Suspicious new forum members

[slowster]

I think it might be best if the feature which which allows links to be posted with text appearing instead of the website address were disabled. It's probably only a matter of time before a spammer or worse infiltrates the forum and uses that feature to conceal a malware link, i.e.

https://www.obviouslydodgylookinglink.com vs. This link is about bikes and is completely safe to click

[pete75]

I think it might be best if the feature which which allows links to be posted with text appearing instead of the website address were disabled. It's probably only a matter of time before a spammer or worse infiltrates the forum and uses that feature to conceal a malware link, i.e.

https://www.obviouslydodgylookinglink.com vs. This link is about bikes and is completely safe to click

Excellent point.

[thirdcrank]

I think it might be best if the feature which which allows links to be posted with text appearing instead of the website address were disabled. It's probably only a matter of time before a spammer or worse infiltrates the forum and uses that feature to conceal a malware link, i.e.

https://www.obviouslydodgylookinglink.com vs. This link is about bikes and is completely safe to click

Excellent point.

I agree. I'm also unclear what benefit there is to the wider forum membership of having a website in a user's signature. It seems to be wide open to abuse eg waffle on with several posts across the forum, then add a website to whatever you are selling or promoting. NB I'm not saying this is inevitably a bad thing, just that the potential for abuse may exceed the value. eg I've just noticed a member who hasn't posted who has a website offering online abortion. Others promote refuse collection services. (To see what I'm waffling about, go to the members page, click on the heading of the "posts" column, then click again to see them lot to high.)

[ncutler]

Please do report any posts that might be problematic: they will be jumped on very quickly; and please use a keyword such as 'suspicious' in the report header: that way it stands out from any non urgent requests for merging topics etc.

The reporting system can be used for other alerts as well. I have only just come across this thread and might not have seen it for ages - if it was reported I would have been aware sooner.

I totally agree that ouir main bulwark against this sort of spamming is the vigilance of members: the forum is very fortunate to have a hard core of involved contributors who are on watch. Thank you all.

[ncutler]

"To see what I'm waffling about, go to the members page, click on the heading of the "posts" column, then click again to see them lot to high."

Excellent idea. I'll have a confab with the others to see what we can do about removing all of them.

[slowster]

Further to my post above, it's also possible to use the 'link behind text function' to create a link with what appears to be a familar and safe website address, but which goes to a completely different website, i.e.:

www.sheepsclothing.com

https://www.sheepsclothing.com

[661-Pete]

I think it might be best if the feature which which allows links to be posted with text appearing instead of the website address were disabled. It's probably only a matter of time before a spammer or worse infiltrates the forum and uses that feature to conceal a malware link, i.e.

https://www.obviouslydodgylookinglink.com vs. This link is about bikes and is completely safe to click

I don't think that's really necessary. I make a point of always hovering the mouse pointer over any link before I click on it - then I can see the actual website address at bottom left of the screen (at least, that works with Chrome and Firefox, the browsers I use). Unless the clever spammers can spoof that function too....?

[thirdcrank]

Going back to my brief period as a spambuster, the forum was occasionally blitzed with spam advertising "gold." At that time I pointed out the website thing and he zapped them as they registered. IIRC that was before the days of new members submitting a test past for approval.

Perhaps some of these tactics went with Graham.

However, rejecting obvious spammers before they can join, doesn't tackle those who join looking innocent, lurk, then attach a website.

A couple of posts while I was scribing. It shouldn't depend on the computer skills of genuine users to avoid malicious links

[admin]

I've just set "Allow use of links in user signatures:" to be "no".

[661-Pete]

A couple of posts while I was scribing. It shouldn't depend on the computer skills of genuine users to avoid malicious links

What do you define as 'computer skills'? I merely suggested hovering the mouse over a suspect link - not much skill in that! And, notwithstanding a lifetime career in software, I'm not at all computer-savvy. Most of my work was in embedded software, not meant to be run on a computer.

But you are right in that if it needs ability to delve right into a dodgy site's intimate details to find out that it's dodgy - then that does need skills that most people haven't got.

And sometimes even the experts fall for it. A former colleague of mine, a software engineer who is computer-literate and was working in Windows software, fell for a 'ransomware' trick on her home computer. How that came about I don't know: I didn't want to question her seeing as she was very embarrassed and in tears over it. All one can say is, "Beware!"...

[thirdcrank]

I'll put it another way. A link hidden behind text should be 100% OK on a safe site. I'm not sure of the right vocabulary but if I go on the BBC www and click on a link I can be confident it's kosher as only BBC bods can - in theory - create those links. And such links can make a site easier to use and make everything look neater.

On a site like this forum, anybody can post a link and hide it behind text. It can be the equivalent of digging a big hole and disguising it with twigs and foliage to ambush wild animals. Except that the wild animals may be form members.

========================================

PS I've just spotted Fonant's post. Put's on squeaky voice, brandishes chunk of lignum vitae and shouts "That's the way to do it, that's the way to do it!"

[markjohnobrien]

I'll put it another way. A link hidden behind text should be 100% OK on a safe site. I'm not sure of the right vocabulary but if I go on the BBC www and click on a link I can be confident it's kosher as only BBC bods can - in theory - create those links. And such links can make a site easier to use and make everything look neater.

On a site like this forum, anybody can post a link and hide it behind text. It can be the equivalent of digging a big hole and disguising it with twigs and foliage to ambush wild animals. Except that the wild animals may be form members.

Hopefully, the wild animals are only a tiny fraction of forum members.

Red in tooth and claw!

[thirdcrank]

Hopefully, the wild animals are only a tiny fraction of forum members.

Red in tooth and claw!

I was trying to say that unsuspecting, innocent form members might easily end up ambushed.

[661-Pete]

One problem with disallowing links behind text, is that the 'raw' link may be extremely long. For example this which is a perfectly innocent Google search result. If I had posted the raw link no-one would have made sense of this post!

[admin]

Agreed. The link URL may not even provide any useful information as to whether it's a dodgy or not.

It's also very easy to hide a dodgy-looking URL behind a shortening service, or hacked-site-redirect.

So I think we keep things as they are. The benefits massively outweigh any disadvantages.