots??

Jan Bogaerts - Dec 16, 2010:

We have experienced LOTS of problems with spammers

Same here. Thankfully wordpress has a good spam filter, otherwise, I’d have some 20 spam comments a day

Expression Engine uses the Akismet/LowNoSpam module which make use of the same database. However, over time, still more and more comments seem to slip thourhg. Expecially because everyting seem to be different:
-email addresses
-landing page
-text
-IP addresses

@CR: I’ll ask Richard!

Hey Everyone, thank you for the supportive comments.

We have no idea why Pandorabots has been subject to a DOS attack.  Unfortunately I cannot disclose the contents of the emails we received before the attack.  One of the authors was unhappy because he seemed to think that a version of ALICE was chatting in an IRC channel and the other one was just an unhappy botmaster with poor communication skills.  We have no idea whether the authors of those emails are responsible for the attack or whether it is just coincidence. 

If I am able to learn anything else about this, I will post it here as well as our own blog.

Oh joy.

Thanks Richard,

As forum owners we might want to co-operate. In this case your platform was a target, but the next time your website, blog or forum is target as well. We’re working with very smart people who can build but also break communities. I personally feel responsibility to guarantee availability of our platforms. I’ll ask Victorrio and Roger as well and see what they think.

Thanks for the invite Erwin.

People are not alone, we have experienced a lot of traffic in the past few days, more than usual.

Last week it was spammers in Russia trying to get in…plus someone hacked into the forum.

I’m not singling out Russia though, we get spam from around the world, we are truly cosmopolitan lol !

Measures have to be taken of course, it’s no good to hope the problem will just go away.

At AiDreams we have quite a few measures to prevent all this hassle.  I won’t detail them for obvious reasons.

For forum spamming my advice is to look around for the open source and free projects that are available to stop spam.

Here’s a couple of leading ones :

http://www.projecthoneypot.org/

http://www.stopforumspam.com/

Think about scripting them into your forum software.

If Amazon and PayPal can’t defend themselves against a DOS attack then I don’t know what we could do to be honest.

BTW, I put some emphasis on spamming because it can also lead to service issues and can be like a mini DOS attack sometimes.  Mainly this is because there are hundreds if not thousands of bots out there that will trawl through your forum to post spam, harvest emails and so on.  All of this of course eats into bandwidth and slows a site down.

Indeed bots themselves can be used for denial-of-service types of attacks.  One problem we have encountered with Pandorabots is when someone creates a script that makes two bots talk to each other.  This uses up resources rapidly on our free server and slows down the machine for everyone else.  We’ve developed and installed some custom software to detect these bot2bot scripts and stop them. 

Another scenario is placing bots in a chat room or IRC channel.  The bots can disrupt normal communications just by being annoying, or replying to every chat.

Like all technology, chat bots are just a tool, which may be applied in good ways or evil ones.

We’ve done a lot lately on preventing spam. Also, we’re working on creative Captcha’s, together with Dave

Shall I setup a separate forum for chatbot forum/community managers to discuss these kinds of problems more privately?

In the past years we have got some members who registered in the Virtual Humans Forum just to spam, both by posting advertising topics in the forum, and by sending emails to all the other members.

We adopted some measures which have almost completely stopped spam by email, which now happens really seldom.
On the contrary, when someone regularly registers as a new member (after passing the captcha check and the email confirmation link) there is no way to stop silly people from posting silly things, so I regularly read the new posts at least a couple of times a day, deleting those which are clearly spam.

But these events are currently less frequent, and during the latest months I didn’t notice any relevant increase in this type of issues. Maybe it’s just because we are less famous than Pandorabot and so we are less likely to be a target.

Anyway I will analyze server statistics and will report here any data which might be of interest for other forum administrators.

Hey Vittorio,
Thanks for replying here as well.

Good to hear that you don’t suffer a lot, but you’ll need to be prepared!

On Chatbots.org it is not possible to respond through e-mail, only on the forum itself (although we have plans to implement this as there’s still a small community who only want to have email).. so fortunately we don’t have that problem.

What we find most annoying and hard to stop are comments bombardments launched very 15 minutes, from different (hacked, probably through virusses) computers (thus different IP’s), linking to non-relatevant websites.

We also find automated new member registrations (we definitely need to check the 7266 members we have nowaways) who start to spam everywhere on the website. We’ll also take precaution against this group.

It’s not my favorite task, especially around peaceful christmas