[aerosayan]

Hey mods,


I noticed someone copy part of one of my previous posts and paste it on the main forum with two added links omegle[dot]onl and xender[dot]vip


https://www.cfd-online.com/Forums/ma...ved-types.html


ARCHIVE : https://archive.vn/crNbj



I believe this is a "Forum Posting" spam to create backlinks to those websites.
I reported the post, and gave a sufficient reason behind my doubts.


Hopefully I'm wrong. But I think it might be interesting to the admins.


Regards
~Sayan

[aerosayan]

Dear Admins,


I was not wrong.

This backlink spamming is quite prevalent and it's damaging the site's integrity.


A spammer asks a question, then when a member spends their time on answering the question, the spammer edits the question or any other post on that thread to include backlinks to other paid websites.


Including backlinks pay them quite well and they won't stop.


However since the spammers are going to the top of the forum and using up the valuable time and investment of other contributing members, this effectively damages the whole forum.


The good users won't get their questions answered since the spammers are using up the valueable time of the contributing members. And the contributing members might leave when they realize that their effort to help was wasted, and they get demoralized.


I'm afraid even I answered to one of their bogus question, then they included the backlink later on.


For example : user alexsunny123 asked 6 questions and had them answered. All 6 of them now contain backlinks to other websites.


https://www.cfd-online.com/Forums/ma...ade-flows.html
https://www.cfd-online.com/Forums/ma...ound-jets.html
https://www.cfd-online.com/Forums/ma...ate-k-les.html
https://www.cfd-online.com/Forums/ma...bout-eddy.html
https://www.cfd-online.com/Forums/ma...-rotation.html
https://www.cfd-online.com/Forums/ma...cient-air.html


I got some ideas on how to take care of these spammers.
I'm moderately good in cybersecurity and do CTF challenges for fun.
I can help you out on how to mitigate this.


Regards
~Sayan

[jola]

We are working hard on keeping the forums free from spam. Sometimes spam sneaks through our filters and then users can report these spam posts by clicking on the "Report Post" icon . Please do that as soon as you see a suspicious post.

We are several active moderators who get these reports and it is a quick task to review and delete these reported posts. It took me just a few seconds to remove all the spam-posts that you had found from a user.

When we delete spam the offending user is also permanently banned from CFD Online and our system automatically reports all IP numbers used by this user to several spam-databases. Some of our spam-filters also use these spam-databases to filter out spam messages.

[aerosayan]

Quote:

Originally Posted by jola

We are working hard on keeping the forums free from spam. Sometimes spam sneaks through our filters and then users can report these spam posts by clicking on the "Report Post" icon . Please do that as soon as you see a suspicious post.

We are several active moderators who get these reports and it is a quick task to review and delete these reported posts. It took me just a few seconds to remove all the spam-posts that you had found from a user.

When we delete spam the offending user is also permanently banned from CFD Online and our system automatically reports all IP numbers used by this user to several spam-databases. Some of our spam-filters also use these spam-databases to filter out spam messages.

Hello Jonas,



Thanks for taking strong action against such spam.
I like that you are banning the spam accounts, but I'm not sure about the IP being blocked or reported. Many of these spams will piggy back off of botnets or residential IPs that were sold off by one of those "Free VPN" providers.


Here is a video by Johny Xmass which shows how to evade many of the WAFs and how to aquire new IPs (even residentail IPs) to let the attacker keep spamming : https://youtu.be/nKJmgE-dYds

The reason I normally don't like IP bans, is because most moderate/advanced attackers don't expose their real IP, and some innocent person's IP gets blacklisted. In some cases whole countries like India, Bangladesh, Vietnam gets blacklisted, since there are so many infected zombie botnets in those countries.

Since there is no captcha on the site, most spams can be automated using random IPs. This makes the site a really lucrative target for these automated spams.



Based on your description of your filter list, it seems that it is a blacklist. While normally I wouldn't recommend blacklists as a form of protection against OWASP Top 10 attacks, I think that they might just work really well to stop backlinking spam.


After all, if you block any link to these blacklisted sites (like omegle, chaturbate), you prevent any other spammer from posting backlinks to these sites in future, and you cut their source of revenue.


I think it might work really well.


However I don't know if your filter list actually blocks links to these sites or not. I don't think they are.



As I reported above, the spammers are now including the backlinks after someone has answered their question. People miss those links and they can't be reported to you unfortunately.


Regards
~Sayan

[jola]

We run several types of spam filters and we automatically block about 95% of all spam. We use a commercial ModSecurity based filter from AtomiCorp, an Akismet based spam-filter coupled to our forum software and our own bayesian/IP-range/keyword based filter.

Repeated offenders are blocked for longer times using a Fail2ban filter. Suspicious messages marked by our spam-filters are moved for manual moderation. And messages that still sneak by can easily be reported by our users.

We only do IP based blocks when we have special problems with an IP range. And if we have several registered users in a problematic IP range we as long as possible try to avoid IP based blocks. We have a few such ranges that we unfortunately have been forced to block.