Hey everyone,
I just removed a post that had what looked like a normal URL, but if you clicked on it, it would take you to a different URL, and I have seen a lot of different types of spammers getting through the automated checks lately.
There is another tactic they have been using lately which is to copy the text from a legitimate user and to make that into a comment or a new post. Those things are hard to spot if you didn’t read the other one, and it isn’t your post.
We also have shills who pretend to be in IT just to set themselves (or someone else) up to praise their product. This is fairly normal for a site like this, but another one to stay aware of and watch out for.
I know, you are all in IT, but please be vigilant. Watch where you are clicking. And If you see something that looks wrong or deceptive, please, please flag it. We would rather get 100 incorrect flags than to let one bad post through. Plus, it’s a win-win. You get points for approved flags, and it helps me and the site a lot to take down those spammer accounts, so bring on the flags. 
22 Spice ups
Andrew_F
(Andrew_F)
2
Would it be possible to use VirusTotal API to scan URLs? Even if it’s just for new users?
Problem would be if it’s scanned on post submission and it’s a redirect then there’s a good possibility you could just change the redirect after submitting the post. Or the site has to scan the URL each time it’s read.
Might be easier to ban URL posting for new users until a certain milestone is passed - it’s a PITA for legitimate users though.
7 Spice ups
Rod-IT
(Rod-IT)
3
Sometimes people use redirects like short URLs (which I hate), but this masks both good and bad links, so it would be hard to know what’s behind it.
I would be in favour of blocking short URLs completely, if someone doesn’t want to expose the real URL, then they are the ones with the issue.
I worry about people who need to spam their own product though, it can’t be very good if you have to get attention to it in the first place (not including GGs).
8 Spice ups
We’re on a third-party platform, and they really do have some great spam-catching things built in, but not sure what improvements could be made in that regard.
We can lock new users out of a lot more things, but we also don’t want to drive people away, so it’s a tough balance.
5 Spice ups
Aimero
(Aimero)
5
Wouldn’t it be a good idea to implement such a thing?
7 Spice ups
So we received an email from a trusted customer last week…the email was a real Office 365/One Drive link to a PDF on his one drive. You even have to be sent a code from Microsoft to get to it and all of that was legit. But when you got to the file, then it tried to get you to log in to some crazy URL. Thankfully, my users didn’t even go as far as getting the 2FA code. I notified the customer and he confirms that he was hacked.
7 Spice ups
Love the idea, and definitely a good idea to look into back end improvements.
In the meantime though, I just wanted to make sure that all of you were aware that some spammers are getting past our spam protections (and some always will). Good to be watchful, no matter how good our backend tools are.
7 Spice ups
Rod-IT
(Rod-IT)
8
This is the key point, no system is 100% effective, no matter how much money you spend.
Humans always have that edge over AI or code looking for keywords, phrases or known URLs.
7 Spice ups
Aimero
(Aimero)
9
could it be the Sharepoint hack that was so bad recently?
3 Spice ups
Aimero
(Aimero)
11
Yes, this is currently actively exploited.
4 Spice ups
Here’s another one to watch out for:
(Trying to bury random links in a normal-looking response.)
6 Spice ups
My employees have been asking me what they can do and then when I tell them, they reply “it’s too hard to check the legitimacy of every one before opening an email!”
I just look at them and tell them “we’ve made it onto the sucker list, so get used to it because everyone and their Uncle is going to send us spam for a while. You may hate it but it’s what we got to do”
5 Spice ups
Rod-IT
(Rod-IT)
14
VERY active.
Anyone with an SP on=prem really needs to be looking at their logs and taking any public sites down while they investigate.
6 Spice ups
As with Exchange, on-prem SharePoint should be moved to fully-cloud ASAP if it’s not already in the works…just another reason why 
3 Spice ups
Rod-IT
(Rod-IT)
16
While I agree with moving things to the cloud, Microsoft does not recommend using SharePoint Online (SPO) to host public-facing websites.
It’s purpose is collaboration, so intranets and Teams sites are fine, but they discourage the use of SPO for publicly accessible websites.
5 Spice ups
Oh yeah, no, SPO is not a public-facing website, but it is handy for sharing securely with vendors and an intranet for company use!
2 Spice ups
Having lived the nightmare on the HP Community forum, I really feel for users who head to tech support sites the most. There are so many copycat sites that format their website to look nearly identical to vendor sites and SEO their way to the top of Google searches. Or they create fake profiles and brag up known tech support scam sites that tell you to buy a subscription to some software for 10X-20X the normal price, plus install.
5 Spice ups
Plus one for not a fan of shortened URL’s!
Was recently on a reasonably well-known vendors site & found that all their archaic knowledgebase links were corrupted. Not the current ones that would be noticed, just those older devices
- mayhaps this weird Red-page thingo is where they keep the old firmware’s & pdf’s?
Extra tricky because your are already in the ‘trust’ zone…
3 Spice ups
