1. Welcome to Tacklebox.com.au

    You are currently viewing the forum as a guest which gives you limited access to view the discussions and access some of our other features. Registration is simple, fast and absolutely free.

Spammers

Discussion in 'Chewing the fat' started by diesel, Dec 3, 2019 at 6:59 AM.

  1. diesel

    diesel Well-Known Member

    1,236
    3,958
    113
    Sep 23, 2016
    It looks like we are being targeted once again by spammers. The recent posts inviting members to obtain fake documents was deleted by Kev and even though he is no longer a moderator, it is good to know that he has the ability to remove offending posts.

    From what I have observed over the years that I have been on this forum and others, spammers seem to come in waves, they generally originate from the same source regardless of different details and most are coming out of either Russia or some of the former Soviet countries.

    Each morning when I log on to TBX I look to see if any new members have joined overnight and some stand out as potential spammers even though they have not yet posted anything to confirm my suspicions. During the early hours of this morning, Boro Kaisarevic became our newest member and with a username like that, my spammer alert meter lit up. Boro might be a fair dinkum genuine fisho, but I somehow doubt it.

    Due to the configuration process of gaining membership, anybody can join and therein lays the problem. New members are not being vetted in any way by the forum administration, so we are stuck with the spammers. Generally, I ignore the posts from spammers and advise others to do the same, but the recent posts that Kev deleted inviting one and all to partake in the illegal activity of fraudulent identity documents prompted me to reply to the spammer and in hindsight, maybe I shouldn't have. The temptation to voice my opinion on the posts was too great not to say something.

    Does anybody have any suggestions on how we stop the spammers? It is a bit unfair on Kev that he is the only backstop we have. Should we ask Tim to appoint more moderators and especially one who has the power to totally delete the spammer's membership?

    Jeff
     
    Master Baiter and kev209 like this.
  2. jedgpz

    jedgpz Well-Known Member

    101
    347
    63
    Aug 15, 2019
    More mods would help.
    Happy to help if needed
     
    diesel and kev209 like this.
  3. kev209

    kev209 Well-Known Member

    1,256
    2,974
    113
    Aug 22, 2016
    The last time I heard from Tim he said that with the new system TBX has now it would cut out spammers.
    Tim it's not working
    It appears I'm still able to delete spammers, if it's OK I will keep deleting them.
     
    diesel and Master Baiter like this.
  4. ratherbefishin

    ratherbefishin Active Member

    39
    139
    33
    Sep 9, 2019
    I can only think of two ways of doing it really. Both tend to be a bit labor intensive, so more mods is probably a good idea either way.

    First option is to go as we are and rely on folks with moderation rights (or at least delete rights like Kev) to monitor and delete offending users (obviously deleting just the posts isn't much good in the long run).

    The second is to require approval before new members are accepted and able to post (which it sounds like TBX had at one point maybe)? This somewhat depends on the ability of the back end software and how it handles user permissions..

    I tend to like the second option if it's available, but you need to have a sufficient number of mods to keep up with new membership requests amongst other tasks. For what it's worth, I previously ran a board which had 5 mods at one point and that seemed to work quite well. Your mods, however, really need to be folks who are regularly on the board as opposed to intermittent users.

    Finally, it's worth having some kind of captcha technology on the forum's account creation page to reduce the instances of bot created accounts. We may have that already, it's been a little while since I was on that page, but if not it might also be worth looking at to reduce the instances of dodgy accounts (note it doesn't eliminate bot accounts, but it does raise the barrier to entry).

    My 2 bobs anyway.
     
    Last edited: Dec 3, 2019 at 11:56 AM
    kev209 and diesel like this.
  5. diesel

    diesel Well-Known Member

    1,236
    3,958
    113
    Sep 23, 2016
    RBF, I like the way you're talking. Would you put your hand up for a mod position if we can get Tim to go along with your suggestion of more mods? Jed has indicated that he would help and I'm sure a couple more of the regulars would be in it.

    It's fine with me Kev if you want to keep on deleting offending posts, so long as you don't cop any of that sh!t that you had to deal with a while ago. It's not worth the stress.

    Jeff
     
    ratherbefishin and kev209 like this.
  6. Tackleberry

    Tackleberry Well-Known Member

    349
    938
    93
    Sep 30, 2016
    Yep I would be happy as well but I would only want to be able to delete spam not be a mod as it were ......
     
    ratherbefishin, kev209 and diesel like this.
  7. blair

    blair Well-Known Member

    709
    2,144
    93
    Mar 19, 2018
    Tell the spammers there is a cranky old scotsman on tbx who hates spammers and will use traditional scotish behaviour to remove them.:mad:
     
    ratherbefishin and kev209 like this.
  8. jedgpz

    jedgpz Well-Known Member

    101
    347
    63
    Aug 15, 2019
    braveheart.jpg
     
    ratherbefishin, blair and kev209 like this.
  9. Madfisher

    Madfisher Well-Known Member

    396
    1,318
    93
    Aug 14, 2016
    Maybe also be for being excepted the applicant has to answer three fishing related questions, that only Australians would know.
    Cheers Pete
     
    kev209 likes this.
  10. kev209

    kev209 Well-Known Member

    1,256
    2,974
    113
    Aug 22, 2016
    For curiosity, when you reply to these spammers can they get your computer details and make it easier to hack.
     
    ratherbefishin and diesel like this.
  11. diesel

    diesel Well-Known Member

    1,236
    3,958
    113
    Sep 23, 2016
    From what I have read about the tactics of spammers & hackers, Kev, it is the opening of links that will get you into trouble.

    Jeff
     
    ratherbefishin, blair and kev209 like this.
  12. kev209

    kev209 Well-Known Member

    1,256
    2,974
    113
    Aug 22, 2016
    Thanks Jeff
     
    diesel and ratherbefishin like this.
  13. blair

    blair Well-Known Member

    709
    2,144
    93
    Mar 19, 2018
    Hey where did you get a picture of my brother? ha ha . my bro actually does look a lot like mel Gibson, If treated correctly doesnt get as angry as picture. Watch out spammers!
    I will remember not to click on their links, especially ones whith dodgy names, that one was a classic.
     
    diesel, ratherbefishin and kev209 like this.
  14. kev209

    kev209 Well-Known Member

    1,256
    2,974
    113
    Aug 22, 2016
    A few years back I was going to join a transport forum. You had to apply to become a member, and all new members had to wait 7 days before they could post or reply to anything. At the time I thought it was a bit over the top and didn't join.
     
    blair, diesel and ratherbefishin like this.
  15. ratherbefishin

    ratherbefishin Active Member

    39
    139
    33
    Sep 9, 2019
    I'm certainly happy to be a part of the team mate, but I probably don't pass my own "regular board user" test as I tend to be here on and off for a few days and then disappear for a week. But if you want an extra set of hands, then I'm here to help.
     
    blair, diesel and Madfisher like this.
  16. ratherbefishin

    ratherbefishin Active Member

    39
    139
    33
    Sep 9, 2019
    Spammers aren't actually after a reply; they're generally after you taking some kind of action. There's a bit to unpack on the subject and I'll try not to make it a huge diatribe; note detail will be lost as a result :).
    Bullets might help actually....
    • Spammers on message boards such as this, generally have the goal of sending you to some website which sells something. They then get paid as a result (be it through ad revenue generated by the site, increased traffic to the site as a part of their spam campaign, you buying something from the site, or whatever). However, and it's a big however, such sites may also host nasty bits of code which can do a variety of nefarious things on your computer (from the milder end of the spectrum such as stealing processor cycles while your on the site to mine for digital currency all the way to breaking into your machine via your web browser [assuming your machine is vulnerable to said attack]).
    • The spammers who send you emails are also generally financially motivated, but have more malintent. At the milder end of the spectrum, they may be using email to do the same things as mentioned above; i.e. make money through clicks, ad revenue and whatnot. However at the more malicious (and common) end of the spectrum they may try to send you to a website which hosts nefarious software (this is often disguised as legitimate software.....what's known as a trojan....think of Troy and you'll get the picture). Said software will then fingerprint your computer and, if it can, break into it and install badness, given said person access to your files, keystrokes, etc. Remaining at the nasty end of the scale is the old phishing attack, where said spammer will send you a link pretending to be a banking institution, which when you click it will send you off to a fake site that looks a lot like your bank in hope you enter your online banking details.
    • While we're at it....phone scammers are basically a human form of the stuff above, but they work on blackmail. Their intent is to convince you they're from a large organisation (Telstra, Microsoft and the ATO seem to be popular choices), that you've caused or got a problem and that they're there to help you resolve it (which in the end involves giving them money of course).
    In the end these people are after one of two things; make money off you in some way or take control of your computer (so they can make some money off you).
    While not fool proof, here's some tips to help in dealing with the problem:
    1. Keep your computer software up to date. As soon as you get an update notification, back up your data and then apply it. While it's important to keep all software up to date, the MOST important are your operating system (generally Windows), your web browser and your email client/program. This matters as the companies who make the software are constantly fixing security holes and if you're up-to-date, you're setting a much higher bar for those with nefarious intent to jump over.
    2. Backup your files. But you all know this already. :)
    3. On updates, they will usually appear shortly after your turn on your computer, open your browser, etc. DON'T trust messages about updates which immediately appear after you've browsed to some website. If in doubt restart your computer, open your programs, leave the computer idle for 10 minutes and see if the notification reappears.
    4. Ideally, don't use your computer with an "administrator" account; this account has all the power and if any of the nastiness outlined above occurs, it happens with all of the keys to the kingdom. Ideally, create another user on your computer, make it the administrator, give it a sensible password and make your daily use account a normal user. Yes, it will be a bit annoying at first, as every time you want to install something you'll be prompted for the administrator password. But it can make a lot of difference in trying to keep your machine secure.
    5. When reading emails, trust your spidey senses; if something feels wrong, trust that. Good indicators are bad grammar and spelling, generic introductions and references ("Dear Sir", etc), the message is from someone you don't know, the message claims a catastrophic problem and you have to do something NOW to fix it, the message is asking you to go and log into your bank account, the message is asking you to transfer money, the message is asking you for personal information (e.g. tax file number), etc. If you are concerned there may be a real problem, please, pick up the phone and call the number of the organisation listed on their website (DON'T trust information given to you in the mail). They will validate if it's a problem for you or a scam.
    6. Don't click on links in emails unless you KNOW they are legitimate. One way to validate this is to move your mouse over the link without clicking it. In most circumstances this will drill though the nice email presentation and give you the address you'll actually be sent to, and place it in a little box above or below the link. So if the link says www[.]mybank[.]com....and you hover your mouse pointer over it and you get a little box saying www[.]randomplace[.]com, you know somethings probably up....especially if it's an email about which you're already suspicious. Do note, there are many genuine instances where you'll get a difference between the presented and real link. However, often the real link will contain the companies address and, if it doesn't, it should be an indicator to be suspicious and maybe reach out to them via phone if the email claims to be important.
    7. Read links carefully before you click them. For example, if you bank with "Bank of Australia" and you get an email with a link for www[.]bank0faustralia[.]com[.]au, then you can be sure it's a scam....as our bank wouldn't use a zero (0) in place of a real 'o'. There's an easy way to check these sorts of things; old friend Google (or Bing, or Duck Duck Go or your chosen search engine). Open your search engine, type in the name of the company and validate that everything before the first "/" is EXACTLY the same as their website. So, if our banking institution is www[.]bankofaustralia[.]com[.]au, this is valid: www[.]bankofaustralia[.]com[.]au/somepage. This is also valid: www[.]bankofaustralia[.]com[.]au/blah?1235. This, however, is NOT valid: www[.]bankofaustralia[.]com[.]au[.]bank[.]info/somepage. This is also NOT valid www[.]bankofaustralia[.]net[.]au/somepage. Everything leading up to that first slash ("/") MUST match.
    8. Finally......no self-respecting financial institution is going to email you and ask you to log into your account via some provided link. The same goes for the ATO.....or the AFP....or any government institution. Treat access to your online services (banking, MyGov, etc), like you treat the keys to your house or your physical credit card. Don't hand them over lightly and know who you're giving them to.
    There is so much more....but my "I don't want to write a huge diatribe" has turned into a huge diatribe.
    If this has been of any interest at all to you, I suggest going over here and having a read:
    https://www.staysmartonline.gov.au/protect-yourself/protect-your-stuff/software-updates
    https://www.staysmartonline.gov.au/protect-yourself/protect-your-stuff/email
    https://www.staysmartonline.gov.au/protect-yourself/do-things-safely/browsing-web-safely
    https://www.staysmartonline.gov.au/protect-yourself/protect-your-stuff/cyber-security-your-family
     
    Last edited: Dec 5, 2019 at 12:10 PM
    blair, kev209, diesel and 1 other person like this.
  17. Madfisher

    Madfisher Well-Known Member

    396
    1,318
    93
    Aug 14, 2016
    Thank you RBF.
    Cheers Pete
     
    kev209 and diesel like this.
  18. diesel

    diesel Well-Known Member

    1,236
    3,958
    113
    Sep 23, 2016
    Thanks RBF, I'm always learning something new here on TBX whether it be fishing related or something else

    That's my stumbling block too, plus I don't think I would pass the attitude & temperament test. I am very intolerant towards stupidity & bad behaviour, always have been and it's far too late to change now.

    Jeff
     
    Madfisher and kev209 like this.
  19. kev209

    kev209 Well-Known Member

    1,256
    2,974
    113
    Aug 22, 2016
    Thank you RBF
     
    diesel likes this.
  20. blair

    blair Well-Known Member

    709
    2,144
    93
    Mar 19, 2018
    thx RBF, I often wonder if spammer/creeps are using fake windows updates to access computers, pretty sure it would be a waste of their time to access mine. Hope they lock up more of the creeps.
     
    diesel and kev209 like this.

Share This Page