Fake Accounts and SPAM Posts

Gertjan

@johnpoz said in Fake Accounts and SPAM Posts:

Normally we would see 1 or 2 posts from an account.. I saw 13 from one, 9 from another.. And while I was cleaning up those 4 more new accounts, etc. Previous round of flooding I saw one account with 18 posts in just a few minutes.

Is initial rate (== post) limiting possible ?
Like : new users can post 2 new forum posts in 24 hours, and this limit will go away after X days, or 5 upvotes, whatever comes first.

I mean : some (new) pfSense user decides to sign up and ask a - just one - question ? A legit person doesn't open 18 different post all over the place - and if he had 18 different questions, he would post them all in in the General Section, even of the majority of the questions are (for example) DNS related .... ;)

This one : if a user edits his post, then it surely must be a human !

What about : if the new forum user produces a valid ID (from these) :

Netgate 4100
Serial: 2014321874
Netgate Device ID: e57dfcd41dc5ad5afb223

then the "post rate limiting" is skipped right away as the new member is using a real pfSense.
I presume these are "IDs" are avaible somewhere within the same Netgate walls ^^

Anyway, just thinking out loud here.

@johnpoz said in Fake Accounts and SPAM Posts:

In one way the seeing the amount of spam seems to indicate that the forums are popular, etc. And we make a good target for such shenanigans.. Maybe if not so popular we wouldn't get so much spam..

About that : before, AFIAK, forum stats existed.
But I get it, showing that the forum has tens of thousands of forum members, and hundreds of thousands (a million soon) forum post ... that doesn't go unnoticed so I agree : don't show these stats (anymore).

johnpoz

@Gertjan I just did google for one of the phone numbers in just a new spam that popped in.. And you see that number on many a forum posts from all over the place in the last few days..

I mean a lot of different forums.. So clearly its not targeted at just pfsense forums.

Pippin

@johnpoz said in Fake Accounts and SPAM Posts:

maybe they found a way thru the spam filter?

Think so, OpenVPN forum has been hit also, close to 30000 posts the last few days.

johnpoz

@Pippin wow, that is a lot of posts.. I wonder how many we would have it allowed to run unchecked.. When the floods started new registrations were disabled while they tested the spam filtering.

I am still seeing some sneak through though.. uggghhh

one of the recent ones had the phone number with ~ vs - and the actual body of the post had an image with the number in it as well..

Not even sure how such nonsense would increase any sort of seo score??

mer

Saw this earlier, but honestly it's not unique to these forums.
@jwt as consumers of the forum, what can we do to help when we see obvious bot/spam stuff?

I've personally found that users doing what they can even if it's "report post" is orders of magnitude more helpful than simply "noting" the problem.

Gertjan

@johnpoz said in Fake Accounts and SPAM Posts:

Not even sure how such nonsense would increase any sort of seo score??

Maybe it's just the fallout of the new entry exam of Harvard science university : "write a script that post as much forum post possible on the top 500 forum in the world without being caught" ?
Oh .. wait, there is another one : entry exam of an0nym0us ? ^^

edit :

They are having a hard time also :

johnpoz

@mer yeah reporting can help.. But those help more when they are weird ones where its like is this spam or not that sneak through.. Currently if they get through they are flooding, and they are not adding their spam to existing threads they are creating new ones that are much easier to spot..

mer

@johnpoz and of course there are a bunch of new QuickBooks spam things that just popped up now

johnpoz

@mer the amount of spam the last few days has been insane.. I have never seen it like this before..

jwt

@johnpoz @mer @Gertjan we continue to work on it. thanks for your support.

johnpoz

@jwt yeah quite aware - these nutjobs have have to ruin a good thing for everyone.. I am trying my best to keep the forums clean, but every few minutes more pop in.. It is insane.. But it looks to be a real concentrated effort if you google the phone numbers they are posting.. They are like the top 100 results returned on google - just flooding anywhere they can post.. Forums everywhere are getting hit and hard.

elvisimprsntr

One application I use for ODB-II diagnostics on my Ford vehicles (https://forscan.org) requires a forum invitation code, which you can only get when you pay for their application.

Screenshot 2024-11-19 at 1.45.34 PM.png

Now that you have to register to download the installer (CE or +), perhaps the forum invitation code can be part of the registration process.

P.S. script kiddies are at it again already.

Patch

@johnpoz said in Fake Accounts and SPAM Posts:

yeah I can see the IPs - and lots of vpns on the ones I checked.. But not just 1 vpn, ie saw many of the major vpn players

@johnpoz said in Fake Accounts and SPAM Posts:

on many a forum posts from all over the place in the last few days..

I mean a lot of different forums.. So clearly its not targeted at just pfsense forums.

@Pippin said in Fake Accounts and SPAM Posts:

OpenVPN forum has been hit also, close to 30000 posts the last few days.

That suggests the source of the spam has significant resources and has build the capacity to attack over a considerable time.

@Patch said in Fake Accounts and SPAM Posts:

I don't understand where the profit is in doing this. The motivations I can think of are

forum filter companies justifying their value
2. denial of service attack by a product or country or political competitor.

3. advertising for service spamming.

4. the thrill of achieving a successful attack.

5. A bot error

6. An angry ex-customer

Which suggest 2. is the most likely. Perhaps a response to Russia/Ukraine or Israel/Iran or American politics

elvisimprsntr

Script kiddies are at it again. Can their mother please shout down the stairs to the basement to tell the trolls to knock it off?

We are loosing the Whac-a-Mole game. Mark Rober seems to be good at inventing ways to defeat carnival arcade games.

Popolou

@johnpoz Perhaps rotate the anti-spam question on new user registration. I wouldn't be surprised if they simply added that answer to any bot script. I'm presuming they aren't bypassing this somehow...

johnpoz

@Popolou I have no control over any of that, just a mod.. Need to do something different, the amount getting through is insane

mer

I don't know if it helps but today I learned that one can only report 10 spam profiles per day :)

johnpoz

@mer while reporting is good.. It can also turn into a form of spam for the mods and admins. If its a blatant spam post, ie its own topic etc.. and especially if there are bunch it more than likely doesn't warrant reporting.

What is good to report is those ones buried in another thread that don't standout as spam from a quick glance.. We are all aware of these spam floods coming in and you can't but help but know that they are spam.. Reports are prob best on those ones that they came back latter and added spam links in them and the like.. Even ones on old threads, etc. buried deep in the thread that nobody noticed when they were posted, etc.

Thanks!!

slu

@johnpoz said in Fake Accounts and SPAM Posts:

while reporting is good.. It can also turn into a form of spam for the mods and admins.

Good point, sorry.

stephenw10

@johnpoz said in Fake Accounts and SPAM Posts:

Reports are prob best on those ones that they came back latter and added spam links in them and the like.. Even ones on old threads, etc. buried deep in the thread that nobody noticed when they were posted, etc.

Yup that ^. Those are the hardest to pick up otherwise.