Oolite Bulletins

*

Being up early (or late) and all that, I came across a new registration: EnenrydEseend - https://bb.oolite.space/memberlist.php?m ... ile&u=4703

Being naturally skeptical of new accounts with websites, especially websites in foreign alphabets, I fired up the old translator. As far as I can tell it's mostly about the Russian National Rugby Team, and as such no cause for concern. Just thought I'd share the fruits of my labour to save anyone else from doing the same digging. Unless of course you'd like to read about Russian rugby.

If such negative spam reporting is undesired, feel free to delete.

Edit:
Immediately after posting, I noticed this on the previous page:

Uncle Reno wrote:

https://bb.oolite.space/memberlist.php?m ... ile&u=4667 - EnenrydEseend - May be OK but I'm suspicious.

I never saw the first registration, so I don't know what triggered the katana. Based on what I can see, I still stand by my original assessment, though.

*

On the other hand...

cycleckounc - https://bb.oolite.space/memberlist.php?m ... ile&u=4708

Peddling pharmaceuticals. Purge, please.

*

Spam!

Post:- https://bb.oolite.space/viewtopic.php?p=129396#p129396

Spammer:- https://bb.oolite.space/memberlist.php?m ... ile&u=4716

CheeseRedux wrote:

Being naturally skeptical of new accounts with websites, especially websites in foreign alphabets, I fired up the old translator. As far as I can tell it's mostly about the Russian National Rugby Team, and as such no cause for concern.

[...]

If such negative spam reporting is undesired, feel free to delete.

I think the trick these bots try to pull is they set up a profile with a random but innocent website: then they come back at a later date and edit the profile to point somewhere else.

Disembodied wrote:

I think the trick these bots try to pull is they set up a profile with a random but innocent website: then they come back at a later date and edit the profile to point somewhere else.

If that is the case, they certainly work hard for their money - or at least multitask a lot.
The account in question was logged on for over an hour after creation (or came back on an hour after, which to me seems a strange way of doing it; if you're gonna cloak for a bit, why just an hour?), and given the fact that the same username was killed on the previous page, why would you try any cleverness at all? Why not just register and immediately spread your spam? Maybe I'm just assigning too much detail-orientedness to it. After all, it may it may have gotten killed so quickly the first time that aegidian.org didn't get ticked off on the list.

Anyway, about 3.5 weeks ago,

Thargoid wrote:

We have a hack on aforementioned other board that new user posts do not appear until approved by a moderator or admin (and a maximum of I think 6 posts can be made per account and held in the approval queue).

It adds a little extra work for we mods, but it works very well in stopping normal users from seeing any kind of spam (presuming we don't approve something or someone by mistake of course). And once a post has been approved for a given account, then no further approval is needed for subsequent posts.

I would recommend it as a consideration if some new security measures are desired.

With the steady influx of spambots we've been seeing since the switch to v3, I think something like this should be seriously considered. With the majority of people here being in timezones close to GMT, there is a real possibility of undesired posts staying up for 6-8 hours before anyone with a katana could get to them. The only real downside I can see to filtering first post through a human being (aside from the work involved) is the same geographical spread; posts might sit for a few hours before getting cleared. On the other hand, if there's no one to let it through, there's also likely to be no one around to reply, anyway. (And if someone gets offended when they get a message along the lines of "In order to ensure a spam-free board, your first message has been placed in a queue awaiting approval by one of our administrators. As most of them live in Europe, this may take a few hours if you posted during European nighttime. We apologize for any inconvenience." I, for one, quite frankly think they'd be better off staying on the unfriendly side of Riedquat.) I've no clue how the inner workings of the bb function, but if it's possible to give admin powers limited to just 1st post approval, we might find someone to cover the other timezones without getting into a situation with too many cooks.

CheeseRedux wrote:

If that is the case, they certainly work hard for their money - or at least multitask a lot.
The account in question was logged on for over an hour after creation (or came back on an hour after, which to me seems a strange way of doing it; if you're gonna cloak for a bit, why just an hour?), and given the fact that the same username was killed on the previous page, why would you try any cleverness at all? Why not just register and immediately spread your spam? Maybe I'm just assigning too much detail-orientedness to it. After all, it may it may have gotten killed so quickly the first time that aegidian.org didn't get ticked off on the list.

I think that not all spambots are designed to actually spread spam: some are just link-farmers. There's often no intention to use the profile to post crap here; it's just there to create a link to the site being pumped.

http://en.wikipedia.org/wiki/Forum_spam#Types_of_spam

*

Speak of the devil:

getCreart: https://bb.oolite.space/memberlist.php?m ... ile&u=4722

Strong suspicions here. Admittedly based on the name only, but ...

Disembodied wrote:

http://en.wikipedia.org/wiki/Forum_spam#Types_of_spam

'twould appear there is more to this than meets the eye. But someone ought to tell these guys they're fighting a losing battle here. We're way too small to let anything go unnoticed for any usable amount of time.

***

CheeseRedux wrote:

We're way too small to let anything go unnoticed for any usable amount of time

And just to prove myself wrong, I did some digging...:

chomperman - https://bb.oolite.space/memberlist.php?m ... file&u=127 - Joined: Thu Nov 11, 2004 4:55 am
Admittedly, if this is a bot, it's very well done. But a website with "nutrition" in the name?

pokatinzy1 - https://bb.oolite.space/memberlist.php?m ... ile&u=1236 - Joined: Mon Nov 20, 2006 12:48 pm
You need a Russian to fix your apartment? This is your guy.

AJGreen - https://bb.oolite.space/memberlist.php?m ... ile&u=2641 - Joined: Sat Sep 19, 2009 4:42 pm
This might be a genuine fellow, but link in sig is to his internet marketing blog, and website is peddling proxy services.*

*What is our policy on links to moneymaking businesses, anyway? I seem to remember it being frowned upon, but do we have a hard and fast rule?

Thargoid wrote:

Administration Control Panel > General >>Board Configuration> Post Settings > Enable queued posts:set this to 1 (or however many you wish).

No, this is not built in.

*

Found one...I think....if anyone can read cyrillic, there are too many URL links!

https://bb.oolite.space/viewtopic.ph ... 51#p129551

* * * * *

Kendrick.Q.Bart - https://bb.oolite.space/memberlist.php?m ... ile&u=4751

Splendid effort. The name, the cute dwarven avatar. Too bad about the ForEx links, though. They kinda gave away the game.


Addendum: A bit more archeology:

rib - https://bb.oolite.space/memberlist.php?m ... ile&u=2007 - Joined: Mon Jan 28, 2008 9:31 am - Last visited: Tue Jan 29, 2008 11:06 pm
A perfectly innocent account, I believe, except for the link to his technical architecture firm. (Again, what is the formal stance on these things?)

gongoozler - https://bb.oolite.space/memberlist.php?m ... ile&u=1217 - Joined: Fri Nov 17, 2006 8:49 pm - Last visited: Tue Nov 28, 2006 7:30 pm
Same as above. This time it's design/photography.

Wakeless - https://bb.oolite.space/memberlist.php?m ... file&u=280 - Joined: Tue Aug 23, 2005 1:19 pm - Last visited: Tue Aug 23, 2005 2:57 pm
No clue what kind of business that website is, as you need a code to get in. Maybe a PM would get me one?

Austin - https://bb.oolite.space/memberlist.php?m ... ile&u=2936 - Joined: Mon Mar 08, 2010 11:40 pm - Last visited: Mon Mar 08, 2010 11:41 pm
Probably innocent enough. Site is down, so I couldn't check it.

Edit:
Gandr - https://bb.oolite.space/memberlist.php?m ... file&u=398 - Joined: Tue Jan 17, 2006 11:53 pm - Last visited: Fri Jan 20, 2006 6:59 pm
This is most likely the same fellow as gongoozler above. Profiles close enough to identical not to matter.

CheeseRedux wrote:

A perfectly innocent account, I believe, except for the link to his technical architecture firm. (Again, what is the formal stance on these things?)

Formal? Meh. If it’s an account that hasn’t been active at any time, it’s clearly referral farming. For actually active members, it’s a case-by-case thing.