Are we members at risk for hacking?

nihahi

The spamming done this past weekend was definitely more sophisticated, as Beesie has noted. Whoever is doing this has taken the time to learn the "topics and phrases" that would lead many people to believe their post is legitimate. It feels like we are a true target now, as bc patients, as opposed to a random landing spot for some mass spammer.

I hear you on the "paid dearly for reporting" email flood.....Mods, I sure hope you follow through on stopping this by today, or I will absolutely stop reporting spammers. This surely doesn't require a board meeting to make happen.

This may be an unpopular thought, but I've been on the board for a couple years. I don't think I have ever come across a "new member post" that was a life or death scenario. Yes there have been some people who are frantic/extremely anxious about something, but in reality, no response that anyone already on the site can give will instantaneously change something. The vast majority of these "urgent" new threads receive responses of "call your doctor", "take a deep breath", "you'll know more when you get your test results", etc., which obviously means more time will elapse for the poster before anything will happen anyways. The "legitimate" newbies who post such frantic messages many times also reveal that whatever has them upset/worried has been going on for months or years!

Rambling...sorry, I'll get to point......Whatever firewall is applied, dedicated spammers such as we now have, are going to find their way through. Why would it be such a bad thing, to have a filter that all new threads by new members be held off the boards until the mods can assess the validity???? This wouldn't block new members, who could still access the site for info or read legitimate threads to gain some insight/reassurance, they just couldn't start a thread for maybe 24 hours. It would just catch the spammer thread before it makes it to the active list. There may be large numbers of new members joining up on a daily basis, but surely there aren't hundreds of new threads started each day. I doubt if it would be any more work for the mods than what they have now, when a spammer is reported.

nihahi

Beesie.....apologies....you stated something similar on the 1st page, I didn't catch it. Boy...I better have another coffee this morning!

Anonymous

Of course spam and hacking are two different things and no ones calling spam hacking so let's clarify since I think OP has a valid point. It's not that spam is hacking but that spam CAN lead to hacking. Ask yourself this: what is the purpose of spamming? yes it's to elevate numbers in search engines and so on but it's also to gain access to your private information so they can get enough information to drain your bank account. I'm assuming people DON'T want that to happen.

This site uses https which isn't bullet proof, by the way, BUT it means the site is encrypted, and that your account will be that much harder to hack.

Right in this thread we've already seen someone admitting to being a victim and it's increasingly common. Hacking to gain unauthorized access and spam both belong in the same pile of scum. In this case it might start with spam and end with your computer taken over or hacked by planting malware when you click on a link.

That said it is not helpful to assume people can't be or are unlikely to be hacked... especially those who are naive or otherwise lack the skills needed to keep themselves safe such as being aware of bad links. These people are NOT dumb but just naive.

For those who care about NOT getting ripped off ... moral of the story - always be careful about clicking on ANY links not only in email, but everywhere.

Just so you know the potential dangers of spam, even the best antimalware antivirus software isn't going to be much help to a happy hapless clicker. NOT clicking on suspect links is one of the first most basic lines of defense one can learn.

Tips:

1/ Beware of link shortening ie bitly tinyurl etc which without expanding them can completely obfuscate their destinations. If you must click on a shortened url use an expansion service or a browser addon.

2/ Beware of url encoding which can mask true destinations - ie the use of weird looking characters such as % unless you want to schlepp a translation table next to you.

3/ Use a link scanning service either online or as an addon or utilize one in your antimalware softwares.

4/ Hover over links under "live" words such as "HERE" and look at the bottom of your browser and see if the url to the site is what you are expecting.

I agree that we need some sort of block/limit for new members. It would solve a lot of problems. This has been mentioned and discussed a number of times this year in appropriate threads. Mods what is the problem with this? You want to hear our suggestions, but you are obviously balking on this matter.

Edits for clarification and:

I was saying I was surprised by people who, though multiple people said there was a problem with spam, didn't think it was the case

My thoughts too.

pupmom

Musical, thank you for that great explanation about the threat here. How can the mods assume everybody is sophisticated enough to NOT click on ANY link the spammers list. These links, potentially resulting in hacking, can only be prevented by the adms. of this site.

MinusTwo

Musical - good tips. Thanks.

After reading Nihahi's post, I do agree that the privilege of allowing a new member to create threads might be on hold for 24 (?) hours with a tasteful message that they are welcome to read & research while they are waiting to be vetted.

Mods - do you have the staff/capacity to check & block new users in this manner?

Anonymous

My pleasure. Somewhere back there I do remember someone asking for advice and so that's mine. I hope it helps. For the record, I get really annoyed when people who are simply naive or green, are portrayed by others as dumb. (I know it's sorta acceptable when we say that about ourselves, but it's not OK when others say it.) Moreover, BCO is likely to have a greater proportion of those in the older age bracket who are more likely to be less technically aware, and to boot, are coming here at a most vulnerable time. That's why I'm like a broken record with all this stuff.

Another thing is it is portrayed by those with a vested interest (of course) that the internet is such a safe and wonderful place. The sad fact is it isn't. Many people get ripped off losing 1,000s out of their bank accounts daily through various scams. I'm not interested in that myself. As such even with the lengths I go to technically, I still don't trust that I know enough.

Traveltext

I agree, just because some people don't see the spam certainly doesn't mean there isn't any. More likely the mods are doing a pretty good job of deleting it.

I vote against any impediments being placed before new users. This would't even eliminate the spam, only delay it for a time.

The number of people being ripped off on the Internet is an infinitesimal micro percentage of the total users. I've been online since it started, built hundreds of sites, blah, blah, and I'd say categorically that the internet is, by and large, a safe and wonderful place. At least compared to society in general.

nihahi

Traveltext....curious as to why you think giving mods a chance to check the validity of a new member before allowing posting wouldn't help? What am I missing about how spam works?

No one has suggested holding a new member in limbo, without access to information?

Traveltext

Fine with checking the validity of new users if BCO has the staff. And if that's possible without turning people away, that would be excellent.

nihahi

I am sooooo not computer savy, but isn't there some way of filtering at the "sign up" level??? I've seen computer sites that require some kind of "prove I'm not a robot" type of security gate. Or maybe some kind of extra step to get through before posting a first thread??? The only ones I am interested in turning away from posting are those who don't belong here to begin with...aka spammers. It would be too much to ask for every new member to be checked, just the new threads.

I think other discussions have brought out the reality that there are far more members, than there are "members who start threads".

Traveltext

You're so right nihai, there are ways of screening users, including the security gate. Trouble is, spammers would still make it in to BCO since the posts here are hand done, rather than robot generated.

nihahi

Ok, thanks for the explanation about security gates. But I still don't get checking out the number of new threads per day would be that onerous a "surveillance task".

I wish the Mods would chime in to let us know what that figure might be on average. It does seem that weekends (at least to my observation) is the worst time for spammers. I just counted through the pages on the active list. Including ones that overlap into yesterday (since they are like 20/22 hours old) there are 14. If you knock out ones from yesterday, it's less than a dozen new threads. Is that really too much to ask? It's a pretty quick look for the mods to realize it's a garbage post.

Beesie

The one thing that is consistent with every spam post is the inclusion of a URL or live link. So maybe that's what BCO needs to focus on. I rarely see URLs or links in legitimate newbie's posts - they come here asking questions, not providing information and links. So why not find a way to restrict the ability to include a live link for the first 20 posts? That would stop the spam completely.

muska

Spamming messages are often generated by spamming software and not by new users who go to the website and register only to start spamming. I certainly saw several spamming software generated episodes over the last couple of weeks but they were all taken care of very quickly.

I am sure our Moderators are working with tech folks on addressing the spam issue but introducing a manual 'gatekeeper' for new users I think will do more harm than good and will certainly make the site less appealing to new users.

nihahi

Muska....but why would it be less appealing, if the reason for the "wait to post" was clearly stated as intended to protect the privacy and integrity of the members and bco itself?

A very similar but more "in depth" type of gatekeeping is done for the picture forum, for the expressed and I believe well accepted reason that it is to protect the people posting from unwanted/inappropriate access.

edited to add: yes, I know the Picture forum isn't under the domain of BCO, but it is "connected" to it.

edited to add: ok....so according to Traveltext spamming is "handwritten"....you say it's a software thing.....I'm confused.

Anonymous

It's not about comparing this to "society in general". I disagree that it is a safe place. The internet is full of exploits and hacking ventures, which to the unwary and unprepared has real pitfalls. As I pointed out, more so on this site. Of course it's a given that people who are more involved in something generally become less aware that most other people are not - that is unless they pay attention.

Just today I've seen that one in three dailymotion accounts have been hacked with the miscreants gaining email addresses and other personal details. Tomorrow it will be another site. How many medical records have been compromised this year alone? I have seen major site after site been hacked into/compromised this year. Banks hospitals police stations libraries you name it.

Of course there's a chance that someone might dodge these bullets but then again there's a chance they won't.

MinusTwo

I think Traveltext pretty much said exactly what I think.

Fine with checking the validity of new users if BCO has the staff. And if that's possible without turning people away, that would be excellent.

muska

Hi Nihahi,

Let me try to explain. This community is interesting mostly because it attracts a large and diverse group of people. Whenever you introduce some kind of gatekeeping, it makes the site less spontaneous and pushes some people away. I don't see what is wrong with the privacy of people who post here. As for hacking, it might happen on any site and adding a manual gate keeper is not going to prevent hacking. Spamming may be software driven or generated by simple hand written scripts or even introduced by a legitimate user who is unaware of malware sitting on her computer.

Speaking of the picture forum, I tried getting access when I was contemplating reconstruction decision. I asked to get access, was emailed something, followed the instructions, tried logging in, couldn't log in and after two or three unsuccessful attempts to figure out why, abandoned the idea altogether and never went back. I don't have time to spend on all these pseudo security steps and generally speaking, avoid registrations that increase your odds to be spammed or hacked and don't use moderated forums and boards.

There is another aspect to gatekeeping on this site. Women and men who come here are worried, anxious, confused and many do not feel comfortable to post to begin with. Many spend a lot of time reading posts before they find the courage to post. Don't push those shyer folks from posting by unnecessary barriers.

lintrollerderby

I think most people who join a message board type community online expect there to be some parameters in place for new members in order to protect the site from those who are vile spammers. I think that limiting the number of posts made by new members would not be viewed by many as an unnecessary obstruction. I'm sure some will feel that way, but we clearly need something to be done. We talk a lot on this board about risk vs. benefit and I think that could apply in this situation as well. Sure, we may risk not welcoming some members by instituting a policy, but the benefit is we would be creating a much more professional looking space. Honestly, if I came to the site as a newbie and saw it flooded with spam, I wouldn't even get to the registration process in order to learn that I had to have my first posts moderated, etc. It would seem unprofessional to me and very unwelcoming if a board intended for the support of breast cancer patients was inundated with junk links to male enhancement drugs, movies, shoes, etc.

Traveltext

Nihai, I believe the spamming on BCO is hand done. Otherwise there'd be potentially thousands, not dozens of spam posts.

Muska, I like your reasoning for being careful with introducing gatekeeping restrictions, especially the suggestion that the diversity of the community might be affected and that shyer folks may be put off. We need both these cohorts. For me, the best sites on the Internet are the most open, and I tend to trade off security risks to post on these sites. A bit like when you travel and decide to take a calculated risk to visit an interesting destination.

lintrollerderby

Traveltext, I wholeheartedly agree. I think the majority of our spam here is manually entered.

nihahi

Well....just reported a couple threads as spam......got the same deluge in my email inbox. So.....nope....not reporting anymore of them.

lintrollerderby

I agree, Nihahi. I've taken a break from reporting them as well after the same thing happened.

Moderators

Hey all,

This community is here for and about you. All vibrant communities get into battles with spam, due to its activity. Thank you for your continued support with brainstorming ways we can battle the go-around techniques of the spammers. Sometimes we need time to work it out with our dedicated tech team.

For now, the email notifications are getting disabled. We will ultimately install a "Are you sure you want to report this post as spam" pop up verification when a member reports a post. Finally, we are disallowing newbies to post links.

All this should happen this week, if we do not have complications along the way. We are working on this, so again, thanks for your help!

--The Mods

pupmom

Thank you Mods!

lintrollerderby

Thank you, Mods!

MinusTwo

Wow Mods - thanks for the response.

nihahi

Thanks mods!

nihahi

Spam on page one of Active List.....but email deluge still coming so not reporting it.

bashy78789awy89aw (1 Unread Posts)	in Forum: Waiting for Test Results	Latest post by csaty89a7we 9 minutes ago.	Created by csaty89a7we 9 minutes ago.
svat89aw7taw89e (1 Unread Posts)	in Forum: Waiting for Test Results	Latest post by csaty89a7we 10 minutes ago.	Created by csaty89a7we 10 minutes ago.
vsaegt8a7t79aw89eaw (1 Unread Posts)	in Forum: Waiting for Test Results	Latest post by csaty89a7we 11 minutes ago.	Created by csaty89a7we 11 minutes ago.
gawty8aw79taw9 (1 Unread Posts)	in Forum: Waiting for Test Results	Latest post by csaty89a7we 12 minutes ago.	Created by csaty89a7we 12 minutes ago.
csataw7taw87 (1 Unread Posts)	in Forum: Waiting for Test Results	Latest post by csaty89a7we 13 minutes ago.	Created by csaty89a7we 13 minutes ago.

MinusTwo

Mods: WAY TO GO. Just checking the active topics and saw your answer to "Cannot Start a New Thread". Very diplomatic and kind w/o being too mean. Good to see that you have some of the 'fences' in place already.