beware of "Club Tread" email scams - Page 2 - ClubTread Community

User Tag List

Reply
 
LinkBack Thread Tools
post #11 of (permalink) Old 05-28-2013, 10:21 AM
Intermediate Member
 
Zoran's Avatar
 
Join Date: Nov 2003
Location: Burnaby, BC, Canada.
Interest: Mountaineering;Bikepacking;Skiing
Posts: 562
Default

Quote:
quote:Originally posted by dougz

Quote:
quote: So, all our private email addresses are taken from CC and loaded to spam engines in China?
No, if you read the explanation by Longshadow, as long as you didn't reply, you're fine.

http://www.clubtread.com/sforum/topi...TOPIC_ID=56831
I can't see option in my account to send mass mail to members of CC. Are you saying he did it that way? He registered for an account and sent mass mail to all of us?

I work in IT and I am having hard time to understand how he mailed to all of us?

Longshadow, basically our Chinese friend John Wayne doesn't know our addresses unless we reply to him ... But he is able to send all of us mail through Board. He is got admin rights?
Zoran is offline  
Sponsored Links
Advertisement
 
post #12 of (permalink) Old 05-28-2013, 10:57 AM
Administrator
 
Join Date: Oct 2001
Location: Langley, BC, Canada.
Interest: Hiking, backpacking, snowshoeing, photography, computers, yoga and traveling.
Posts: 7,688
Default

He used a bot. Pretty standard. So once he has an acct on the site, they essentially simulate the entry into the form and post it. Forums all have typical URLs (each with their own) so its not that tough to create the necessary scripts. Once you're a member, you can see the member list for the purposes of sending a legitimate PM - note that is PM, not email. They will only get your email if you actually respond to the email.

Now that they have been banned, they can no longer send these messages. One thing that I did forget to do is reset the web server, if their session is still active, it may still permit. I'll do that after submitting this post.
LongShadow is offline  
post #13 of (permalink) Old 05-28-2013, 11:00 AM
Administrator
 
Join Date: Oct 2001
Location: Langley, BC, Canada.
Interest: Hiking, backpacking, snowshoeing, photography, computers, yoga and traveling.
Posts: 7,688
Default

BTW, I think you all would be amazed at how many bots and scammers try to get on to CT. I would say that probably about 30-50% of the acct requests during a given period are not legitimate.

I try to filter these out by using known email address spam databases (at a given time), IP lookups (and toast from weird countries & hosts), and profile content review. Generally this catches them all - but unfortunately in this particular case I overlooked it.

LongShadow is offline  
post #14 of (permalink) Old 05-28-2013, 11:01 AM
Intermediate Member
 
Zoran's Avatar
 
Join Date: Nov 2003
Location: Burnaby, BC, Canada.
Interest: Mountaineering;Bikepacking;Skiing
Posts: 562
Default

Thank you.
Zoran is offline  
post #15 of (permalink) Old 05-28-2013, 11:03 AM
Advanced Member
 
Join Date: Nov 2003
Location: Smurf Village, BC, Canada.
Interest: hiking, exploring, reading, random shiny things
Posts: 2,330
Default

LongShadow, I think you do a terrific job filtering out the garbage. I've been on the site for a few years and don't remember receiving any other spam. Maybe that's why it was amusing this time, but certainly wouldn't want it to become a regular thing.
guntis is offline  
post #16 of (permalink) Old 05-28-2013, 11:05 AM
Advanced Member
 
Join Date: Jul 2005
Location: Richmond, BC, Canada.
Posts: 2,674
Default

Longshadow they are sending email's also. I just got one this moment that went to junkmail directly.

Quote:
quote:"Hello pmicheals
You received the following message from: john10 (john.wei03@yahoo.pl)

Hello
Can you assist me to transfer funds into your account and help me to invest in your country or any part of the world. Please let me know so that I can detail you more.

My Regards, John Wei."
If you receive your mail via MSoffice outlook browser, don't open it.

pmicheals is offline  
post #17 of (permalink) Old 05-28-2013, 11:17 AM
Administrator
 
Join Date: Oct 2001
Location: Langley, BC, Canada.
Interest: Hiking, backpacking, snowshoeing, photography, computers, yoga and traveling.
Posts: 7,688
Default

This looks like one of the PMs that would have been site generated.

I also just fully reset the server, so their session would be toast as well (just in case still active).
LongShadow is offline  
post #18 of (permalink) Old 05-28-2013, 12:00 PM
Intermediate Member
 
Join Date: Jun 2007
Location: Abbotsford, BC, Canada.
Posts: 775
Default

Quote:
quote:Originally posted by LongShadow

BTW, I think you all would be amazed at how many bots and scammers try to get on to CT. I would say that probably about 30-50% of the acct requests during a given period are not legitimate.
These figures are truly disheartening. They explain why there would be a delay for new registrants to get approved. I don't envy you having to check every application. Good job, don't feel bad about having missed one!
greyowl is offline  
post #19 of (permalink) Old 05-28-2013, 12:03 PM
Advanced Member
 
Join Date: Jul 2005
Location: Richmond, BC, Canada.
Posts: 2,674
Default

I assume the bot is capable of doing a mass profile access and able to get everyone's email address. Is their anyway to hide the email address and still allow the member to send an email like on Craigslist? Maybe it wouldn't help that much.

eg: In profile section
E-mail Address:
Allow Forum Members to Send you E-Mail?: Yes/No (dropbox)
Hide email address from sender? Yes/No (dropbox)

All of your efforts are definitely appreciated longshadow



pmicheals is offline  
post #20 of (permalink) Old 05-28-2013, 12:34 PM
Advanced Member
 
Join Date: Aug 2002
Location: , BC, Canada.
Posts: 2,584
Default

Quote:
quote:Originally posted by pmicheals

I assume the bot is capable of doing a mass profile access and able to get everyone's email address. Is their anyway to hide the email address and still allow the member to send an email like on Craigslist? Maybe it wouldn't help that much.
Already does, at least initially. The messages are sent from the server, so unless you reply they won't know what your email is.

There are two mitigations that should be added:
* Rate limiting on messages
* The approval system should take email address domain into account.
ShadowChaser is offline  
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the ClubTread Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in









Human Verification

In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.



Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome
 

Search Engine Optimization by vBSEO 3.6.1