Are we members at risk for hacking?
BCO gets SPAM virtually every day, but more on the weekend, when, I assume, there are fewer people monitoring the site. I am very concerned that this issue has not been addressed. I am part of another site that recently went through a very serious hack attack, where members' data were compromised. I am thinking about signing out and not returning here, if this problem is not solved soon.
Comments
-
Yorkie, that concern has certainy crossed my mind, too, particularly as the rate of spamming has picked up dramatically in the past few months.
I'll be very interested to see what the Mods and/or other members have to say about the question. Thanks for raising it.
I think we all know that no site is 100% safe from hacking but we'd like some assurances that the issue is addressed and that robust steps are taken to prevent hacking to the extent possible. -
I understand your point Yorkie, however I'm trying to imagine worse case scenario and I, maybe blissfully, don't see it. Can you enlighten me/us? Thanks!
Amy
-
Amy, I'm not understanding how so many SPAM posts happen here all the time. Most sites have serious controls in place to prevent this. The fact that BCO obviously doesn't, makes me wonder about its other levels of security.
-
Security issues have been referenced in a couple of threads recently. Hacking is always an issue online and I have kept my personal information on this site to a minimum so that when this site is hacked, the hackers will get little from me. I'm always amazed at the personal information, locations, and pictures of family etc. that some share on a public discussion thread!
BCO needs to address this issue. I understand they are remodeling this site but have not been forthcoming on details. One hopes they are updating security and have a better plan for the spam.
Perhaps the techies on the discussion threads can weigh in.
-
Hey All,
We are definitely working on this problem! We use a number of spam filters, and we are looking into why it has become a more significant problem again. Also, we plan on getting rid of the emails that are automatically sent after you report spam! AND since there are many accidental reports of a post, we will add a pop up that will ask if you "are sure you want to report this post as spam".
Please add any suggestions!
Thanks for your help.
The Mods
-
Mods, adding the pop-up creates one more step each time we report spam, which seems counter-productive.
What about the idea that was suggested that we be able to report spam by user name, so that all of an individual's posts are flagged as spam though one action of reporting, rather than having to report each post separately? If this was possible, then certainly a double-check "Are you sure you want to identify all posts from this Member as spam?" would make sense, and of course you would need to retain the option to report a single post (for those extremely rare cases where a legitimate member of the board posts something inappropriate).
Considing the amount of spam on the board, the goal should be to make it easier to report spam and spammers, so that Members can quickly get rid of these posts, rather than add steps to the process.
-
I'm always amazed at the personal information, locations, and pictures of family etc. that some share on a public discussion thread!
Yes. Also, by default it's expected of each individual that they take serious measures themselves if they want any real degree of privacy. This makes a joke of this site indicating they take our privacy seriously. As for the spam I've suggested some time ago about putting a specific filter in reegarding weeding out hxxp:// in their titles but it's gone unanswered. -
I think we need to take steps to protect our identities no matter what site we are using. I have not posted an address here or a real name and I do not post pictures. Needless to say, I'm extremely careful with my credit cards on other sites. If there are other steps that you tech people think are urgent, please let us know.
I like the idea of reporting spam by name. It would cut down on transactions when one spammer posts 10 times before the mods can catch & block him/her.
Bosum - basically spammers set up a bogus name and start a new thread (or 5) that is selling things or trying to get you to click on a link that may take you to a bad, unsecure place.
Edited to say - you probably won't see much spam unless you are checking the 'active topics' area with some regularity.
-
It IS rampant. Thread after thread,to the point the whole first page or two of active threads is all spam posts.
-
I disagree. I generally check the active thread once or twice a day and usually only find spam once a week. I will admit that when it happens, the individual spammer gets away with 5-9 posts before he's reported & stopped. Maybe someone else is checking every hour on the hour and reporting things I don't see.
-
I don't know how many people use active threads, I don't much. The point is the spam IS as Melissa says, rampant and it is potentially very dangerous. I'm not scaremongering - its a fact. The important thing to note is that this is on the landing page. (Main page when you first come to BCO Forums.) and this is extremely off-putting to those who know a little about the dangers of spam. I would recommend anyone who values even a modicum of security and privacy, to read ceannas thread from one end to the other .... (yeah sure, just ignore the parts that go a little offtrack at times but there's a lot of good info)
https://community.breastcancer.org/forum/93/topics/844776?page=1
For anyone who doubts there has been a pretty serious problem with spam, please take a look here at my screenshots a few months back. Sometimes I would be seeing this daily for extended periods. (scroll down the page about a third)
https://community.breastcancer.org/forum/93/topics/844776?page=8
The steps minus has noted above are wise.
trying to get you to click on a link that may take you to a bad, unsecure place.
...and these days you can easily get "driveby downloads" (ie trojans backdoors rootkits and the like) just by going to such a site (by innocently following the link). The thing is people cannot be expected to know these things without being told and the shame of it is that that it is expected of us to know. It's a catch 22.
Personally if I got such a driveby which potentially hooks deep into the system I would never trust my computer again. Solution for me: ZERO OUT MY DRIVE promptly and re-install the OS. When I say zero out, I don't mean just a simple reformat which basically wipes the "pointers" to system files etc. The files themselves are still very much there until physically overwritten and with the right tools are thus still recoverable - hence trojans and other scumware can survive quick reformats.
For the most part, almost all people are going to have to take their computer to a tech place to re-install = cost. All this just because of one of many pitfall of internet life - spam.
Editing to fix links -
Spam IS very much rampant on this board and one doesn't have to be checking every hour on the hour to see it. In fact, it's there right now. If I come on late at night, it's unusual NOT to see it
-
I see fifteen spam posts on the first two pages. That is about 1/4 of the threads in active topics
-
Hmmm. I wonder why some see it a lot and some of us see it infrequently?
-
time of day maybe? Or luck of the draw just like how we got BC.....
-
Hmmm...Perhaps you aren't looking at the same time of day I am. I assure you they are there and that the moderators go back and delete the ones I am referring to. Do you believe "male enhancement" and limks to boxing matches are appropriate posts here?
How do you believe new members feel when they click on links in " not diagnosed but worried" and find they are spam posts
-
Last night when I came here this is what I saw. In both cases the posts had been deleted, but still appeared on the main page. Mods, surely there is a way to have these orphan references deleted as well?
Edited to add, the reference to the last entry (just above) is still there 13 hours later. It seems to be that it will remain there until someone posts in that subforum.
-
Many of the thread titles are plausible, so unless you look at them, you wouldn't know it was spam. However, the body of the post typically is mishmash and links.
-
Well the hxxp:// ones raise a red flag, thus the others are more dangerous because people are more likely to innocently/inadvertently click on them.
As I've already said, it's left up to the individual to protect themselves. Hacking comes in many forms and prevention is always going to be better than cure, but few people know or want to know (understandably) how to keep themselves safe (like using a sandboxed browser; configuring firewalls; using script blockers etc). These days hackers aren't about silly little pranks that appear on your screen, it's about planting backdoors on your system and remaining undiscovered, like your computer being included in a botnet, without you being aware, thus sucking your bandwidth. It's about gleaning as much information about you as possible for ID theft or other nefarious purposes.
-
And...we once again have a slew of spam posts flooding the forum.
-
So I checked the active thread at 11;45 my time & just checked again shortly after 1:15am - that's an hour and a half. I see your post that there was spam 50 minutes ago, but it's not there now so apparently the mods are responding very quickly.
-
No brains necessary to spot the difference here. That any spam at all reaches the board means there's a problem, no matter how quickly it's eradicated. This mess below shows more proof it's happening and regularly.
-
Yowzer!!!! The spamming is crazy today !!!
-
Here is an example of the sort of spam that I see a lot.
I just took this screen shot a few minutes ago. Sorry that it's not very clear; what it shows are 5 spam posts from someone named 'Jopaykumusta' who just joined the board today (probably about 40 minutes ago, right before these posts were made). The posts all have subject lines that give the appearance of being breast cancer related, but they are all just a little bit 'off', which is what gives them away as being spam. Some of the subject lines here are: "Thousands Women Campaign" "LCIS after microinvasion Test Yesterday" "Color sample of my biopsy"...
These types of spam posts, when you open then, usually have a short paragraph that sounds almost legitimate, but it's followed by links to movies or videos or websites or something like that.
This is the type of spam that I see (and report) most often, and it is to me the most concerning, since it's not as obvious as the ones that include a website in the subject line, or the ones that have a completely nonsensical subject line. These tend to get a lot of views because they appear to be legitimate posts.
I suspect that many people don't catch these types of spam posts, and that's probably why some people don't think spam is a problem.
Spam is a problem. There have been days when I'm scanning the board, sign on to delete a series of 5 or 6 of these types of spam posts, and by the time I'm done and about to sign off, I see that another 5 or 6 have popped up from some other new user name. There have been days when I've reported 15 or 20 of these in a row.
-
Spam and hacking are two different things, so don't assume because you see the former, you will be affected by the latter. BCO is a very old site with code built on code, built on code. No doubt they'll put a fire throughthe backend with the forthcoming upgrade, and produce a site that should be virtually spam free. Meanwhile, the mods will be working extra hard.
-
I think the most spam posts I reported in a single session was 21. I paid dearly with all of the automated messages I got from BCO that night and the next morning. On that occasion, I was hoping that we could get the posts removed by the community until the mods showed up the next morning to permanently delete. Otherwise, I wouldn't have subjected myself to that.
Musical, I'm with you that these orphan references to deleted spam posts that continue to show are frustrating and clutter the board. It just gives the site an unprofessional feeling when it happens so often and so heavily. I think many are repeat offenders that come back night after night and then change to different tactics. To add to Beesie's point about the subject titles, I remember when the bulk of our spam was mostly random letters strung together, and then I remember one night a couple years back when (although I don't remember the exact details) a spammer posted a link to a thread where we were discussing spam. The next few days after that, when I would see spam, it was primarily like Beesie discussed above, where the title seems oddly-worded, but clearly the offender has browsed the boards enough to gather some words or phrases they think will be convincing to someone in order to get them to click on the thread. Because we have such an issue with spam here, I feel like BCO is probably on some vile spammer list somewhere that gets shared among these scumbags that lists sites that are easy to infiltrate.
I agree with Traveltext that spamming and hacking are two different things. I have never worried about being hacked here more than anywhere else, but I obviously worry about the ease with which the board gets plastered by junk with junk.
Perhaps Beesie is correct above that maybe it's the site-specific subject lines that are throwing some people and making them think we don't really have a spam problem. I think that probably accounts for at least some of it. All I know is I made a really funny, contorted, confused face when I read the couple of posts up-thread in which users didn't think we have a problem here.
-
lintrollerderby, it is possible to use BCO regularly and not see the spam. I check the posts I'm interested each evening when it would be early am in the US) including the listing of active posts, and I haven't seen any of those spam subject lines for many months.
-
"No doubt they'll put a fire through the backend with the forthcoming upgrade, and produce a site that should be virtually spam free."
Traveltext, I wish I shared your optimism. I have been on this site for 11 years. There was a time when the spam was much worse than it is now - literally 100s of spam posts at a time, rendering the board completely unusable - and if I remember correctly, that problem was finally resolved when the '5 post rule' for newbies was put in place. The level of spam that we have now has been pretty consistent for quite a number of years, and we've gone through quite a few upgrades over that time. I don't see how the type of spam that I highlighted in my earlier post can be stopped by an upgrade; those posts appear legitimate, after all. I think that only a rule change can stop this type of spam, either a rule that requires that all newbies posts must be verified before they show up on the board, or a rule that blocks any newbie posts that include website links and urls. That might work at cutting back on the spam, but it would also restrict the types of posts that we get from legitimate new members, and my impression is that BCO doesn't want to do that.
-
Hi Traveltext. I didn't say that it isn't possible to visit BCO regularly and not see spam. Sometimes that happens to me--I just wind up missing it. I was saying I was surprised by people who, though multiple people said there was a problem with spam, didn't think it was the case
-
I used to do only what Traveltext stated - check the threads I'm particularly interested in each day. Now I usually also check the 'active topics' a couple of times a day. I rarely go to the "all topics" section. That said - I do see spam & I do report spam, but I certainly do not see it every day or every time I sign on. And I regularly check & read even the new posts that sound weird since I agree with Lintroller, you really can't tell w/o reading some of them. I have reported a couple that I though were 'bogus' even if they didn't jump out as spam. I agree, that part of it might be the time of day. As Beesie said, I don't think BCO wants to put too many road blocks in the way of people who are newly diagnosed and scared - as we all once were.
Categories
- All Categories
- 679 Advocacy and Fund-Raising
- 289 Advocacy
- 68 I've Donated to Breastcancer.org in honor of....
- Test
- 322 Walks, Runs and Fundraising Events for Breastcancer.org
- 5.6K Community Connections
- 282 Middle Age 40-60(ish) Years Old With Breast Cancer
- 53 Australians and New Zealanders Affected by Breast Cancer
- 208 Black Women or Men With Breast Cancer
- 684 Canadians Affected by Breast Cancer
- 1.5K Caring for Someone with Breast cancer
- 455 Caring for Someone with Stage IV or Mets
- 260 High Risk of Recurrence or Second Breast Cancer
- 22 International, Non-English Speakers With Breast Cancer
- 16 Latinas/Hispanics With Breast Cancer
- 189 LGBTQA+ With Breast Cancer
- 152 May Their Memory Live On
- 85 Member Matchup & Virtual Support Meetups
- 375 Members by Location
- 291 Older Than 60 Years Old With Breast Cancer
- 177 Singles With Breast Cancer
- 869 Young With Breast Cancer
- 50.4K Connecting With Others Who Have a Similar Diagnosis
- 204 Breast Cancer with Another Diagnosis or Comorbidity
- 4K DCIS (Ductal Carcinoma In Situ)
- 79 DCIS plus HER2-positive Microinvasion
- 529 Genetic Testing
- 2.2K HER2+ (Positive) Breast Cancer
- 1.5K IBC (Inflammatory Breast Cancer)
- 3.4K IDC (Invasive Ductal Carcinoma)
- 1.5K ILC (Invasive Lobular Carcinoma)
- 999 Just Diagnosed With a Recurrence or Metastasis
- 652 LCIS (Lobular Carcinoma In Situ)
- 193 Less Common Types of Breast Cancer
- 252 Male Breast Cancer
- 86 Mixed Type Breast Cancer
- 3.1K Not Diagnosed With a Recurrence or Metastases but Concerned
- 189 Palliative Therapy/Hospice Care
- 488 Second or Third Breast Cancer
- 1.2K Stage I Breast Cancer
- 313 Stage II Breast Cancer
- 3.8K Stage III Breast Cancer
- 2.5K Triple-Negative Breast Cancer
- 13.1K Day-to-Day Matters
- 132 All things COVID-19 or coronavirus
- 87 BCO Free-Cycle: Give or Trade Items Related to Breast Cancer
- 5.9K Clinical Trials, Research News, Podcasts, and Study Results
- 86 Coping with Holidays, Special Days and Anniversaries
- 828 Employment, Insurance, and Other Financial Issues
- 101 Family and Family Planning Matters
- Family Issues for Those Who Have Breast Cancer
- 26 Furry friends
- 1.8K Humor and Games
- 1.6K Mental Health: Because Cancer Doesn't Just Affect Your Breasts
- 706 Recipe Swap for Healthy Living
- 704 Recommend Your Resources
- 171 Sex & Relationship Matters
- 9 The Political Corner
- 874 Working on Your Fitness
- 4.5K Moving On & Finding Inspiration After Breast Cancer
- 394 Bonded by Breast Cancer
- 3.1K Life After Breast Cancer
- 806 Prayers and Spiritual Support
- 285 Who or What Inspires You?
- 28.7K Not Diagnosed But Concerned
- 1K Benign Breast Conditions
- 2.3K High Risk for Breast Cancer
- 18K Not Diagnosed But Worried
- 7.4K Waiting for Test Results
- 603 Site News and Announcements
- 560 Comments, Suggestions, Feature Requests
- 39 Mod Announcements, Breastcancer.org News, Blog Entries, Podcasts
- 4 Survey, Interview and Participant Requests: Need your Help!
- 61.9K Tests, Treatments & Side Effects
- 586 Alternative Medicine
- 255 Bone Health and Bone Loss
- 11.4K Breast Reconstruction
- 7.9K Chemotherapy - Before, During, and After
- 2.7K Complementary and Holistic Medicine and Treatment
- 775 Diagnosed and Waiting for Test Results
- 7.8K Hormonal Therapy - Before, During, and After
- 50 Immunotherapy - Before, During, and After
- 7.4K Just Diagnosed
- 1.4K Living Without Reconstruction After a Mastectomy
- 5.2K Lymphedema
- 3.6K Managing Side Effects of Breast Cancer and Its Treatment
- 591 Pain
- 3.9K Radiation Therapy - Before, During, and After
- 8.4K Surgery - Before, During, and After
- 109 Welcome to Breastcancer.org
- 98 Acknowledging and honoring our Community
- 11 Info & Resources for New Patients & Members From the Team