Since the change to Xenforo the forum has become a magnet for spammers. There are a number of reasons for this, such as being a relatively new xenforo forum, all accounts being publicly viewable by default and ease of account creation.
The reason the old forum evaded spammers to a large degree was due to members having to be logged in to view other member accounts. This is an unattractive proposition for spammers.
The forum is receiving consistent spamming either by automated Bots or by human interaction. There are several methods being deployed some are more obvious than others. Spammers are changing their tactics to evade detection.
I'll follow up with examples and suggested mitigations.
When logged onto the site on any given day, the number of generated accounts by spammers by my rough estimations is between 30%-80%, most of which goes undetected.
Updates: 6/1/2022
The reason the old forum evaded spammers to a large degree was due to members having to be logged in to view other member accounts. This is an unattractive proposition for spammers.
The forum is receiving consistent spamming either by automated Bots or by human interaction. There are several methods being deployed some are more obvious than others. Spammers are changing their tactics to evade detection.
I'll follow up with examples and suggested mitigations.
When logged onto the site on any given day, the number of generated accounts by spammers by my rough estimations is between 30%-80%, most of which goes undetected.
Updates: 6/1/2022
- Member accounts now hidden from public view unless logged onto the forum.
- Email verification enabled
- Improved account verification process updated.
Last edited:
Here is one tactic, an account created by (see attached picture) (a fictitious person - posts and account since deleted), it looked like a normal user and posted to what appears to be a valid question. The post managed to fool a number of members. What gave the spammer away however was the link to a website for a semiconductor distributor.
The account went undetected because there were no identifiers in the user profile (another tactic).
The account went undetected because there were no identifiers in the user profile (another tactic).
Attachments
Here is another spammer (account reported) that slipped through.
This one is typical of the obvious spammer, the giveaway is the account name.
These type of accounts are the silent ones, that once they get past verification they never post. Their only intention is to be visible to webcrawlers and search engines.
I have my doubts that it's an actual business.
This one is typical of the obvious spammer, the giveaway is the account name.
These type of accounts are the silent ones, that once they get past verification they never post. Their only intention is to be visible to webcrawlers and search engines.
I have my doubts that it's an actual business.
Attachments
Here are a couple more silent spammers (accounts reported), obviously created by the same person or bot as the accounts are basically identical. What are the chances of two accounts created on the same day who share the same birth date.
The accounts have an added twist, they have included additional websites which I'm not brave enough to visit as it appears to be malware sites.
Both accounts link to the same blog.
They appear to be using a valid website for blogs to distribute their nasty payloads. The blogs have additional malware download sites.
As a preventative measure the forum should block/blacklist or add to a list of phrases - hxxps://ello.co (I removed the ability to click on the link)
I hope people are finding this educational.
The accounts have an added twist, they have included additional websites which I'm not brave enough to visit as it appears to be malware sites.
Both accounts link to the same blog.
They appear to be using a valid website for blogs to distribute their nasty payloads. The blogs have additional malware download sites.
As a preventative measure the forum should block/blacklist or add to a list of phrases - hxxps://ello.co (I removed the ability to click on the link)
I hope people are finding this educational.
Attachments
Last edited:
I get a lot of spam with links to Norton Security...
Have they closed down or been taken over, so Norton is no longer their name?
Have they closed down or been taken over, so Norton is no longer their name?
I guess they use N__ton as its quite popular, as you can see from one of the spammers they use N__ton as the hook, but the link will most likely take you to a malware site. Name redacted to stop the webcrawlers.
Last edited:
Spamming forums is very effective, the account can be indexed by search engines and webcrawlers sometimes within 30mins.
Thanks Indiglo, it seems that there is a lot of profile link spam. Good for SEO, since diyaudio has a reasonably high domain authority. I'm mention to the powers that be, that we may need to tweak the ability to view profiles!
Tony.
Tony.
That norton.com link is just a façade, If you check the actual link it is n0rt0n1.com (zeros not o's )
Tony,
Tony,
Currently spammers are exploiting a loophole in the forum where new accounts automatically default to be publicly viewable.
@wintermute: you can change the default member account creation settings in - admin - setup - options - user registration
The first mitigation strategy should be to disable in user registration "View this user's profile page details" from "All Visitors" to "Members Only".
This should dissuade most of the spammers as their account is now invisible to the webcrawlers and search engines.
@wintermute: you can change the default member account creation settings in - admin - setup - options - user registration
The first mitigation strategy should be to disable in user registration "View this user's profile page details" from "All Visitors" to "Members Only".
This should dissuade most of the spammers as their account is now invisible to the webcrawlers and search engines.
Attachments
Thanks, I don't think I have access to that, and even if I do we have been asked not to touch 🙂 But I have raised the issue, hopefully will be dealt with soon 🙂
Tony.
Tony.
Here's a new one - Vietnamese real estate : https://www.diyaudio.com/community/members/bdshungthinhcorpvn.533134/#about
As suggested earlier, the new members should give an e-mail id that is at least a year old, and the new membership can be had only be submitting the password sent to that e-mail id. That should enable membership 24 hours after submission, so that it can be verified if needed.
A physical (street) address, and cell phone number, which can be viewed only by the administrators / moderators, should also be essential.
That should slow most down.
And on the commercial side, the payment account details can be made hidden, I have no idea of the current settings.
A physical (street) address, and cell phone number, which can be viewed only by the administrators / moderators, should also be essential.
That should slow most down.
And on the commercial side, the payment account details can be made hidden, I have no idea of the current settings.
Nice catch (report it if you already haven't done so), the only way to catch these accounts is when they register and are temporarily visible, once you miss them they fade into the background for the webcrawlers.
I like to know if these accounts are created by a bot, some are human most appear to be created by bots.
This will just frustrate new users, using the email validation in post #15, will stop the spammers as they will have to resort to responding by email to validate the account, at the moment registration it too easy for spammers, especially the automated types, the confirmation email is one too many hoops for the spammer to jump through. It's all about convenience.
- Status
- Not open for further replies.