KBPsen

They seem to be a regular presence recently in the forums, reposting parts of previous posts.

What else are they doing?

mixture

Spam ? That's what bots usually do.

KBPsen

As in harvesting emails for future use?

There is nothing to see in the posts themselves.



When doing a posts search something does show up which is not visible in the post itself. Would you know what that is?

mixture

Unless they are making use of an exploit, I suspect you'll find there's no way to get member's emails unless you've been assigned mod permissions.



I suspect the image filename of "avtar" gives a hint...it's a little icon, anything from a smilie to a small image meant to represent the user.

riverrock83

A number of them will be being used by search engines (such as google) to update their indexes of pprune. It is no surprise since pprune often appears high up on google searches... Google is also often quicker/easier (in my opinion) to find a long lost thread than the built in search tools. They wont be re-posting posts though (unless their design is flawed).
My memory is that you need to create an account to post here which bots have great difficulty doing. Could it be there are some pilots who are just a little too fatigued to function properly logging in?

KBPsen

I am getting curious now.

What would be the purpose of having a bot that posts parts of previous posts and includes a 1x1 pixel sized image that is not visible? If it was an attempt at spam would there not be links or something visible?

Riverrock,

You can see usernames registered in the last few days with names like "Claudette381" or "Curtis532" and so on, making posts that just include this little image file and snippets of previous posts on the same thread.

ross_M

I doubt google opens dummy accounts to index posts.

That's a popular tracking trick. Each time someone reads the page his browser will have to call for the 1x1 image from the host site. Once the request goes, the webserver knows what IP you are browsing from (unless you've gone out of the way to prevent this) . So spammers / trackers can figure how many readers and from what locations.

This is the way with email spam anyways. Not sure if it works the same way with forum spam. With email spam, oftentimes each email has a slightly modified link all redirected to the same inviisible 1x1 image. That way they can know exactly which of their thousand spam Viagra emails has made it to human eyes.

KBPsen

Ross,

I see. So would the inclusion of this 1x1 image cause an increase in apparent views on the hosting server/website and increase ad revenues?

probes

which means I was extra stupid to copy the link of the invisible pic to another window (got it from 'more posts by...' and Amazon books it was) - Clyde...whatevernumber it was, in "2 last letters start the next word", because the post was weird, as the next post is supposed to have the definite letters there.

(Clyde38, looked it up).

BrandiNettIB

If any of these spam accounts are not being banned by moderators in the course of moderation, please list their user names here, and we'll take a look. Thanks!

El Grifo

If you really want to encounter a plethora of "BOTS" just pop over to the USA politics hamsterwheel.

Stuffed chock full of them over there

peterh337

What kind of email client will actually go and fetch that image from a remote URL?

Maybe M$ Outlook will... but I would be suprised if that was the default configuration nowadays. This is absolutely the oldest trick in the book for infecting email software... include a malformed jped/pdf/whatever in the email.

However, I recall there was a company making money out of a service whereby you included the 1-pixel image in your outgoing email(s) and that way you could tell when the recipient has read it. Without some trick like that, there is no way to tell if somebody has opened an email.

Bushfiva

CleeIB,

Sunflower100, plus two others I reported but can't remember, are linkspamming at the moment.

Mike-Bracknell

I reckon that Bushfiva might be a bot, y'know



just kidding

BrandiNettIB

Thanks, guys. The mods are collecting bot usernames as they ban them, and we are looking into back end tweaks to help keep them away.

Bushfiva

No URLs in posts by new users might be a start? There'd be no reason to post here. I guess you know the IP addresses, so it would be interesting to know if this is a dedicated guy in the US, or a work for hire done by an Indian or Chinese spam farm.

BrandiNettIB

Bushfiva, it's actually not possible to restrict links within posts in vBulletin without unofficial hacks, which the tech team are reluctant to implement. We could restrict posting altogether by new users, but that's pretty drastic and hard to implement, given the dispersion of spammers across the forums. We'll focus on some back end tweaks to try to slow down these spammers from entering in the first place.

Bushfiva

Well, you are the owners of vBulletin so you would be the right people to turn an unofficial hack into an official option.

How about a minimum image size in both terms of dimensions and kB? Then single-pixel images and blank images hiding at the end of the text wouldn't work.

mixture

Bushfiva,

You're missing the point.

The aim should be to catch them before they even have the opportunity to post. Not trying to catch them out at the posting stage, because they are only going to work around that.

Bring back captcha logins I say !
(plus a few additional tricks here and there....)

Bushfiva

No, I'm not missing the point. These aren't bots, they're people paid to get past the registration and login barriers, then start posting apparently reasonable postings but including a one-pixel link. You can try to block them at the point of entry by making the cost higher than the value in posting, agreed. But you can also stop them by making their postings readily detectable. You may not have noticed, but at least one of these "bots" has been creating threads. If images below a certain pixel size can't be posted, all the single-pixel issues go away. If images below a certain file size can't be posted, then most of the transparent-image-at-the-end-of-the-text issues go away, courtesy of Mr Huffman and friends.

In general, a blend of approaches probably works best. But these guys *are* vBulletin, so saying they don't like hacks is disingenuous. Don't make it a hack, make it part of the product. IB has more than 100 web sites; it's not just trying to fix PPRuNe, it's trying to fix their entire portfolio.