Suspicious new forum members
Re: Suspicious new forum members
I think it might be best if the feature which which allows links to be posted with text appearing instead of the website address were disabled. It's probably only a matter of time before a spammer or worse infiltrates the forum and uses that feature to conceal a malware link, i.e.
https://www.obviouslydodgylookinglink.com vs. This link is about bikes and is completely safe to click
https://www.obviouslydodgylookinglink.com vs. This link is about bikes and is completely safe to click
Re: Suspicious new forum members
Excellent point.slowster wrote: ↑5 Apr 2021, 9:56pm I think it might be best if the feature which which allows links to be posted with text appearing instead of the website address were disabled. It's probably only a matter of time before a spammer or worse infiltrates the forum and uses that feature to conceal a malware link, i.e.
https://www.obviouslydodgylookinglink.com vs. This link is about bikes and is completely safe to click
'Give me my bike, a bit of sunshine - and a stop-off for a lunchtime pint - and I'm a happy man.' - Reg Baker
-
- Posts: 36781
- Joined: 9 Jan 2007, 2:44pm
Re: Suspicious new forum members
I agree. I'm also unclear what benefit there is to the wider forum membership of having a website in a user's signature. It seems to be wide open to abuse eg waffle on with several posts across the forum, then add a website to whatever you are selling or promoting. NB I'm not saying this is inevitably a bad thing, just that the potential for abuse may exceed the value. eg I've just noticed a member who hasn't posted who has a website offering online abortion. Others promote refuse collection services. (To see what I'm waffling about, go to the members page, click on the heading of the "posts" column, then click again to see them lot to high.)pete75 wrote: ↑6 Apr 2021, 7:02amExcellent point.slowster wrote: ↑5 Apr 2021, 9:56pm I think it might be best if the feature which which allows links to be posted with text appearing instead of the website address were disabled. It's probably only a matter of time before a spammer or worse infiltrates the forum and uses that feature to conceal a malware link, i.e.
https://www.obviouslydodgylookinglink.com vs. This link is about bikes and is completely safe to click
- ncutler
- Moderator
- Posts: 1493
- Joined: 23 Apr 2007, 5:29pm
- Location: Forest of Bowland Lancashire
- Contact:
Re: Suspicious new forum members
Please do report any posts that might be problematic: they will be jumped on very quickly; and please use a keyword such as 'suspicious' in the report header: that way it stands out from any non urgent requests for merging topics etc.
The reporting system can be used for other alerts as well. I have only just come across this thread and might not have seen it for ages - if it was reported I would have been aware sooner.
I totally agree that ouir main bulwark against this sort of spamming is the vigilance of members: the forum is very fortunate to have a hard core of involved contributors who are on watch. Thank you all.
The reporting system can be used for other alerts as well. I have only just come across this thread and might not have seen it for ages - if it was reported I would have been aware sooner.
I totally agree that ouir main bulwark against this sort of spamming is the vigilance of members: the forum is very fortunate to have a hard core of involved contributors who are on watch. Thank you all.
No pasaran
- ncutler
- Moderator
- Posts: 1493
- Joined: 23 Apr 2007, 5:29pm
- Location: Forest of Bowland Lancashire
- Contact:
Re: Suspicious new forum members
"To see what I'm waffling about, go to the members page, click on the heading of the "posts" column, then click again to see them lot to high."
Excellent idea. I'll have a confab with the others to see what we can do about removing all of them.
Excellent idea. I'll have a confab with the others to see what we can do about removing all of them.
No pasaran
Re: Suspicious new forum members
Further to my post above, it's also possible to use the 'link behind text function' to create a link with what appears to be a familar and safe website address, but which goes to a completely different website, i.e.:
www.sheepsclothing.com
https://www.sheepsclothing.com
www.sheepsclothing.com
https://www.sheepsclothing.com
Re: Suspicious new forum members
I don't think that's really necessary. I make a point of always hovering the mouse pointer over any link before I click on it - then I can see the actual website address at bottom left of the screen (at least, that works with Chrome and Firefox, the browsers I use). Unless the clever spammers can spoof that function too....?slowster wrote: ↑5 Apr 2021, 9:56pm I think it might be best if the feature which which allows links to be posted with text appearing instead of the website address were disabled. It's probably only a matter of time before a spammer or worse infiltrates the forum and uses that feature to conceal a malware link, i.e.
https://www.obviouslydodgylookinglink.com vs. This link is about bikes and is completely safe to click
Suppose that this room is a lift. The support breaks and down we go with ever-increasing velocity.
Let us pass the time by performing physical experiments...
--- Arthur Eddington (creator of the Eddington Number).
Let us pass the time by performing physical experiments...
--- Arthur Eddington (creator of the Eddington Number).
-
- Posts: 36781
- Joined: 9 Jan 2007, 2:44pm
Re: Suspicious new forum members
Going back to my brief period as a spambuster, the forum was occasionally blitzed with spam advertising "gold." At that time I pointed out the website thing and he zapped them as they registered. IIRC that was before the days of new members submitting a test past for approval.
Perhaps some of these tactics went with Graham.
However, rejecting obvious spammers before they can join, doesn't tackle those who join looking innocent, lurk, then attach a website.
A couple of posts while I was scribing. It shouldn't depend on the computer skills of genuine users to avoid malicious links
Perhaps some of these tactics went with Graham.
However, rejecting obvious spammers before they can join, doesn't tackle those who join looking innocent, lurk, then attach a website.
A couple of posts while I was scribing. It shouldn't depend on the computer skills of genuine users to avoid malicious links
Re: Suspicious new forum members
I've just set "Allow use of links in user signatures:" to be "no".
Re: Suspicious new forum members
What do you define as 'computer skills'? I merely suggested hovering the mouse over a suspect link - not much skill in that! And, notwithstanding a lifetime career in software, I'm not at all computer-savvy. Most of my work was in embedded software, not meant to be run on a computer.thirdcrank wrote: ↑6 Apr 2021, 10:32amA couple of posts while I was scribing. It shouldn't depend on the computer skills of genuine users to avoid malicious links
But you are right in that if it needs ability to delve right into a dodgy site's intimate details to find out that it's dodgy - then that does need skills that most people haven't got.
And sometimes even the experts fall for it. A former colleague of mine, a software engineer who is computer-literate and was working in Windows software, fell for a 'ransomware' trick on her home computer. How that came about I don't know: I didn't want to question her seeing as she was very embarrassed and in tears over it. All one can say is, "Beware!"...
Suppose that this room is a lift. The support breaks and down we go with ever-increasing velocity.
Let us pass the time by performing physical experiments...
--- Arthur Eddington (creator of the Eddington Number).
Let us pass the time by performing physical experiments...
--- Arthur Eddington (creator of the Eddington Number).
-
- Posts: 36781
- Joined: 9 Jan 2007, 2:44pm
Re: Suspicious new forum members
I'll put it another way. A link hidden behind text should be 100% OK on a safe site. I'm not sure of the right vocabulary but if I go on the BBC www and click on a link I can be confident it's kosher as only BBC bods can - in theory - create those links. And such links can make a site easier to use and make everything look neater.
On a site like this forum, anybody can post a link and hide it behind text. It can be the equivalent of digging a big hole and disguising it with twigs and foliage to ambush wild animals. Except that the wild animals may be form members.
========================================
PS I've just spotted Fonant's post. Put's on squeaky voice, brandishes chunk of lignum vitae and shouts "That's the way to do it, that's the way to do it!"
On a site like this forum, anybody can post a link and hide it behind text. It can be the equivalent of digging a big hole and disguising it with twigs and foliage to ambush wild animals. Except that the wild animals may be form members.
========================================
PS I've just spotted Fonant's post. Put's on squeaky voice, brandishes chunk of lignum vitae and shouts "That's the way to do it, that's the way to do it!"
Last edited by thirdcrank on 6 Apr 2021, 10:57am, edited 1 time in total.
-
- Posts: 1037
- Joined: 4 Oct 2007, 8:15pm
Re: Suspicious new forum members
thirdcrank wrote: ↑6 Apr 2021, 10:53am I'll put it another way. A link hidden behind text should be 100% OK on a safe site. I'm not sure of the right vocabulary but if I go on the BBC www and click on a link I can be confident it's kosher as only BBC bods can - in theory - create those links. And such links can make a site easier to use and make everything look neater.
On a site like this forum, anybody can post a link and hide it behind text. It can be the equivalent of digging a big hole and disguising it with twigs and foliage to ambush wild animals. Except that the wild animals may be form members.
Hopefully, the wild animals are only a tiny fraction of forum members.
Red in tooth and claw!
Raleigh Randonneur 708 (Magura hydraulic brakes); Blue Raleigh Randonneur 708 dynamo; Pearson Compass 631 tourer; Dawes One Down 631 dynamo winter bike;Raleigh Travelogue 708 tourer dynamo; Kona Sutra; Trek 920 disc Sram Force.
-
- Posts: 36781
- Joined: 9 Jan 2007, 2:44pm
Re: Suspicious new forum members
I was trying to say that unsuspecting, innocent form members might easily end up ambushed.markjohnobrien wrote: ↑6 Apr 2021, 10:56am
Hopefully, the wild animals are only a tiny fraction of forum members.
Red in tooth and claw!
Re: Suspicious new forum members
One problem with disallowing links behind text, is that the 'raw' link may be extremely long. For example this which is a perfectly innocent Google search result. If I had posted the raw link no-one would have made sense of this post!
Suppose that this room is a lift. The support breaks and down we go with ever-increasing velocity.
Let us pass the time by performing physical experiments...
--- Arthur Eddington (creator of the Eddington Number).
Let us pass the time by performing physical experiments...
--- Arthur Eddington (creator of the Eddington Number).
Re: Suspicious new forum members
Agreed. The link URL may not even provide any useful information as to whether it's a dodgy or not.
It's also very easy to hide a dodgy-looking URL behind a shortening service, or hacked-site-redirect.
So I think we keep things as they are. The benefits massively outweigh any disadvantages.
It's also very easy to hide a dodgy-looking URL behind a shortening service, or hacked-site-redirect.
So I think we keep things as they are. The benefits massively outweigh any disadvantages.