URGENT MESSAGE RE SPAM

Post Reply New Topic

This morning on WP, a post from a bona fide member of WP was corrupted by a spammer who inserted a spam link in it.
This was in a thread on vaping which has now been locked.

If this happens to any other please report it urgently, immediately run your virus and malware software on your computer, and NEVER EVER click on the link the spammer inserts in your post.

Furthermore, would members please refrain completely from creating more threads on vaping. These threads are one of the top magnet topics for spammers, and they infest them with false posts like an outbreak of fleas, as you can see in the one I have locked today:

viewtopic.php?t=276218

Also would members please try to recognise and ignore the spammer posts instead of replying to them. Just report them. If you mistakenly report a bona fide member, don't worry, better to be safe than sorry. You will see in the thread linked how many spammers were active in it (6).

Please tell us what would indicate a message is spam, other than the obvious (low post count plus links to commercial websites).

1. Profile entries sometimes have very basic spelling errors eg "Unated States"

2. Profile page shows a business link (sometimes)

3. Messages posted sometimes have what appears to be a string of nonsense letters - for example djhpownkggstr
NEVER click on these to quote. Recent ones are from the Ukraine. They have been detected as infected on other sites

4. Posts with blue links placed below the message in the left lower corner of the post as you look at the screen.

5. words in blue embedded in an otherwise plain text post - the blue words are hidden spam links that open up when you click on them - may carry malware

6 Obvious spam links from new members with little or no posting history

7. Look out for several brandnew posters showing up in a thread and congratulating one another on their good advice.

8. Never open links that are posted in these thread topics: Bitcoin, travel tips, vaping, gambling, viagra etc, essay writing, smoking, cannabis in any form.

9. Be mindful that spammers usually lie about the country that they are in - the Ukranians say they are in the USA, the UK, one of them claimed to be in Mali...

10. Look for new members who join with "whole" names like JamesWilson for example, or EllaSmith, these are quite common lately

12. Look for new members who interrupt a completely unrelated thread with a first post that says "Hello! Nice to meet you!!"

13. The signature line includes spam

They are devious and malicious, and can trick both new and old members. If in doubt, report and we can check out their real location and posting history.

The Russian, Ukranian and Muldovan spammers seem to be getting more numerous in targeting our social forum lately. They are producing most of the current spam, though there are some from Pakistan also posing as ordinary members who are also active. Before most of the spam of these kinds seemed to be USA based, and the change to the Russian speaking countries has happened in the past 12-18 months.

Please be vigilant and report.

If I understand correctly what happened is the spammer quoted someone and added a link into the quote?

Or did someone hack an original post and add a link?

The second, a spammer interfered with a member's post and altered it.

You can what happened in the last part of the thread I posted in the opening post of this thread. Fortunately the bona fide poster immediately posted what had happened, so I was quickly able to remove the inserted word link, I traced the sock puppet spammer's account.

That's a pretty scary that someone's account can be hacked to add something to it.

It sounds like someone hacked the WP database to get passwords.

Shouldn't everyone change their password asap?

I would, and also run scans for viruses and malware. The member was advised to take precautions via PM.

Just quickly on this - no, almost certainly not. I’m not sure exactly what has gone on here but WrongPlanet stores passwords in an encrypted form which is mathematically impossible to hack.

My guess is that, in the worst-case scenario, clicking the link allowed them to run a malicious script which gave them access to information on the user’s system such as their cookies.

Thank you. I will.

Nearly all threads about writing, essays like this one are one of the prime targets for the same spammers who infest WP under different usernames.

So if you genuinely create a thread on this topic, then watch out for new or fairly members offering you their helpful links - these are spam links - don't click on them.

This thread is a good example of one spammer OP creating and using a number of sockpuppets as the thread progresses who appear to offer help by "answering" his fake request for help.

The spam links have been edited out, though you still see their posts to get a better idea of how they operate.

viewtopic.php?f=14&t=372849&p=8267643#p8267643

Interesting ... perhaps a few "honey pots" in various fora would draw them out and make them easier to spot ... ?

Have to add that the real advice that real members gave was pretty good, and yours in particular Fnord.

Particular topics already function as magnets for these spammers, so at this stage I think the best option to outline what to look for those who are interested in helping us kick the spammers into touch. It took me a while to recognise the various topics and tactics they use, so hopefully these examples will up the rate of "recognition spotting" by interested members.

We've had some great spotting already this week