Hello UNA Team,
It has been a week or two since the Discussion board (forum) here on unacms.com is getting bombarded with continuous spam. Some new spammer accounts/profiles are creating hundreds of discussion posts. They are all spam and most of them have the same timestamp.
Please investigate this issue and implement effective anti-spam measures.
How do they even manage to add hundreds of discussions at once? Are they humains creating an account/profile, then spamming the discussions or robots/bots using some sort of automated scripts?
If there is a vulnerability in UNA being exploited by spammers/hackers to spam the discussions module, then we (users running UNA websites) are all screwed till you guys find the problem and provide us with a fix.
I am really concerned.😕
- 871
This is absolutely insane. Hundreds of posts. I can't even find my last posts. There definitely should be an anti flood (can only post a new topic every X minute(s) feature). Hmmmm.
That was under one account and handled now. We don’t have the usual restrictions now as we are testing a new antispam tool.
Well, I hope that they won't be back. It seems like it's the same spammer. This is not the first time. Last week, he created 3 or 4 different accounts/profiles. Each one with hundreds of posts. I reported some of them. Once that account or profile was deleted with all its content by the UNA admin, he created another one few hours later or the following day. Then I reported it again and so forth. That's why I started wondering whether the spammer is using some automated script or hacking technique to bypass the anti-spam system in UNA and add hundreds of posts at once. Many of those posts have the same timestamp.
The spammer is using several unique words which identify him as a free advertiser or search engine exploiter. Word's like fortune teller and casting spells, for example. These suspicious words should cause the spam attempt to fail and the sneaky user to be suspended.
Also note that those overseeing this international UNA site may be asleep while the spamming occurs. Therefore it goes on for hours before detected.
As others have stated already: No new user needs to start multiple discussion topics in one day.