Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
Ask a Question

Public Service Announcement: spam user profiles

+2 votes
956 views
in Q2A Core by
edited by

Just thought some people might be interested in this. A few users on my site found some spam user accounts I checked my database and found many similar accounts. What's more, these same user accounts are on many other Q2A sites including this one!

None of the accounts have actually posted, but their user pages have a long blurb in the About section and are basically just spam advertisements on your site. The links are nofollow which prevent them getting "link juice" but it degrades your site and there's a chance it could impact SEO having spam on there.

Here is the list I have found:

engineeringjobsSW
Grantedjobs
HoundJobs
AtlantaAttorneyJobs
LegalJobsNewYork
FortWorthAttJob
MilwaukeeLawJobs
OaklandAttorneyJobs
AttorneyJobsOklahoma
ElPasoAttorneyJobs
NashvilleAttjob
DenverAttorneyJobs
PortlandAttorneyJobs
ConsultingXing
AdvertisingCrossing
AccountingCrossing
ArchitectureCrossing
BCGAttorneySearch
DesigningCrossing
HospitalityCrossing
LawCrossing

They all seem to be from different IP addresses but all except the first 3 are in the range 122.169.* or 122.179.* I would also suggest running the following query on your database to see if there are any other duplicate accounts. I found a set of about 40 a few weeks ago, all from the same IP address!

select createip, loginip, writeip, group_concat(handle) AS handles, count(*) as accts from qa_users group by createip order by accts desc

Longer-term, I think Q2A needs to add some more spam-detection features in. As a first step, some way to approve user accounts, so that multiple accounts from the same IP get flagged, and we could add our own filters on user accounts (like "attorneyjob") to flag them for moderation.

Thoughts?

by
More spam accounts:

ClickSSL
gavinheron
jameshoward
Justinvzepeda
samuelfreer
sharonrandolph
Noahdduke
Edgarwbrown
larrykingle
adityareddy
vatsaltagore
vibhorganaka
nithinsaini
stanbryantm
luthergalarza
alanlpetrey
by
I got some spam users as well, deleted most of them over the last weeks. I start listing them here as well: kentostudios

3 Answers

0 votes
by
I've seen some spam on Q2A sites as well, but wouldn't this be solved with a captcha on the registration page?
by
I have CAPTCHA, see my comment above.
0 votes
by
Thanks for the information, good point.

But how were they able to 1. do the Captcha and 2. confirm email address?

That's the built-in antispam I am using...
by
I do the same. I've heard some people say reCAPTCHA is broken and can be used by automated programs. Also, conforming the email address only applies to posting on the site, not editing a user profile.

However, I think this is real people registering on each site and posting the spam. If you look the accounts are not all created at once. There are browser plugins like form helpers that can make it quicker to put all the information in.
+1 vote
by

Thanks for posting about this. Another thing you can do is comment out this line in qa_create_new_user(...) in qa-app-users-edit.php:

qa_db_points_update_ifuser($userid, null);
 
As a result, creating a user with no activity won't show their identity in the list of users, so it won't be visible to your site's users, or to search engines. Unless you click the button to recalculate all points.
 
You can also modify qa_db_top_users_selectspec(...) in qa-db-selects.php to add a minimum threshold on the number of points a user must have to be listed.
Snow Theme by Q2A Market
Powered by Question2Answer
...