# Ecigssa spam alerts



## ivc_mixer

Logged in now, saw this....

Reactions: Thanks 1 | Can relate 2


----------



## Jengz

Got the same thing my side with @sagaag215 the only one with comments in each of those threads


----------



## Jengz

Member since today and seems to be causing a bunch of crap

Reactions: Agree 2 | Funny 1


----------



## ivc_mixer

And I'm not sure if it is because I logged this thread under 'off topic' but it does not appear on the main forum screen either?


----------



## Jengz

ivc_mixer said:


> And I'm not sure if it is because I logged this thread under 'off topic' but it does not appear on the main forum screen either?


It will only appear in the off topic tab

Reactions: Agree 2


----------



## Slick



Reactions: Winner 1 | Thanks 1 | Informative 1


----------



## DizZyRaScaL

Same here... Seems to be a hack


----------



## Silver

Thanks @ivc_mixer , glad you took a screenshot of it

I saw the same thing when I logged in at about 6am 

Not to worry, we deleted all those threads as spam and those users (there were actually two of them) have been removed. Our spam module takes care of the rest.

Forum software looks intact to me so it doesn’t appear anything was “hacked”. Just a member that signed up and started posting all the spam. 

Will get the technical team to have a look and just check that nothing else was damaged but I don’t think so.

Vape on!

Reactions: Like 4 | Agree 1 | Winner 1 | Thanks 3


----------



## Silver

PS - thanks for reporting one of those threads @CTRiaan 
And yes, @Jengz is correct, this thread would appear only in the off topic tab on the front page, not the general vape discussions.

Reactions: Like 2


----------



## RainstormZA

Seems like you need to beef up the security on the forums @Silver. I can't remember if I had to do a captcha before signing up as a new member. This would be a very good idea if it's not being used. It's scary how spambots have increased in number.

Reactions: Like 2 | Agree 1 | Thanks 1


----------



## CTRiaan

You're welcome, @Silver.

For future reference, should we report something like that or tag admin?

Reactions: Like 1


----------



## RainstormZA

I'll test the security on that sign up form. 

EDIT: I had a look at the sign up page, it's not very secure. It's easy for a spambot to mimic a human controller and they are getting programmed better and better to fill these forms automatically. Basically that script for detecting spam is no good. How many spammers have been let through? Quite a few in my opinion. 




Basically there is no Captcha and the question there is far too easy to add. Anyone can google that, we have quite a few international members on here (not saying it's a bad thing for them to know). But lets just say here, you have this specific posting rule where one can't post the same thing (due to network issues, having double posts) or some kind of rule where you can't post immediately after you have done a single post. Spambots cannot read Captcha images and will not be able to apply for membership, therefore increasing the number of human applicants and decrease the number of automated ones.

I haven't applied as I don't want to add to the work load of the admins so all good here for the 2nd membership application.

Reactions: Like 3 | Winner 1


----------



## Resistance

It took me a while to log in. Everytime the home page opened it was in a different layout.
Could this be part of it.


----------



## Silver

CTRiaan said:


> You're welcome, @Silver.
> 
> For future reference, should we report something like that or tag admin?



Either or, but preferably both @CTRiaan 
We do have quite a secure forum the technical guys assure me
But it does help us if everyone’s eyes and ears are open to looking out for strange posts or behaviour
Just make a thread in Off topic like this one or in Forum Issues and tag admins
It all helps

Reactions: Like 4


----------



## Silver

Thanks for your feedback @RainstormZA 
We will look into it
I appreciate your suggestions on the Captcha or to find a mechanism that ensures it’s a human signing up and not a spambot

We nuke spammers once in a while and we have the tools to do it quite well - but today’s event I haven’t seen before. Wow, this spammer made an epic number of posts in a short time.
Maybe today’s spammer had a 21700 battery powering its algorithms. Lol.

Reactions: Like 1 | Funny 2


----------



## zadiac

Silver said:


> Thanks @ivc_mixer , glad you took a screenshot of it
> 
> I saw the same thing when I logged in at about 6am
> 
> Not to worry, we deleted all those threads as spam and those users (there were actually two of them) have been removed. Our spam module takes care of the rest.
> 
> Forum software looks intact to me so it doesn’t appear anything was “hacked”. Just a member that signed up and started posting all the spam.
> 
> Will get the technical team to have a look and just check that nothing else was damaged but I don’t think so.
> 
> Vape on!



Did you check their IP's @Silver? Are they locals or over the waters? I could get someone to visit them.......hehehehe

Reactions: Like 1 | Funny 3


----------



## RainstormZA

zadiac said:


> Did you check their IP's @Silver? Are they locals or over the waters? I could get someone to visit them.......hehehehe


Almost impossible to trace if they are using proxy servers. So the IP's (if they are on a proxy) will show them in another location when they are actually in another country. I've traced several spammers (using proxies off their ISP) to other countries when they claimed to be local. Made me laugh at how stupid they can be at times, trying to scam people out of their hard earned cash for nothing. 

I had my skype account hacked a few years back and I was so peeved off with the Skype administrators because they wouldn't give me my account back. So I back-tracked this hacker and it turns out it was a lightie from the Netherlands hacking people's accounts for the fun of it. It all points to his behavioral profile that an immature person would do this thinking he would get away with it, trying to make a name for himself. I hope the stupid sod got arrested because apparently after this incident, Skype beefed up their security and deleted a lot of the hacked accounts off their servers. I only found out about it 2 years later because I needed an account and decided to try my luck, to find I could actually start over on a clean slate this time. And I don't know if he's around, I've never bothered to check it out.

Reactions: Like 2


----------



## Slick

Bump!

Reactions: Thanks 1


----------



## Silver

Slick said:


> Bump!
> 
> View attachment 166542



Thanks @Slick
We on it


----------



## Silver

Slick said:


> Bump!
> 
> View attachment 166542



All cleaned up
Looks like spambots
We will have to look into the signup process and beefing things up

Reactions: Like 3


----------



## Slick

@Silver

Reactions: Like 1 | Can relate 1


----------



## hot.chillie35

What's is going on this morning @Silver ???

Reactions: Like 1


----------



## Resistance

@Silver

Reactions: Can relate 1


----------



## Silver

Thanks guys
All cleaned up
We changed the signup process a few days ago to include that captcha function as was suggested by @RainstormZA

It seems these chaps got through that
Maybe they not bots

But what puzzles us is why would they post gibberish like they do?
I could understand if they were posting adverts to their businesses etc to get some mileage out of it but it seems it’s just nonsense. Well to us on here it seems that way.

Will have to escalate to our higher technical team in the UK I guess. (Xenforo experts who have helped us previously)
Or we might be able to do some magic with the IP number blocking. But that can be a bit of a double edged sword.

Thanks for the alerts and please keep them coming if you see anything strange. We are aware of this and are working on it.

Reactions: Like 3 | Winner 1


----------



## RainstormZA

Hi Silver

Please pm me with their IP address and relevant info- I’ll have a look and report back. 

Sometimes I do think like a criminal on how they operate. I find that bots can’t sign up but maybe it’s manually signed up and let loose once they are in. 

And maybe from last time something is lingering on the system like a modified code from the last spam spree. It can be anything. 

Unfortunately as it is with my experience with mail spam, they change email addresses so often but operate from the same IP address. But much harder if it’s operated on a proxy.

Reactions: Like 1 | Thanks 1


----------



## cgs

Silver said:


> But what puzzles us is why would they post gibberish like they do?
> I could understand if they were posting adverts to their businesses etc to get some mileage out of it but it seems it’s just nonsense. Well to us on here it seems that way.



I was curious too and found this:





https://security.stackexchange.com/questions/12589/what-is-the-point-of-gibberish-spam

Reactions: Winner 2 | Thanks 1


----------



## Silver

cgs said:


> I was curious too and found this:
> 
> View attachment 167152
> 
> 
> 
> https://security.stackexchange.com/questions/12589/what-is-the-point-of-gibberish-spam



Thanks @cgs 
That is helpful
They are certainly getting crafty! My gosh.

Reactions: Like 1 | Funny 1


----------



## RainstormZA

My offer still stands @Silver if you need some help.

Interesting I just learnt something new - not covered in my security studies. Thanks for the info @cgs

Reactions: Like 3


----------



## Silver

RainstormZA said:


> My offer still stands @Silver if you need some help.
> 
> Interesting I just learnt something new - not covered in my security studies. Thanks for the info @cgs



Thanks @RainstormZA 
Have sent you a PM

Reactions: Like 2


----------



## cgs

Silver said:


> Thanks @cgs
> That is helpful
> They are certainly getting crafty! My gosh.






Crafty indeed. You following the never-ending South China sea news at all?


Tangent: This is pretty cool to have a look at. It's a live "attack" map of all sorts.
https://threatmap.fortiguard.com/
edit: @RainstormZA , i think you'll dig this.

It's the wild west out there.

Reactions: Winner 2 | Funny 1


----------



## RainstormZA

Bwhahaha unicorns exist!!! And internet trolls too, for those who didn’t know, @Christos is one

Reactions: Funny 3


----------



## Silver

cgs said:


> View attachment 167158
> 
> 
> Crafty indeed. You following the never-ending South China sea news at all?
> 
> 
> Tangent: This is pretty cool to have a look at. It's a live "attack" map of all sorts.
> https://threatmap.fortiguard.com/
> edit: @RainstormZA , i think you'll dig this.
> 
> It's the wild west out there.



Oh my word, that map is cool @cgs !
It looks like the US is being pummelled by these little blue strikes - looks like a video game. Haha
World war in cyberspace!

South Africa not getting any crossfire at the moment... it seems

Reactions: Like 1


----------



## cgs

Silver said:


> Oh my word, that map is cool @cgs !
> 
> South Africa not getting any crossfire at the moment... it seems



Not on the internet ...yet.
They just come to Durban once a year and steal our sardines.

Reactions: Like 1 | Winner 1 | Funny 2


----------



## Christos

RainstormZA said:


> Bwhahaha unicorns exist!!! And internet trolls too, for those who didn’t know, @Christos is one



Im good at baiting folks and have even been called the Master-Baiter.

Reactions: Winner 1 | Funny 4


----------



## Dela Rey Steyn

Christos said:


> Im good at baiting folks and have even been called the Master-Baiter.


So you are not a Cunning Linguist?

Reactions: Winner 1 | Funny 2


----------



## Christos

Dela Rey Steyn said:


> So you are not a Cunning Linguist?


You will have to ask erm.... my wife

Reactions: Winner 1 | Funny 3


----------



## Hooked

Silver said:


> Oh my word, that map is cool @cgs !
> It looks like the US is being pummelled by these little blue strikes - looks like a video game. Haha
> World war in cyberspace!
> 
> South Africa not getting any crossfire at the moment... it seems



It is - with Huawei!

Reactions: Funny 3


----------



## Silver

cgs said:


> View attachment 167158
> 
> 
> Crafty indeed. You following the never-ending South China sea news at all?
> 
> 
> Tangent: This is pretty cool to have a look at. It's a live "attack" map of all sorts.
> https://threatmap.fortiguard.com/
> edit: @RainstormZA , i think you'll dig this.
> 
> It's the wild west out there.



There's a poor server on the West coast of the US - looks like LA to me - that is getting pummelled all the time from all over the world 

Even the odd shot being fired from South Africa into there. lol
So far I've not seen much attacks *into *SA.

I see Australia gets one or two shots into it occasionally. Hehe

It seems like these are attacks that are being resisted successfully. At least that is how I understand it.

Fascinating - once again, thanks for sharing this @cgs

Reactions: Like 2


----------



## Hooked

cgs said:


> View attachment 167158
> 
> 
> Crafty indeed. You following the never-ending South China sea news at all?
> 
> 
> Tangent: This is pretty cool to have a look at. It's a live "attack" map of all sorts.
> https://threatmap.fortiguard.com/
> edit: @RainstormZA , i think you'll dig this.
> 
> It's the wild west out there.



@Braki Have a look at this!


----------



## RainstormZA

Yeah @cgs i dig it big time!

Modern cyber warfare @Silver the never-ending war on cyber crime.

Reactions: Like 1


----------



## Hooked

cgs said:


> View attachment 167158
> 
> 
> Crafty indeed. You following the never-ending South China sea news at all?
> 
> 
> Tangent: This is pretty cool to have a look at. It's a live "attack" map of all sorts.
> https://threatmap.fortiguard.com/
> edit: @RainstormZA , i think you'll dig this.
> 
> It's the wild west out there.



@cgs That list of countries at the bottom - are those the countries which are being attacked, or the source of the attacks?


----------



## Silver

Hooked said:


> @cgs That list of countries at the bottom - are those the countries which are being attacked, or the source of the attacks?



I think its a scrolling list of the counties _*being *_attacked. But its moving so fast you sometimes cant even see what country it is.... lol....

If you click on the little info icon at the top right it explains what the different colours mean (what type of attack)

Reactions: Thanks 1


----------



## cgs

Hooked said:


> @cgs That list of countries at the bottom - are those the countries which are being attacked, or the source of the attacks?



Those are the countries being threatened.
It's the devices that are reporting the threats as they attempt to neutralize them; still a lot that goes undetected.
Also, with things like TOR, you can re-route and make it look like you're coming from somewhere else.

If you double click on an area on the map it zooms in with some more info:



Here is another; not as busy but the scrolling comments are funny sometimes.
https://threatbutt.com/map/

@Silver 
"It seems like these are attacks that are being resisted successfully. At least that is how I understand it."

100%, most enterprise routers/switches have some sort of threat management on them and subscribe to a dynamic list of all these threats, constantly updated.




But that's all boring stuff.

Google:
Weeping Angel
Vault 7

You can go down your own rabbit hole from there.

Reactions: Agree 1 | Thanks 2


----------



## Silver

Thanks @cgs 
So interesting

I assume you are in the cybersecurity world?
Perhaps you can help us to figure out a way to block our crafty spammers that pay us a visit from time to time

Reactions: Agree 1 | Funny 2


----------



## cgs

Silver said:


> I assume you are in the cybersecurity world?



Had exposure to security when I worked for ISPs but I'm more of a Linux/Server/Storage guy. Networking never really stuck.
IT is something I kinda just fell into because my parents wouldn't let me join Metallica.



Silver said:


> Perhaps you can help us to figure out a way to block our crafty spammers that pay us a visit from time to time



More than happy to take a look.
I don't know everything but know how to learn.

Reactions: Like 1 | Winner 4 | Funny 1


----------



## Hooked

cgs said:


> I don't know everything but know how to learn.



Great attitude @cgs !

Reactions: Agree 1


----------



## Room Fogger

Just logged in and see attached [USERGROUP=3]@Admins[/USERGROUP]

Reactions: Winner 1 | Funny 1 | Thanks 1


----------



## cgs

Suggestion:

I'm not sure how things are setup at the moment but perhaps go here for a start.

http://www.ipdeny.com/ipblocks/
(Zone files last updated: Tue May 21 12:08:15 UTC 2019)

You'll get a list of IPs / Ranges you can stick in a firewall or perhaps the forum software has a place for this.







Block China entirely for now and deal with vendors later.
Won't work if they use VPN but its a start.

Reactions: Like 1 | Winner 1 | Thanks 1


----------



## Silver

Thanks @cgs

Will ask our technical folk to have a look at your post
Appreciate the comments and suggestions

Reactions: Like 2


----------



## lesvaches

cgs said:


> Suggestion:
> 
> I'm not sure how things are setup at the moment but perhaps go here for a start.
> 
> http://www.ipdeny.com/ipblocks/
> (Zone files last updated: Tue May 21 12:08:15 UTC 2019)
> 
> You'll get a list of IPs / Ranges you can stick in a firewall or perhaps the forum software has a place for this.
> 
> View attachment 167582
> 
> 
> View attachment 167583
> 
> 
> Block China entirely for now and deal with vendors later.
> Won't work if they use VPN but its a start.


i switch to Mikrotik along time ago and employ this simple strategy:
http://joshaven.com/resources/tricks/mikrotik-automatically-updated-address-list/

Reactions: Like 3 | Winner 2


----------



## ivc_mixer

@Silver @Christos 
Just happened again and I see they posted in some of the threads as well

Reactions: Like 2 | Thanks 2 | Informative 1


----------



## Silver

ivc_mixer said:


> @Silver @Christos
> Just happened again and I see they posted in some of the threads as well



Thanks @ivc_mixer 
It was @Kuhlkatz that reacted first on our team and nuked them 

Our tech team are telling me that the built in spam blockers are blocking more spam since this issue started. We still working on improving things though. But for the meantime we are going to have to keep an eye out and remove some of it manually. Thankfully they not causing other damage to the forum software. Or at least that hasn't happened yet.

Reactions: Like 4 | Informative 1


----------



## Saintjie

@Silver just a head ups on some more spamming taking place.

Reactions: Thanks 1


----------



## RainstormZA

OK [USERGROUP=3]@Admins[/USERGROUP] i want you to start taking note of the range of ip addresses and see if there's a pattern. I.E: if it's a range of sequential numbers in a row, you can block that range. 

But truth be told. It probably won't be the best solution long term to combating this problem.


----------



## Silver

RainstormZA said:


> OK g0g i want you to start taking note of the range of ip addresses and see if there's a pattern. I.E: if it's a range of sequential numbers in a row, you can block that range.
> 
> But truth be told. It probably won't be the best solution long term to combating this problem.



Hi @RainstormZA , thanks for the message
We have already blocked certain ranges. Going for a wider range or blocking entire countries is a challenge because it will prevent legitimate usage of the forum. So it is a tricky situation.

Reactions: Like 2 | Agree 1


----------



## RainstormZA

Silver said:


> Hi @RainstormZA , thanks for the message
> We have already blocked certain ranges. Going for a wider range or blocking entire countries is a challenge because it will prevent legitimate usage of the forum. So it is a tricky situation.


That was my concern too. We need real spam hunters to track down these pests.

Reactions: Like 1


----------



## Slick

Bump! 

@Silver

Reactions: Agree 1 | Thanks 1


----------



## hot.chillie35

Good morning @Silver .... It seems we have been hacked again

Reactions: Agree 2


----------



## Room Fogger

@Silver [USERGROUP=3]@Admins[/USERGROUP] , main page when logging in

Reactions: Like 2 | Thanks 1


----------



## RainstormZA

hot.chillie35 said:


> Good morning @Silver .... It seems we have been hacked again
> 
> View attachment 168049


Do not say hacked. It's the wrong terminology to use, it's a wonder we have so much panic on Fb because people misuse that word in wrong situations. 

The more correct term would be spam. 

If we were hacked, we would find subtle changes that would be easy to miss.

Reactions: Agree 3 | Disagree 2


----------



## Silver

Thanks guys

Spam has been removed

Yes, the correct term is spam. We have not been hacked. These guys are just signing up normally as would anyone else and then posting all their nonsense

Our spam blockers have stopped quite a lot more in the background but some do get through

Reactions: Like 3 | Thanks 1 | Disagree 1


----------



## RainstormZA

Slick said:


> Bump!
> 
> @Silver



"adds emergency siren music into the background"

Reactions: Like 1 | Funny 3


----------



## hot.chillie35

Damn my bad @RainstormZA .. I didn't realise I needed to have the correct terminologies at 6h11 in the morning. Unfortunately we are all not computer lingo savvy but will make a note to remember in the future

Reactions: Agree 2 | Funny 2


----------



## RainstormZA

hot.chillie35 said:


> Damn my bad @RainstormZA .. I didn't realise I needed to have the correct terminologies at 6h11 in the morning. Unfortunately we are all not computer lingo savvy but will make a note to remember in the future


Yeah sometimes people need to be corrected. Yeah I hear you on not computer savvy but no excuse to go and learn the differences. 

I did an article on forum account security not so long ago so maybe everyone needs a fresh look at it again. I can't emphasise how important it is in today's age and time where there are more online attacks taking place.

Reactions: Dislike 2


----------



## hot.chillie35

Yeah and sometimes people should have a way of correcting people or making statements or trying to bring there points across. Then we would have less conflicts and arguments on this forum.

There is absolutely nothing wrong with that but I did not realise I was in school and u opted to school me.. 

Hmmm Didn't see u schooling anyone else on this thread that used the word "hacked" and their was quiet a few. .. Wonder why .???

This is a vape forum not a computer literacy class.

All I did was report an issue!

And U right there is no excuses to further one's education but unlike u my expertise lies in renovations and construction and not sit the entire day on a computer but rather be in the field itself.

N.B Notice the thread we in... Hence the terminology "hacked".

Reactions: Like 1 | Agree 2


----------



## Hooked

RainstormZA said:


> Yeah sometimes people need to be corrected. Yeah I hear you on not computer savvy but no excuse to go and learn the differences.
> 
> I did an article on forum account security not so long ago so maybe everyone needs a fresh look at it again. I can't emphasise how important it is in today's age and time where there are more online attacks taking place.



No, we do not need to learn the difference simply in order to report that there is a problem!!!!!!!!!!!!!!! 

So must we now learn medical terminology before we phone an ambulance??

Reactions: Agree 1


----------



## Silver

Easy guys n gals
No need to get upset over terminology

@RainstormZA is right, we have not been hacked. Just normal spam. Nothing untoward - just people trying to spam the forum with their nonsense.

Am just grateful that the wonderful folk on this forum let us know and notify us here when they spot anything suspicious. It all helps!

Reactions: Agree 1 | Winner 1 | Thanks 1


----------



## hot.chillie35

Hooked said:


> No, we do not need to learn the difference simply in order to report that there is a problem!!!!!!!!!!!!!!!
> 
> So must we now learn medical terminology before we phone an ambulance??



LOFL Can u just imagine that @Hooked

Reactions: Agree 2


----------



## hot.chillie35

Silver said:


> Easy guys n gals
> No need to get upset over terminology
> 
> @RainstormZA is right, we have not been hacked. Just normal spam. Nothing untoward - just people trying to spam the forum with their nonsense.
> 
> Am just grateful that the wonderful folk on this forum let us know and notify us here when they spot anything suspicious. It all helps!




After this I'll think twice about reporting anything suspicious or hack/ lol spam related issues @Silver coz who wud wane be schooled at 6am about terminologies...

Reactions: Like 1


----------



## Silver

hot.chillie35 said:


> After this I'll think twice about reporting anything suspicious or hack/ lol spam related issues @Silver coz who wud wane be schooled at 6am about terminologies...



Don't worry @hot.chillie35 
Report as much as you like - it really does help us.
I don't mind what you call it

Reactions: Like 3 | Agree 2


----------



## Resistance

If you have never used the incorrect term for something then by all means let me know how wrong we really are.

Reactions: Like 1 | Informative 1


----------



## Resistance



Reactions: Like 1 | Winner 1 | Informative 1


----------



## Resistance



Reactions: Like 1 | Winner 1 | Informative 1


----------



## Resistance



Reactions: Winner 1 | Funny 3


----------



## Resistance

I think the forums weakness has been exposed so ill stick to hacking, if thats ok with everyone.

Reactions: Agree 1 | Funny 1


----------



## Slick

#hacked #spam #ambulance #incorrectterminology #as long as message gets across

@Silver

Reactions: Agree 3 | Funny 1 | Thanks 1


----------



## Silver

Slick said:


> #hacked #spam #ambulance #incorrectterminology #as long as message gets across
> 
> @Silver



Thanks @Slick 
Roger that
Has been sorted, thank you for the alert

Reactions: Like 2


----------



## Room Fogger

@Silver [USERGROUP=3]@Admins[/USERGROUP]

Reactions: Like 1 | Thanks 2 | Disagree 1


----------



## CTRiaan

Also spamming this thread
https://www.ecigssa.co.za/battery-venting-and-exploding.t33644/page-4

Reactions: Like 1 | Thanks 2


----------



## Silver

Thanks @Room Fogger and @CTRiaan 

It was @Christos who cleaned it up this morning - he was up on the forum the earliest 
Thanks @Christos

Reactions: Like 5 | Winner 1 | Thanks 1 | Useful 1


----------



## Gadgetboy

Hi Guys, Just logged on this morning and seen this again.....

Reactions: Thanks 1


----------



## ivc_mixer

@Silver - spam alert again this morning

Reactions: Thanks 1


----------



## ivc_mixer

Updated the title to be more correct

Reactions: Winner 1 | Thanks 2


----------



## Christos

ivc_mixer said:


> @Silver - spam alert again this morning


Thnx!


----------



## Silver

ivc_mixer said:


> Updated the title to be more correct



Thanks @ivc_mixer 
Much appreciated


----------



## Adephi

[USERGROUP=3]@Admins[/USERGROUP] a fly shat on my screen

Reactions: Like 1 | Thanks 1


----------



## Silver

Adephi said:


> g0g a fly shat on my screen
> View attachment 169336



Thanks @Adephi 
Much appreciated
The flies have been swatted !

Reactions: Like 1 | Winner 2 | Funny 1


----------



## hot.chillie35

Alert [USERGROUP=3]@Admins[/USERGROUP]

Reactions: Thanks 1


----------



## Silver

Thanks @hot.chillie35 
Taken care of...

Reactions: Like 1 | Winner 1


----------



## Asterix

This idiot about to start:

Reactions: Like 2 | Thanks 1


----------



## RainstormZA

Asterix said:


> View attachment 170028
> This idiot about to start:


Lol well spotted

Reactions: Like 2


----------



## Hooked

Asterix said:


> View attachment 170028
> This idiot about to start:



@Asterix How on earth did you know that he's a problem??

Reactions: Like 1


----------



## Silver

Hooked said:


> @Asterix How on earth did you know that he's a problem??



Can’t speak for @Asterix but he had the usual signs

Unusual forum name
atypical country flag
Non-sensical “from” info

Reactions: Like 1 | Agree 1 | Informative 1


----------



## hot.chillie35

[USERGROUP=3]@Admins[/USERGROUP]
@Silver 

The forum is being hacked with spam!!!

Reactions: Funny 1 | Thanks 1


----------



## Silver

hot.chillie35 said:


> g0g
> @Silver
> 
> The forum is being hacked with spam!!!
> 
> View attachment 170101
> 
> 
> View attachment 170102



Thanks @hot.chillie35 
@zadiac and I nuked em

Reactions: Like 2


----------



## RainstormZA

@Silver it appears to be the same bot signing up with different user names lol. Nothing has changed in the spam content.

Reactions: Like 1 | Agree 1


----------



## Silver

RainstormZA said:


> @Silver it appears to be the same bot signing up with different user names lol. Nothing has changed in the spam content.



Agreed @RainstormZA , but we think it’s a human signing on then handing account to a bot to do the posts

Reactions: Agree 2


----------



## Hooked

It's really odd.  In the two years that I've been on the forum this is the first time that we're seeing this. So why suddenly now? And why to such an extent? And why, period! What do they achieve?? 

Techies, pls. answer. I'm really curious!

Reactions: Like 1


----------



## Silver

Hooked said:


> It's really odd. In the two years that I've been on the forum this is the first time that we're seeing this. So why suddenly now? And why to such an extent? And why, period! What do they achieve??
> 
> Techies, pls. answer. I'm really curious!



Its a very good question @Hooked

I think someone or perhaps a group of people discovered the forum recently and realised they could sign up and post gibberish. What does it benefit them? I am not entirely sure. The thread titles have what looks like Chinese characters and there is always some normal English words too. Last few have been universities.

Most of these spammers would typically post links to their websites they are trying to promote - or words which would lead the viewer to their offering. Our forum has been highly indexed by most of the search engines so having your links here is beneficial for search engine rankings for them.

But these guys more recently are confusing - I do not see how they can benefit - so we just have to continually bat them away and hopefully it will subside over time. 

For the record, our backend spam blockers are blocking quite a lot of this type of thing - only a few get through (which we actually see)

So far, nothing has been compromised - its just a time waster and a bit of a nuisance.

Reactions: Agree 1 | Thanks 2


----------



## Hooked

Silver said:


> Its a very good question @Hooked
> 
> I think someone or perhaps a group of people discovered the forum recently and realised they could sign up and post gibberish. What does it benefit them? I am not entirely sure. The thread titles have what looks like Chinese characters and there is always some normal English words too. Last few have been universities.
> 
> Most of these spammers would typically post links to their websites they are trying to promote - or words which would lead the viewer to their offering. Our forum has been highly indexed by most of the search engines so having your links here is beneficial for search engine rankings for them.
> 
> But these guys more recently are confusing - I do not see how they can benefit - so we just have to continually bat them away and hopefully it will subside over time.
> 
> For the record, our backend spam blockers are blocking quite a lot of this type of thing - only a few get through (which we actually see)
> 
> So far, nothing has been compromised - its just a time waster and a bit of a nuisance.




They must lead very boring lives if this is their idea of entertainment!!

Reactions: Agree 3 | Funny 1


----------



## zadiac

I'll put out some feelers, but we need a hacker to respond in kind.......or kinder. I know some people in low places.....hehehe

Reactions: Like 1 | Agree 1 | Winner 1 | Funny 1


----------



## Hooked

zadiac said:


> I'll put out some feelers, but we need a hacker to respond in kind.......or kinder. I know some people in low places.....hehehe



@zadiac It would be interesting to get the spammers perspective!

Reactions: Agree 2


----------



## Dela Rey Steyn

https://www.ecigssa.co.za/69-1.t60397/

this one is starting small, I think they are trying to slip by

Reactions: Like 1 | Thanks 1


----------



## Silver

Dela Rey Steyn said:


> https://www.ecigssa.co.za/69-1.t60397/
> 
> this one is starting small, I think they are trying to slip by



Thanks @Dela Rey Steyn 
All sorted 
Appreciate the headsup

Reactions: Like 3


----------



## Dela Rey Steyn

Another one trying to sneak past it seems: https://www.ecigssa.co.za/99-1.t60436/

Reactions: Funny 2 | Thanks 2


----------



## Dela Rey Steyn

and another sneaky post https://www.ecigssa.co.za/69-2.t60439/

Reactions: Funny 2 | Thanks 2


----------



## Rob Fisher

Nuked

Reactions: Like 1 | Winner 3 | Thanks 2


----------



## Adephi

The defacating flies are at it again.

Reactions: Agree 1 | Thanks 1


----------



## Dela Rey Steyn

They are at it early again I see

Reactions: Agree 2


----------



## Adephi

There must be some form of automatic bot involved. There is no way 1 person can create over 50 posts in 2 minutes.

Reactions: Agree 3


----------



## hot.chillie35

At it again... Spam hackers!!!!

Reactions: Thanks 1


----------



## Gadgetboy

Another Spam alert!

Reactions: Thanks 1


----------



## Silver

Adephi said:


> The defacating flies are at it again.
> 
> View attachment 170576



Thanks @Adephi and the rest of you for your alerts
The flies have been swatted
You are right, they were at it early this morning
Interrupting me with my calls to Malaysia and China for VapeCon 

@Adephi - you are right they are bots - but what we think is that they are humans first that get on and sign up - then hand the account over to a bot of sorts to go wild.

Our sign up process I am told is now very hard for bots to get through

We are continually reviewing this - and just to let you know our spam blockers on the back end are blocking several sign ups each day (every time we remove spam, it learns more about IP addresses, so in theory should get better and better).

Lets see how it goes. 

Apologies to everyone on the forum for this. We hope to resolve this soon...

Reactions: Like 1


----------



## Adephi

Silver said:


> Thanks @Adephi and the rest of you for your alerts
> The flies have been swatted
> You are right, they were at it early this morning
> Interrupting me with my calls to Malaysia and China for VapeCon
> 
> @Adephi - you are right they are bots - but what we think is that they are humans first that get on and sign up - then hand the account over to a bot of sorts to go wild.
> 
> Our sign up process I am told is now very hard for bots to get through
> 
> We are continually reviewing this - and just to let you know our spam blockers on the back end are blocking several sign ups each day (every time we remove spam, it learns more about IP addresses, so in theory should get better and better).
> 
> Lets see how it goes.
> 
> Apologies to everyone on the forum for this. We hope to resolve this soon...



I don't know how the technical stuff works, but maybe prevent everybody in creating 2 threads within 60 seconds from eacother. Might slow the flies down a bit and maybe work against their protocols.

Reactions: Like 1 | Agree 2


----------



## RainstormZA

Adephi said:


> I don't know how the technical stuff works, but maybe prevent everybody in creating 2 threads within 60 seconds from eacother. Might slow the flies down a bit and maybe work against their protocols.


Investigations take time but hopefully a pattern emerges out of this. 

To me this now starts to appear to be a botnet doing this with an human sign up.

Reactions: Like 1


----------



## Asterix

RainstormZA said:


> Investigations take time but hopefully a pattern emerges out of this.
> 
> To me this now starts to appear to be a botnet doing this with an human sign up.


From what I’ve read up, there are human “sweat factory” type operations that search internet for any forums and other social media platforms that they can infiltrate. These infiltrations are then sold on sites such as freelancer. Then the buyers bots take over. 

Because of the low cost of purchasing these “infiltrations” they don’t really care whether the language is even understandable by the target (our forum). 

These people are already dodgy to begin with. Some of the kak posted points to getting fake degrees etc.

Reactions: Like 1 | Agree 2


----------



## RainstormZA

Asterix said:


> From what I’ve read up, there are human “sweat factory” type operations that search internet for any forums and other social media platforms that they can infiltrate. These infiltrations are then sold on sites such as freelancer. Then the buyers bots take over.
> 
> Because of the low cost of purchasing these “infiltrations” they don’t really care whether the language is even understandable by the target (our forum).
> 
> These people are already dodgy to begin with. Some of the kak posted points to getting fake degrees etc.


Yeah you can get those on the Darknet. I was just reading up on botnets and the computers controlled are called zombies. Very interesting how they operate.

Seems it's a very common problem on forums.

Reactions: Like 1


----------



## Hooked

New member who joined today

Reactions: Thanks 1


----------



## Dela Rey Steyn

Die Filistyne is op ons!

Reactions: Funny 2 | Thanks 1


----------



## Silver

Dankie DLS @Dela Rey Steyn 

Ek het hulle mooi gevra om weg te gaan

Reactions: Funny 3


----------



## Dela Rey Steyn



Reactions: Winner 1 | Thanks 1


----------



## Dela Rey Steyn

Can we maybe start by blocking all posts containing any Mandarin/Japanese/Cantonese characters?

Reactions: Agree 2 | Thanks 1


----------



## Silver

Thanks @Dela Rey Steyn 

All sorted
Good idea to block posts with Chinese characters.
We will have to check if that is possible

Reactions: Like 2 | Thanks 1


----------



## Gadgetboy

Spam alert again!
These guys are getting crafty!

Reactions: Thanks 1


----------



## Silver

Gadgetboy said:


> Spam alert again!
> These guys are getting crafty!
> View attachment 171215



Thanks @Gadgetboy
You are right, they are getting crafty
They have been removed.

Our technical team installed something else yesterday that is supposed to help - but we are monitoring and tweaking...

Sorry for the inconvenience to all - we are working on it.

Reactions: Like 2


----------



## CTRiaan



Reactions: Thanks 1


----------



## Silver

Thanks @CTRiaan
And thank you @Hooked for reporting that post too
It has been dealt with

By the way, we have installed another anti-spam module - and we are tweaking things - it looks like its helping quite a bit so far. Quite a few spammers have been blocked in the last few days

Reactions: Like 3 | Winner 2


----------



## Adephi

The flies are up early

Reactions: Like 1 | Thanks 1


----------



## Silver

Thanks @Adephi
Thanks @Kuhlkatz for sorting out the flies this morning 

Incidentally, it does seem that the recent measures we have taken are working better. We havent had spam for a few days.

Reactions: Like 3


----------



## RainstormZA

Silver said:


> Thanks @Adephi
> Thanks @Kuhlkatz for sorting out the flies this morning
> 
> Incidentally, it does seem that the recent measures we have taken are working better. We havent had spam for a few days.


Yeah much better, I’ve noticed it too.

Reactions: Like 2


----------

