What happened to the forum? > SPAM

Everything about this website and its content. Here you will find update announcements or requests for feedback. Questions about layout, functionality, content, and your suggestions are welcome.
User avatar
Shrieker
13
Joined: Mon Mar 01, 2010 10:41 pm

Re: What happened to the forum? > SPAM

Post

bhallg2k wrote:It's not spam-related, but, is it just me or have the very tech-oriented members left?

Did the charlatans - like me, I admit it - finally run them off for good?
I share your sentiment. When a pointless arguement ensues and I can't refrain from it, I feel guilty.
Jeffsvilleusa wrote:Now they are posting in the current threads 4 at a time. This is creepy! Yet somehow I feel compelled to buy Nike shoes... must buy Nikes...
It feels bizarrely hilarious lol. I do think however the admins/mods don't find it so. I hate all those spams so I'd definitely like to help with the method mentioned below should you decide to go that way.
Just_a_fan wrote:
Either that or have a "spam mod" team who have mod powers restricted to just being able to quarantine a thread. That way there could be 100 spam mods helping to keep the forum clean. Auto delete any quarantined thread 7 days later unless a genuine user contacts the proper mods to ask for reinstatement.
Education is that which allows a nation free, independent, reputable life, and function as a high society; or it condemns it to captivity and poverty.
-Atatürk

User avatar
Steven
Owner
Joined: Mon Aug 19, 2002 5:32 pm
Location: Belgium

Re: What happened to the forum? > SPAM

Post

Also, may I ask NEVER to reply on spam posts, and only report them?
Replying requires us to additionally remove the threads, as when deleting the spammers, only the spammer's posts get deleted.

Thanks!

User avatar
raymondu999
54
Joined: Thu Feb 04, 2010 6:31 am

Re: What happened to the forum? > SPAM

Post

Tomba I'm not sure if PHPBB can do it; but could I suggest bumping the CAPTCHA security level up? Maybe a logic question too, such as who was the 2000 WDC or something?
失败者找理由,成功者找方法

User avatar
Steven
Owner
Joined: Mon Aug 19, 2002 5:32 pm
Location: Belgium

Re: What happened to the forum? > SPAM

Post

Captcha was disabled years ago as it was eventually COMPLETELY ineffective.
A bunch of logic questions like yours are in place at the moment as well.

User avatar
raymondu999
54
Joined: Thu Feb 04, 2010 6:31 am

Re: What happened to the forum? > SPAM

Post

Ah right. Haven't reistered here in a while, sorry :P
失败者找理由,成功者找方法

User avatar
markc
4
Joined: Thu Dec 08, 2011 12:30 am

Re: What happened to the forum? > SPAM

Post

it's not just the spam that we need to be wary of, it's also these hidden "images" which keep popping up in various newbie posts... These are sometimes just a pixel tracker, but a few have been rather dangerous. I got stung due to a compounded issue which I wont go into detail about, but suffice to say the "image" attempted to install some scare/ransomware. Luckily it only partially installed and I was able to remove it, but it took a day to complete and another day to deep dive logs to work out what caused it.

User avatar
raymondu999
54
Joined: Thu Feb 04, 2010 6:31 am

Re: What happened to the forum? > SPAM

Post

I don't think they're newbies - I think they're spambots.
失败者找理由,成功者找方法

wesley123
wesley123
204
Joined: Sat Feb 23, 2008 4:55 pm

Re: What happened to the forum? > SPAM

Post

markc wrote:it's not just the spam that we need to be wary of, it's also these hidden "images" which keep popping up in various newbie posts... These are sometimes just a pixel tracker, but a few have been rather dangerous. I got stung due to a compounded issue which I wont go into detail about, but suffice to say the "image" attempted to install some scare/ransomware. Luckily it only partially installed and I was able to remove it, but it took a day to complete and another day to deep dive logs to work out what caused it.
This is just great. got some more info on it?
"Bite my shiny metal ass" - Bender

User avatar
Pierce89
60
Joined: Wed Oct 21, 2009 5:38 pm

Re: What happened to the forum? > SPAM

Post

wesley123 wrote:
markc wrote:it's not just the spam that we need to be wary of, it's also these hidden "images" which keep popping up in various newbie posts... These are sometimes just a pixel tracker, but a few have been rather dangerous. I got stung due to a compounded issue which I wont go into detail about, but suffice to say the "image" attempted to install some scare/ransomware. Luckily it only partially installed and I was able to remove it, but it took a day to complete and another day to deep dive logs to work out what caused it.
This is just great. got some more info on it?
Yes, please elaborate on this, as i've not noticed. Sounds pretty effed up.
“To be able to actually make something is awfully nice”
Bruce McLaren on building his first McLaren racecars, 1970

“I've got to be careful what I say, but possibly to probably Juan would have had a bigger go”
Sir Frank Williams after the 2003 Canadian GP, where Ralf hesitated to pass brother M. Schumacher

wesley123
wesley123
204
Joined: Sat Feb 23, 2008 4:55 pm

Re: What happened to the forum? > SPAM

Post

I probably havent noticed anything as my browser would block these links(Adblocker for Opera, I have had every web page blocked from what i have noticed).

Also my pc shows no signs of infection at all, with no weird processes/services running.

But would love to read more of it, if true it is reason enough to block the usage of img tags, since then it would only be possible to drop the link, or the code itself.
"Bite my shiny metal ass" - Bender

User avatar
markc
4
Joined: Thu Dec 08, 2011 12:30 am

Re: What happened to the forum? > SPAM

Post

Sorry for late reply:

An image would normally be .jpg/jpeg/gif/png/tiff etc, but some of these image sharing sites use a .php?somelongawfulGUID to present the image. The problem here is you're relying on your browser and computer doing the right thing - display an image and not try and work out what the content is and run it. The malicious code also relies on this knowing that there's a flaw to be exploited - make the pc run the code. In my case it was a zero day exploit on windows media player (I won't bore you with what that means), so the "image" was some malformed media which my browser helpfully decided to "workout" that it should be a media file and run it.

To protect:
You need to make sure your:
browser is always updated with latest patches
flash is up to date
java is up to date and old versions removed
windows patches are all installed
UAC is enabled
Anti Virus is installed and working
Anti Spam/spyware/greyware/scareware etc is installed and working

Even after all that, thanks to an image code which was actually a media player exploit file I was compromised. The attack vector was also sophisticated enough to bypass the AV - it was so new that the AV hadn't got an update to check for that signature yet.

So you can get compromised just by visiting a website, even with all the good stuff enabled to protect you.

Cross site scripting / zero day / attack vectors are all good searches for those that want to know more.

User avatar
markc
4
Joined: Thu Dec 08, 2011 12:30 am

Re: What happened to the forum? > SPAM

Post

raymondu999 wrote:I don't think they're newbies - I think they're spambots.
+1 they're using similar (in some cases identical) content from other sites to stimulate discussion while ensuring that the code is run.

One particular one I recall on this site a few months back was a tracking image. I reported it and the hidden code was removed by the mods.

User avatar
markc
4
Joined: Thu Dec 08, 2011 12:30 am

Re: What happened to the forum? > SPAM

Post

wesley123 wrote: This is just great. got some more info on it?
Pierce89 wrote: Yes, please elaborate on this, as i've not noticed. Sounds pretty effed up.
Hi both, the hidden image in this case didn't come from f1tech, but a link I followed to a news story regarding Bernie and CVC. So far the hidden images here have been constrained to pixel trackers.

My AV is however now refusing to allow me to see images from uploadpic.org, believing them to be dodgy. They're presented to the browser in the form of .php?imageguid which could be used to inject malicious code.

I also reported one of those posts to the mods, but I was informed that the link was indeed an image and on-topic :oops: But then I couldn't tell thanks to AV being overzealous!!

Kind regards,
MarkC

Pup
Pup
50
Joined: Thu May 08, 2008 4:45 pm

Re: What happened to the forum? > SPAM

Post

The pattern I've seen is that the users all have the format "name00". The latest is "Harlow58". The images are from a domain called infoocean.info. The posts themselves are all vaguely on topic, but are really just fluff. It looks like the accounts are used for only 4 or 5 posts, then abandoned.

Fortunately for me, the images always show up as broken. I don't know if that's a mac thing or what. Makes them easy to spot, though.

I don't know but adding "infoocean" to the censored list might be a simple enough solution to the problem.

Here's a list of the accounts I know about...

Harlow58
Frances69
Florence19
Martha39

and of course Pierce89 :twisted: :lol:
Last edited by Pup on Tue Apr 03, 2012 4:00 pm, edited 1 time in total.

User avatar
markc
4
Joined: Thu Dec 08, 2011 12:30 am

Re: What happened to the forum? > SPAM

Post

lol, Very sophisticated bot that one!!