Published on 12, July, 2020
It would be nice to feel like someone was watching out for us to keep everyone safe. Please make it go away, it's a layer of confusion and the worst side of NT ness that we don't need. :(
The SPAM has started breeding again this morning.
Noticed by viewing votes. Both accounts different usernames and passwords.
My other self Alto, my Elephant self, Mezzo-soprano.
Your pedantry noted again... however my Alter Ego is yet to set up its own account as I only have one true self, divided into two parts...both of which seek the opportunity to sing!
Odd - and you discovered this by looking at that account's profile, or viewing votes?
Reusing a password between websites is in my opinion the biggest current problem. For example, if you were one of over 100 million people who had a LinkedIn account before 2012 that was compromised, you should make sure that no other account uses the same password. So in some ways the ability of a browser to remember lots of different passwords is a good thing. (The NAS @WebPM might also want to check that this forum software uses bcrypt or 'salted hashes' in case there ever is a breach, but obviously such a breach would affect far fewer people than LinkedIn.)
No response from the mods about the creepy spam still - can they all be off on half-term?
Do you have a soprano-ego too?
(sorry, compulsive pedantry syndrome)
CSRF within the forums is a distinct possibility, but I was referring to basic use of tcpdump if the target happens to be browsing via hotel, work, coffee shop or supermarket WiFi - anywhere that another STA could be set promiscuous.
You're right that CSRF is the more realistic vector for more serious damage.
I have an alto-ego which I set up as there were disagreements at home about using the forum. This alto-ego liked someone’s achievement two days ago.... I’ve not used that log on for months.
Freaked me out...
im not trying to stir paranoia but there is some weird stuff going on. The https protocol does need to be robustly applied. The Chrome browser ability to remember logins and passwords is also an open door but outside the remit of the forum. Maybe asking users to regularly change passwords is an option?
Cookie Monster doesn't like 'stolen' cookie.
Yeah, there's no reason not to use https, especially now we have Let's Encrypt. Are you worried about cloning by packet-sniffer, or CSRF?
Something that has been bothering me for a while now is the possibility of a session hijack of an otherwise genuine user.
The initial login sequence is https, but the forum redirects to http, with session tokens therefore passed in the clear, and presumably vulnerable to replay attack for as long as the token remains viable?
(can the forum shift to https full-time?)
There was a third one yesterday as well: http://community.autism.org.uk/f/miscellaneous-and-chat/12552/i-can-t-find-girlfriend
I did click 'report as abusive' on at least two of them as suggested by the mods. Maybe all the NAS Moderator moderators were away yesterday, it being a BH Monday. Is this like the type of spam four months ago? One of the problems with the three yesterday is that it's confusing and wastes people's time, but another is that it's stealing someone else's words. Not nice, having a computer program imitate a real person with real concerns.
Getting techie: I've also reported nas37761 and nas37762 as abusive, but it may be that nas37763, nas37764..., which haven't posted yet, are bots too. Automated systems to detect spam aren't perfect (if a machine could tell if something looked like spam, then another machine can learn how not to look like spam). Detection can be done by IP address, but some bots posts via Tor - and so do some human beings. IMHO the forum should at least allow reading via Tor. Some system to detect duplicate paragraphs in combination with IP address would be the best. If they're posting spam links to their profile, that's another way to detect it - but they may not do that initially.
http://community.autism.org.uk/f/parents-and-carers/12551/sensitivity-problem/
http://community.autism.org.uk/f/introduce-yourself/12550/hello-everyone-i-m-new-member-everyone-help-me
...This here Thread is the Thread which WebPM/NAS has said to use for reporting SPAM. Even though NAS themselves did not start it. Thus I reply to the Moderator rather than the starter. This is May 2018, now.
NAS - PLEASE SORT THESE TWO NEW THREADS OUT!
Thank you for the clarification on reporting this kind of thing as abusive, I did report several of the messages but wasn't sure that was the right thing to do, now I know.
Good to know the dreaded points system is good for something! Fingers crossed we are not subjected to this again any time soon.
Hello community users,
We are sorry for the spam that hit the forum over the weekend. As you saw, we removed it as soon as we could.
As forum contributors, you can help by reporting such messages as Abusive (via the More link below a message). The more genuine contributors who report such messages, the quicker the response can be. If a user has obviously registered only to post spam, you can also report the user as Abusive from that user’s profile page. Obviously the abuse system is best used for these deliberate nuisance posts and for anything that seems to be intentionally highly offensive; this forum is very tolerant of different views and perspectives, even where others might not agree with what is said.
We have made some adjustments to the settings in the automated anti-abuse systems that are provided by this forum software. Obviously, we want to do that without accidentally having an effect on genuine messages, that may innocently contain banned words and so on. One of the good features of this system, however, relates to the concept of a contributor’s “reputation”, something which has caused a bit of discussion over the past six months. The fact that you have established a reputation as a poster of genuine messages helps to “protect” your messages from the anti-abuse systems.
Kind regards,
Ayshe Mod
Surrounded, that's exactly it, think that's what spurred my sudden volubility, defence of something I care very much about, even if I'm a lurker more than I'd like. ()x() :)
Yes thank you mods, it was beginning to make me very unnerved.
I don’t like being surrounded and it felty like that for me,
thank you spotty maybe your more polite request did the trick Lol.
()x()
Thank you Mods. x
I know exactly what you mean Lone, it's freaking me out, even though I know what it is and not to touch it. Someone needs to be on top of this place 24/7, you are right, what if it was something really nasty and only some of us realised it, we can't protect anyone.
Anyway we will keep talking and they won't beat us back into a hole.
()()()xxx back at you.
The people who are supposedly in charge are absent, it is fortunate that the stream of threads is not crude or full of hatred,
I am feeling so anxious right now, ok I could ignore them but I am autistic and being easy isn’t my way,
thank you spotty for starting a new thread,
take care all, x()x()x()x.
Bless you California, I wish you were in charge of a delete button too, right now.
I wish I could delete them but I do not have the button to do that.