To cut a long story short, the user has been identified as malicious because they've started two threads, which a quick Google search reveals are cut/pasted from two different Reddit forum users' posts from several years ago. Accounts with the same username were opened on several other forums and used to start threads (also using content cut/pasted from Reddit) on the exact same date/time as the posts on here. This has happened several times before following exactly the same pattern, and each time, the user has later edited their posts to include URLs which are totally unconnected to the content and appear to be malicious (things like www dot routerlogin etc) which I don't understand but certainly wouldn't want to be clicking on. I've reported these posts, made warnings on the relevant threads and started a thread in this section to warn forum members about what appears to be going on - because members are simply not recognising these malicious new accounts and continue to reply to their threads to this day.
On this thread I've been discussing with Vorpal, I'd originally posted a brief, blunt warning as follows: 'For those of you that don't mind wasting their time replying to this sort of 'fire and forget' poster, you ought to be aware that, in this case, the OP has no interest in cycling, and is a spammer, scammer or hacker - probably a bot.' I later reported the thread, but no action was taken so, when users continued to reply to the thread, I posted the following more detailed warning/explanation:
Vorpal acted by deleting my post above, whilst allowing the malicious user to remain a member, leaving their two threads live where they both continue to attract new posts. After we'd exchanged PMs about this, I was notified that this user "has a user ID set to reactivation; meaning that they cannot log in without reactivation & every post will require approval." I asked Vorpal about this forum functionality, and was asked to redirect my questions to @admin - so here goes:DevonDamo wrote: ↑7 Aug 2021, 10:37am The OP might be interested in the following discussion which appeared 4 years ago on Reddit:
https://www.reddit.com/r/bicycling/comm ... o_running/
And, while I'm at it, with regards to the other thread the OP started on here, they might be interested in the following discussion which appeared 3 years ago on Reddit:
https://www.reddit.com/r/cycling/commen ... sic_tools/
I reported this OP and their posts a few weeks back, but I'd just made a fat-fingered blunder (mistaking a different user for this OP) so it's my fault that this OP and their threads are still with us - sorting out the feathers I'd ruffled appears to have been the priority at that time. These cut and paste posts have become a relatively frequent occurrence though, so rather than accusing anyone of malicious intent in future, I'll simply post links as I have done above so you can decide for yourselves. (When these threads copied from Reddit have appeared previously, whoever is doing it has done the same across multiple forums at once, and their modus operandi has been to later edit their posts to include URLs which I'm not clued-up enough to understand, but didn't look like anything I'd want to click on from a cybersecurity point of view.)
1. Does this 'ID set to reactivation' status guarantee that this user will not be able to edit their existing posts to insert malicious URLs?
2. Does this offer any benefit over simply deleting the malicious account as has been done previously? Is there any reason we'd want such users to remain members?
3. In the thread I've started about this problem, everyone (users, moderators, 'spambusters' etc.) was in universal agreement that all forum users need to be vigilant about threats like this and to report where we see them. Are warnings/explanations about threats not helpful in this regard, and is it not an own-goal to delete them?