Not so inoccent random PM's (from Emma ?) PLZ READ ITS A REAL ISSUE

[WkdPaul]

Damn .. looks like I missed the party!!!

[TempestCatto]

10 hours ago, LogicalDrm said:

 

Well, not that unexpected. I would say we get the waves few times a year. This is extensive one, and mainly since it targets PM system. The Moderators have quick ways to deal with common spam. It removes account and all of their posts. However it doesn't remove PMs sent. So while NA/AUS/NZ based Moderators have already banned many of the bots, PMs sent can still be there. Making this look like a continuing issue (when it necessarily isn't).

It was an over exaggeration to get the point across.

[demotricus]

I`ve had these PM`s on about 6 different forums now, (mainly Flight sim Forums). 

Took me about 1/2 a second to recognise it for what it was, then click delete.

Not the end of the world, and she did have nice ermmm Eyes....

[Crunchy Dragon]

28 minutes ago, demotricus said:

I`ve had these PM`s on about 6 different forums now, (mainly Flight sim Forums). 

Took me about 1/2 a second to recognise it for what it was, then click delete.

Not the end of the world, and she did have nice ermmm Eyes....

Good to know it's not just us, I guess.

[spartaman64]

she calls that cosplay smh thats just a halloween costume

[Windows7ge]

6 hours ago, wkdpaul said:

Damn .. looks like I missed the party!!!

I got "invited" by a Emas595. I wasn't interested. If I knew you wanted to go I would have offered you my invitation.

[Guest]

I think the real question is how can you cosplay nude? isn't that like when you dress up? 

[Bhosted]

Hi Bhosted,
Emmi756 has sent you a message!

Read full message

— Linus Tech Tips

 

What is this nonsense? Seems like she spammed all of us. 

[vanished]

2 minutes ago, Bhosted said:

Hi Bhosted,
Emmi756 has sent you a message!

Read full message

— Linus Tech Tips

 

What is this nonsense? Seems like she spammed all of us. 

topic merged

[TempestCatto]

51 minutes ago, floofer said:

I think the real question is how can you cosplay nude? isn't that like when you dress up? 

Well you could cosplay as a nudist, or a nude character

[Zando_]

Just now, TempestCatto said:

Well you could cosplay as a nudist, or a nude character

Nudist Beach time 

Tho if ur nipples aren't glowing purple it's finna be a 0/10 cosplay 

[TheVillageIdiot]

Was there not two or three obvious bots making accounts yesterday in the activity feed yesterday  ? I am pretty sure I seen that. There are a bunch of Emmas and some number from what I seen

[wANKER]

I haven't got any. 

 

Where do I complain?

[rcmaehl]

20 hours ago, Morgan MLGman said:

If you have any specific recommendations for improvements in mind, feel free to share.

 

• Limit multi-user PMs to only accounts who have an specific amount of existing forum engagement (e.g. 20+ posts, keep actual number private and changing)
• Limit links in PMs to only accounts who have a specific amount of existing forum engagement (e.g. 5+ posts, keep actual number private and changing)
• Require account setup (e.g. profile picture upload, signature) before access to certain features (e.g. PMs)
• Automatic flagging and logging of accounts that get errors too often (helps stop people testing bots)
• Captchas for PMs containing profanity (would help with toxicity too)
• Disable PM email notifications by default

[Murasaki]

Yikes. That explains the ghost message notification. Thanks for handling that one.

[vanished]

6 minutes ago, rcmaehl said:

• Limit multi-user PMs to only accounts who have an specific amount of existing forum engagement (e.g. 20+ posts)

I had this same idea, it is not viable sadly.  The change required would prevent all existing users from sending PMs until they posted an additional X times.  There is a potential workaround, but we are weary of using that given the risk.  Additionally, this would likely just push the spam into topics and status updates where public visibility is higher.  It would be good that it's less directed at users, but you can see the downside as well hopefully.

Quote

• Limit links in PMs to only accounts who have a specific amount of existing forum engagement (e.g. 5+ posts)

I'm not sure this is even possible, but if it was, it would fall victim to the above limitation anyway.

Quote

• Require account setup (e.g. profile picture upload, signature) before access to certain features (e.g. PMs)

I'm not sure we really want to do this given the amount of collateral damage it could cause, as well as the relatively low barrier to entry for spam accounts.

Quote

• Automatic flagging and logging of accounts that get errors too often (helps stop people testing bots)

Not sure about this one, will mention it to the group

Quote

• Captchas for PMs containing profanity (would help with toxicity too)

An additional captcha has been added to the sign-up process for probable spam sources

Quote

• Disable PM email notifications by default

This should be easily doable, but would not help anyone with them already enabled.

[WkdPaul]

18 minutes ago, TheVillageIdiot said:

Was there not two or three obvious bots making accounts yesterday in the activity feed yesterday  ? I am pretty sure I seen that. There are a bunch of Emmas and some number from what I seen

No, it's more than a few bots, a LOT more.

 

Our count of spam PMs is in the thousands! Quite a few people worked their ass off to fix that (thx guys!)

 

But not me though, I was offline fighting my own IRL war ; my daughter didn't want to do her homework !!!

 

Edited October 8, 2019 by wkdpaul

[TheVillageIdiot]

They seeded the crap out of this site .... I am certain there was there three names with some random numbers just making account after account. So do not comfortable cause there is more.   Should be easy to figure out tho ? New account list.

[rcmaehl]

14 minutes ago, Ryan_Vickers said:

-snip-

One additional thing. Various websites use exit pages/scripts. Links to external traffic headed can be filtered and specific domains blacklisted. onbeforeunload or something along those lines

[vanished]

Just now, rcmaehl said:

One additional thing. Various websites use exit pages/scripts. Links to external traffic headed to external websites can be filtered and specific domains blacklisted. onbeforeunload or something along those lines

Without going into too much detail, we are actively filtering spam based on content and have added things to the list to deal with this new issue.  I am not sure I follow... is this what you're describing or something else? 

[WkdPaul]

14 minutes ago, TheVillageIdiot said:

  Should be easy to figure out tho ? New account list.

Way ahead of you, we have a list of accounts.

 

Not sure how they got around the signup captcha, but it happened quickly and it was hundreds of accounts.

 

As @Ryan_Vickers mentioned, if there are any accounts left, it's because they don't follow the *name+number* scheme and were not reported.

 

That shit hurt the forum spam reputation since lots of people have email notification enabled, so the forum sent thousands of spam-looking emails (the emails contained the PM content, which was spam) ... So yeah

Edited October 8, 2019 by wkdpaul

[vanished]

3 minutes ago, wkdpaul said:

Not sure how they got around the signup captcha, but it happened quickly and it was hundreds of accounts.

Basically, these groups have hoards of human slaves they can submit capchas to for verification.  They just sit around all day doing them for pennies, letting the attackers focus on other aspects of what they're doing (not that they ever seem to put much effort or thought into that either though).

 

[TheVillageIdiot]

I figured you guys where already aware of it or I would of posted about it.

[rcmaehl]

33 minutes ago, Ryan_Vickers said:

Without going into too much detail, we are actively filtering spam based on content and have added things to the list to deal with this new issue.  I am not sure I follow... is this what you're describing or something else? 

This is more of a retroactive(?) approach for linked content that has bypassed spam filters.

Sites used to display messages like these for external links with onClick, onBeforeUnload, or other implementations:
 

 

During this time you can compare the external link to a blacklist in whatever implementation you've created and display an appropriate message. e.g. Navigation to <domain> has been blocked due to known malicious content. OR <domain> appears suspicious, are you sure you wish to continue? While this can easily be bypassed using URL shorteners and really any website with open redirects, it's an extra layer of security while cleanup is being done. It's a bit of work, but spam filters can't catch everything, so additional mitigation options after the spam has been created are always useful. 

[vanished]

Just now, rcmaehl said:

This is more of a retroactive(?) approach for linked content that has bypassed spam filters.

Sites used to display messages like these for external links with onClick, onBeforeUnload, or other implementations:
 

 

During this time you can compare the external link to a blacklist in whatever implementation you've created and display an appropriate message. e.g. Navigation to <domain> has been blocked due to known malicious content. OR <domain> appears suspicious, are you sure you wish to continue. While this can easily be bypassed using URL shorteners and really any website with open redirects, it's an extra layer of security while cleanup is being done. It's a bit of work, but spam filters can't catch everything, so additional mitigation options after the spam has been created are always useful. 

Ah I see now, yes I've seen those before on other sites.  I'll mention this to the team as well, since it's probably not the worst thing to have anyway, although I'm not sure how much it'll help in this case.