Changes to Registered User Privileges

[Stephan Whelan]

To all Registered DeeperBlue.com Members

We have recently come under increasing attack by Spammers who use various methods to attack this site and subvert its use and members to illegal and criminal activities.

The attacks have been becoming more and more sophisticated over time and whilst we've installed tools to help the time has come to take more drastic action.

One of the most common attacks is for spammers to register on the forum and use privileges that allow custom images to be uploaded into signatures and avatars to be used against the forum.

Due to this fact all standard Registered Users will now have no privileges to include images or links in their signatures, nor can they be used in profile or avatar uploads any more.

These restrictions do not apply to Supporters of the forums.

I am continually reviewing the situation and further restrictions or implementations may be put into place if the situation changes.

Apologies if this causes any issues but action must be taken to protect the community.

Many thanks!

 

[trux]

Excellent! The casual visitor probably has no idea how many spammers are already blocked automatically by the sophisticated technical tools using public databases of spammers, how many are daily removed by moderators manually, and how many are being reported by other users. Still, some of the spammers and hackers are really vicious and can hide under clever camouflage, and it is extremely difficult to detect them. You may think it does not matter if you do not get to see them too obviously, but they are paraziting on the popularity of DB, and getting their search engins positions seriously boosted with every link kept at DB. So I for one welcome this measure very much and hope it will help to limit the volume of spam.

 

[Stephan Whelan]

To give people an idea the system prevents anywhere between 25-100 spammers per day on the site automatically. Typically 2 or 3 get through and the moderators deal with them.

 

[vasile]

Thank you for keeping the forum clean and safe guys,well done!

 

[Broseidon]

Just been pointed here after making a thread asking where our Avatars have gone...

I personally think that it's a real shame that users are not allowed avatars any more, I think it seriously detracts from the community feel and general look of the forums.

I can understand that signatures, where large images can be uploaded, present a problem but why avatars? Surely such a tiny image can't present that much of an issue?

I don't know what measures you've taken but I know that a lot of vBulletin-powered forums implement restrictions on users until they've made 50 posts. i.e. they can't have avatars, post links, add images etc.

 

[podge]

Bros me old son, how be on?
Sorry about the lack of your Avatar but it’s all down to the spammers.:martial:martial
I’m not overly technical when it comes to these things but I’m pretty sure that if you become a supporter then you can have pretty much whatever you want.
Go on my boy get yer hand in yer pocket.

 

[Broseidon]

Master Podgicle

Yes, I should indeed become a supporter, the forum has helped me loads! It's on my 'to-do' list.

 

[Stephan Whelan]

Broseidon,

I understand your frustration. Unfortunately any image uploaded can contain malicious code hence why we took more drastic action. We have been hit repeatedly over the past few months and it takes lot of time and effort to clear things up.

I am looking at other options (such as different levels of user) but will take a short while to implement.

 

[podge]

Master Podgicle

Yes, I should indeed become a supporter, the forum has helped me loads! It's on my 'to-do' list.

Good man!
Now I want to see your Avatar back up by the end of the week or it’ll be oop north for me and a good battering with a dead fish for you.roflroflrofl

 

[Broseidon]

Broseidon,

I understand your frustration. Unfortunately any image uploaded can contain malicious code hence why we took more drastic action. We have been hit repeatedly over the past few months and it takes lot of time and effort to clear things up.

I am looking at other options (such as different levels of user) but will take a short while to implement.

Ah, I know what you mean, 4 of my sites got really badly hit by the TimThumb Exploit which was malicious code uploaded via an image, painfully annoying!

I'm sure you've got it locked down but if there's anything I can do to help, please don't hesitate to drop me a message I'm happy to help with anything code or design related.

 

[Simos]

Broseidon,

I understand your frustration. Unfortunately any image uploaded can contain malicious code hence why we took more drastic action. We have been hit repeatedly over the past few months and it takes lot of time and effort to clear things up.

I am looking at other options (such as different levels of user) but will take a short while to implement.

If you do have a moment Stephan would you mind dropping me a PM with some details or link to this type of vulnerability? Thanks

 

[Stephan Whelan]

Simos - will happily chat through later this week.

 

[IsaacND]

Just out of interest, what are the consequences of the spam? It's become such a commonly used word, I've come to understand it as any irrelevant or repetetive message, It would be interesting to hear the more malicious versions as experienced by site creators...
I

 

[Simos]

Just out of interest, what are the consequences of the spam? It's become such a commonly used word, I've come to understand it as any irrelevant or repetetive message, It would be interesting to hear the more malicious versions as experienced by site creators...
I

There's many ways spam can affect a site - could be just junkie postings which make the site appear low quality and just annoy everyone or it could be directing people to site with virus etc to steal their personal deals or defraud them. In other cases it's just posting links to certain websites for website optimisation purposes (SEO).

Sometimes it's just more 'scamming' than spamming, where a fraudster will try to lure members into a scam and get money off them.

Anyway you cut it, it's bad for the reputation of a site if there is spam/fraud on the site and it's bad for its users so I'm glad Stephan is very proactive in sorting these issues out as soon as they appear.

 

[Stephan Whelan]

Thanks Simos.

There are two types of "spam" that cause issues on DB. First is the link or "scam" type of spam where nonsense posts are made to just create links to website selling viagra or other types of goods or worse - scamming people.

The second, much more malicious version, which caused us to implement the new restrictions is that by uploading an image that contains embedded code in it, spammers/hackers are able to re-direct traffic from off this site to websites that spam or scam members.

Pretty nasty stuff and an ongoing battle!

 

[IsaacND]

Interesting stuff! You use a site like this completely taking for granted all the work that goes into making it so easy to use... And the fact that it's still a free site is wonderful, seeing as making a joining fee would discourage spammers..
If I can help in anyway, let me know, although I must admit my technological know-how is somewhat limited.

But thanks moderators, you're doing a great job!!
I

 

[Simos]

Interesting stuff! You use a site like this completely taking for granted all the work that goes into making it so easy to use... And the fact that it's still a free site is wonderful, seeing as making a joining fee would discourage spammers..
If I can help in anyway, let me know, although I must admit my technological know-how is somewhat limited.

But thanks moderators, you're doing a great job!!
I

I completely agree, it's amazing to have such a great resource as DB available and free to use. If you are in a position of giving something back, you can become a site supporter for a few bucks every year...

 

[foxfish]

You can help by reporting any suspicious post, the staff are pretty quick dealing with reported post.
Some member of staff will normally be awake somewhere in the world!
All reported post are emailed to me & other staff members so we can manage to keep spammers post off our pages for the large part.
Stephan keeps updating protective measures all the time to try & keep ahead of the ever changing spammer tactics....

 

[Mr. X]

I'm surprised the spammers bother this forum so much - spam gets removed very quickly, it doesn't seem worth their while. (Unless some is slipping by us, going unnoticed or unreported)

 

[skygear]

I ban the accounts pretty quick on the forums I mod/ admin on. Then again, we have an account approval process in place for the first few posts. After a user proves themselves as a real poster with a few decent posts. Then we approve the accounts.

Lots of them are using the same IP so doing an IP ban works out great until they buy another proxy.

On the coupld sites I'm staff on, its a daily occurance but we get them. The porn bots are the worst! Especially on a family oriented site. All the NSFW content cam hurt someone's career... Or itleast make for am awkward conversation to the boss.