View Full Version : Blog Spam


Alex
September 17th, 2013, 12:12 AM
I logged in tonight, and saw that there were 6000+ entries in the ninjette blogs. This was interesting, as yesterday there were only 300 or so. I quickly found a spammer account that had posted thousands of annoying spam entries about online drugs, etc. The blog area doesn't have the same level of anti-spam control that the forum area does, so deleting them all was a pain in the ass. Can only delete 200 at a time, so it took a whole bunch of clicks, as there is no straightforward way to delete all of them at once.

To combat this new attack vector, I've made some small changes to the blog area. First - a user here must meet the Marketplace requirements to be able to add any blog entries (25+ posts, been here 30 days). Next, I've put all new blog entries into the moderation queue, so nothing gets posted in the blogs without approval. I'm hoping to remove that second requirement at some point, but in the short term, please bear with me.

Trailerboy531
September 17th, 2013, 12:27 AM
What kind of drugs? How was the pricing, would you say it's competitive with the offers I have in my e-mail?

Alex
September 17th, 2013, 12:27 AM
:)

deeno415
September 17th, 2013, 12:43 AM
What kind of drugs? How was the pricing, would you say it's competitive with the offers I have in my e-mail?

I just spam emailed you the prices!

LoL! Just kidding... :nono:

JohnnyBravo
September 17th, 2013, 03:12 AM
Mmmmm spam Hawaiian style... Pass the sea weed please

Joshorilla
September 17th, 2013, 04:33 AM
Can you access your backend DB ? If you ever need somebody to delete a ton of stuff on the backend I may be able to help.

Alex
September 17th, 2013, 07:27 AM
Yes, I run the whole server, and sometimes go direct to the DB. But - it gets dicey as the tables aren't always intuitive, so deleting everything from one may leave crap in other related tables that you didn't realize were related. It also can then screw up the metrics and totals of things if done incorrectly. Using the API's / built-in functions makes sure that everything stays in sync.

But if it was 1M posts instead of 6,000, I probably would have considered more harsh measures to wipe 'em.

deeno415
September 18th, 2013, 04:00 AM
Mmmmm spam Hawaiian style... Pass the sea weed please

Did someone say, "Spam Masubi"????

Alex: Sounds like a lot of tedious work. Sorry you have to go through all that trouble...

JohnnyBravo
September 18th, 2013, 04:08 AM
Did someone say, "spam Mitsubishi ...
No
There's more than one way to island out the spam

deeno415
September 18th, 2013, 04:15 AM
No
There's more than one way to island out the spam

Trust me... I know bruddah! ;)

JohnnyBravo
September 19th, 2013, 10:43 PM
A microniesian that lived most of his life in Hawaii was my cook in Iraq!!! Way to good food... Tuna jerky for everyone

Alex
April 7th, 2014, 02:01 PM
After some testing on how to delete large amount of spam blogs efficiently, I'm OK with opening up new blog entries without moderation again. Now anyone with marketplace permissions (here at least 30 days, minimum of 25 posts), can now post up, and be seen, immediately.

For the moment, blog comments are still going into moderation. I believe the blog writer is the one that can individually approve/moderate the comments that are posted on their own blog, I don't think it has to be me (but we'll see).

Alex
October 29th, 2014, 01:10 PM
Spammers are relentless! I received an automated notification from a company who said that spammers were using their links, and they requested I remove the spam from this site. I had no idea what they were talking about, but they provided links. Evidently it's a hole in the vbulletin blog software, where people can create "custom blocks" which allow them to post crap, even if they don't have permissions to post any blog entries. What's even weirder is that the blogs that are created with no posts, don't show up on any list of blogs, even though the pages exist when the custom blocks are linked directly. I have closed the hole, and banned the users, but here is what one looked like up until this morning:

33186

alex.s
October 29th, 2014, 01:25 PM
they were posting spams that had no link to them? we couldn't actually get to those spams? but the people who it linked to were complaining about it?

sounds more fishy than normal

Alex
October 29th, 2014, 01:38 PM
Anyone could get to them; they were live links that looked just like that picture. The links looked like this:

https://www.ninjette.org/forums/blog.php?cp=18

It was a link straight to a custom block. You can go to that link now, and it should show a no permissions message, as I banned those accounts and changed the perms so nobody could view any part of their blogs. But I then started to go through all similar links by changing that last number, and found a handful more that had crept in, some as old as a few months back. What is weird is that once someone finds a hole like that, typically they would flood it with hundreds or thousands of like pages; this time it was under 30 so it was easy to clean up.

But to your point, I'm not sure what use they got out of those links if there was no easy way to link to them from elsewhere on this site. Somehow they must have been posting them elsewhere on the net, as the automated brand-protection bots that alerted me apparently found them.

alex.s
October 29th, 2014, 02:07 PM
very strange.

ally99
October 29th, 2014, 03:32 PM
Yes, I run the whole server, and sometimes go direct to the DB. But - it gets dicey as the tables aren't always intuitive, so deleting everything from one may leave crap in other related tables that you didn't realize were related. It also can then screw up the metrics and totals of things if done incorrectly. Using the API's / built-in functions makes sure that everything stays in sync.

But if it was 1M posts instead of 6,000, I probably would have considered more harsh measures to wipe 'em.

I'm on a few forums, but you, sir, are the best moderator ever! :bow:

CynicalC
November 27th, 2014, 06:54 PM
I'm on a few forums, but you, sir, are the best moderator ever! :bow:

Administrator*

In this case, it makes all the difference.

ally99
November 28th, 2014, 10:34 AM
Administrator*

In this case, it makes all the difference.

I stand humbly corrected.

cbinker
November 28th, 2014, 10:40 AM
+1

Alex
November 28th, 2014, 02:25 PM
I'm partial to "chief geek". :)