Block image based on MD5 Hash ban list

mkerala2

Network license
Beta tester
Joined
Jun 30, 2014
Messages
455
Points
105
đź’ˇDescribe your suggestion

Block abusive image which are repeatedly uploaded to the site by adding MD5 hash to block list similar to IP ban.

IP ban is less effective given that most ISPs assign dynamic IPs and some users keep uploading same abusive image again and again.

đź‘ŹWhere did you saw this?

Chevereto already make use of MD5 for blocking duplicate images, same could be used for blocking offensive images.

🔥Interest outside our community

Background: Recently someone contacted me about their private pic uploaded to my site. I immediately removed the pic and banned uploader IP. However, this pic gets uploaded again and again from different IPs everyday and being shared on other sites using the image link. This person have to contact me everyday with a new link to take down and I felt really powerless to prevent this personal abuse.
 

JLarsson

Founder license
License owner
Joined
Dec 2, 2013
Messages
71
Points
58
Location
Sweden
Website
zimg.se
Same scenario here a couple of times.
I removed the images and exactly the same ones keept beeing uploaded from all over the World (random IP's) like someone is using a VPN service.
 

tomsit

Moderator & Chevereto freak
Community Staff
Joined
Nov 25, 2016
Messages
496
Points
145
Location
Norway
Website
freeimage.host
+1

Same here. This can be really useful combating the predator who is uploading the same CP to my site from new IP's every other day.
 

Rodolfo

Chevereto Developer
Chevereto Staff
Joined
Oct 7, 2008
Messages
16,587
Points
237
Location
Chevereto HQ
Website
rodolfoberrios.com
The system already uses MD5 for duplicated detection, adding a blacklist shouldn't be that hard but I don't think that such measure will really make a difference as you only need to alter one pixel and the hash will be completely different.

It is well known that inexperienced attackers will use just one image, but generate a bunch of the "same image" with different hashes is extremely easy and I won't be surprised if they do that right away this gets implemented. Applying this MD5 ban will mean +5 minutes or so for generating a bunch of same images with different hash.

Rather than a file/string hash, we need an image content hash (also known as image fingerprint) with a DB storing that data. This is not just use another hash function, it needs more infrastructure and to make it perform fast the DB will be huge. Just huge.

I think that ask the application to filter this kind of thing is a good idea, but implementing a firewall in your server will certainly be helpful as the desired blocker is not a trivial feature to add.
 

HenrysCat

Core license
License owner
Joined
Apr 18, 2017
Messages
88
Points
58
Location
127.0.0.1
Website
imgrpost.com
An MD5 blacklist may not stop duplicate uploads it will certainly reduce them, bit like the spam folder on our email accounts, won't catch all spam but we all still use it ;)
 
  • Like
Reactions: mkerala2

mkerala2

Network license
Beta tester
Joined
Jun 30, 2014
Messages
455
Points
105
Firewall is ineffective against these guys as they are not bots. There are so many free VPN providers out there and it is impossible to block them all.

I agree that MD5 block can be easily bypassed. But, we can put at least an additional roadblock to make it harder so they just find another site.
 
  • Like
Reactions: HenrysCat

imgyukle

Network license
License owner
Joined
Aug 29, 2016
Messages
28
Points
53
Firewall is ineffective against these guys as they are not bots. There are so many free VPN providers out there and it is impossible to block them all.

I agree that MD5 block can be easily bypassed. But, we can put at least an additional roadblock to make it harder so they just find another site.
I agreed this idea. But its not block completely this.

Also you can use ASN numbers for block like https://www.spamhaus.org/drop/asndrop.txt

you can find VPN's ASN numbers list for block.
 

Rodolfo

Chevereto Developer
Chevereto Staff
Joined
Oct 7, 2008
Messages
16,587
Points
237
Location
Chevereto HQ
Website
rodolfoberrios.com
Show me reports or something that tells me that this could be an effective measure. Sorry to ask about this, but I don't think that is wise to waste time in developing something just to find out that attackers will easily bypass it.
 

HenrysCat

Core license
License owner
Joined
Apr 18, 2017
Messages
88
Points
58
Location
127.0.0.1
Website
imgrpost.com
The only reason you ask is you know no one can present such evidence, the 'Enable Duplicate Uploads' feature has already been developed by your good self, we are just asking for the option to make it permanent, rather than just 24 hours.
 

Rodolfo

Chevereto Developer
Chevereto Staff
Joined
Oct 7, 2008
Messages
16,587
Points
237
Location
Chevereto HQ
Website
rodolfoberrios.com
If attackers are using several IPs to fool the dupe/flood protection, why you think that something more easier to fool (by getting a bunch of attacking images with different signature) will really make a difference?

I think that there's an issue here, but I don't share your thoughts on the best solution for it.