Here's Why It's FOSS Community Forum is Being Targeted by Spammers!

You folks may have seen another wave of spam accounts in the forum.

Why is that? What do these spammers want?

Let me tell you why this community forum is being targeted.

Lately, Google search has changed and it wants to show discussions from real people in the search results. Reddit takes the top spot but many older, reputed forums have seen increased visibility in the incoming traffic from Google.

It’s FOSS Community has also seen a tremendous boost in traffic. Google recognizes it as one of the trusted platforms where real people discuss topics.

Now, the spammers want to leach off this rise in popularity.

Forums are usually easy target as they might not be well regulated and spammers are also smart as they use AI to create topics that may seem like a genuine question or disucssion.

One of the many strategies is to create a topic on a certain topic and then use another account to drop a supposed solution link the replies. This happens a lot on Quora while active subreddits are strict on such maneuvers.

Some other spam accounts are more direct. They will create a new topic with “Helpline number for XYZ company” and there they will list a few phone numbers.

The idea is that by the time moderators see it (or perhaps it will stay if teh forum is not regulated), the numbers might get into Google Search results, specially, if the same numbers are mentioned as customer care number is numerous forums. This might trick Google and its snippet/AI overview to wrongly associate the fake number for the helpline number.

People are reliant on Google and often trust whatever is the first result. So anyone looking for ‘customer care number for XYZ company’ and Google shows them this fake number or they land on a page where this fake number is listed as customer care number.

They call this number and get tricked into beliving that they are speaking to actual customer care who eventually will ask to install a remote desktop applicatio to help you out and use it to clean your bank accounts. This is a standard scamming that is going on in India at least and local newspapers here are filled with people being scammed like this.

The worst part is that these scammers are often part of a more organized international scamming groups operating from Myanmar, Combodia, Vietnam and China.

TLDR;

It’s FOSS Community is getting very good traffic from Google and spammers want to misuse it to show fake helpline numbers in most cases.

10 Likes

Well at least there is a positive side to this.
I think all of your regulars try hard to lift the standard of itsFOSS forum, so it is nice to hear some positive feedback.

3 Likes

Although not linux users this week I have had 3 windows users in my workshop who fell foul to this. One was on windows 8 and paid 800 euros for technical support for the year before realising it was a scam. They installed anydesk, took control of his machine and attacked his banking log in. The bank stopped it and informed him hence his visit to me. Took a few hours to sort. He will not change to linux prefers windows 8, but he is 80 plus and very old set in his ways.

The other 2 are now on lmde !
They would not say how much they lost through the calls made, just that it was reported to bank and police.

4 Likes

Can you tell Akismet to outright reject any attempted post containing a phone number?

1 Like

There are filters and such posts are held up in moderation queue. Automated rejection is something I would avoid. It could lead to rejecting (rare) legit posts.

5 Likes

That’s sad to hear! At least it has one upside: we get more traffic. But yeah, spammers are not good and I have already have made HORRIBLE experiences with them on other forums.

EDIT: I think I found a vulnerability, the Invite button. It is supposed to instantly grant access for up to 10 accounts. This might be used by the spammers for new account creation, see screenshot.

3 Likes

Thank you. Although I don’t see this feature being utilized for spam yet, I have changed settings to stop its misuse.

7 Likes

Don’t know if its just me but when replying to site messages it’s now taking much longer to save the message I type in reply.

Edit is fine, takes a while to pull back the message. But then click save edit and get the spinning save message for 2 or 3 mins before updated. and my other connections are fine just this site.

That happens sporadically.

It also takes some time to update notifications.

My guess is the server is busy.

2 Likes

I don’t want to sound paranoid in old age, but whole continents need, for reasons of data protection, to move away from the current quasi-monopolies. We should, therefore, be expecting attacks that, however insidious, may look like plain spam but are in fact concerted and well aimed.

The Munich Linux initiative was abandoned for reasons that have been discussed. The French Gendarmerie (police) has been using Linux for years, but that’s an exception in a closed environment with its own IT service. Recent official initiatives include Denmark, and the Lyon public authorities in France – let’s hope they succeed.

The most recent potentially suspicious example: on Mastodon*

https://piaille.fr/@chrislee/114952042484279079 there’s a question “What’s the one Linux command you can’t live without?” Is the underlying intention to spread the notion that Linux is the reserve of geeks?

*I tend to confuse the different servers and the present forum.

The situation is not helped by bugs and design faults of unknown origin. Recently, Ubuntu was bugged by the libpciaccess update problem, which prevents machines with certain video cards from starting. There’s plenty of geek discussion on the web, but nobody discussed how it would be fixed by people who can’t intervene in the boot sequence or use the terminal. No talk of an update for the update and how to install it.

A long-standing fault with the Ubuntu derivative Mint is that the computer hangs during big file transfers (backing up the family photos…). Perhaps Canonical is used to dealing with clients who have their own IT department, but this doesn’t help our clients for recycled Windows machines (generally Mint), who are usually in contact anonymously via the local food bank. Of course, Windows does sometimes crash, but people sometimes (not always) know where to get help.

Perhaps it’s too easy for someone to sneak bugs into FOSS operating systems and software. If Linux desktop is going to go mainstream, some kind of instance with supervisory powers may be needed. How about the European Union of 27 nations?

On the software side, I’m one of many who have published rants about design faults in LibreOffice which render it nearly useless for normal home, school and business activities. While you can subscribe to a commercial online version of LibreOffice associated with the Ionos HiDrive cloud storage service, it seems reasonable to ask what are the influences that prevent it from being fixed for general use, and how might these presently hypothetical influences be countered.

1 Like

So we abandon Microsoft and create Linux-monopoly instead.

If you want that go to Apple.

What you really mean is you want nations to control the monopoly, not commercial international outfits?

I think I like Linux the way it is. Lots of little units each evolving in its owm direction, in response to niche opportunities. Like a biological population. It will discover more that way, but it may leave a trail of unfixed issues, as you describe. We have to live with that, it is the price of freedom.

Users should sit back and cherry pick what evolves…. not try to control it….. as I said, if you want control, go to Apple or do it yourself.

4 Likes

I have this fear that Linux one day becomes like Windows or MacOs: controlled by a few people.

2 Likes

That sort of exists now in Apple and BSD.

Linux is different. There is control in kernel development but it is benevolent. What will happen after Linus Torvalds is a good question.

The userland part of Linux is a free for all. The GNU influence is declining.

2 Likes

You know how fragmented the Linux community is? There’s a shitload of projects, each with their own maintainers. Most of them are one-man shows, but others are definitely huge and are maintained by multiple (sometimes in the order of hundreds, or even thousands (in the case of the Linux kernel)) individuals.

If someone tries to take control, there’s always a rebel somewhere. An example of this is systemd. Loads of distributions adopted it. However, on DistroWatch lists 86 distributions which chose not to use systemd, for one reason or the other. There’s always those who choose differently.

Yes, there is commercial interests with Linux. Red Hat, Suse, and Ubuntu do their own thing. Most notably Ubuntu tries to get a lot of control with it’s snap package format, but even there there are competitors - actually getting used (FlatPak and AppImage) - which provide solid competition. That’s the beauty of the FLOSS community; no way in hell it’s getting bottled up. There’s always a rebel somewhere.

I don’t envy the person trying to centralize the Linux community in such a way it becomes a walled garden.

4 Likes

Hi. I use LibreOffice every day, in my job and personally and in general am very happy with it. Could you please point me to some critics regarding the mentioned design faults?

Btw, hi to you all. I’m new to this community. Up to now I just read the itsfoss articles.

5 Likes

And if someone relinquishes control , there is always someone able to pick up the pieces and continue maintaining some piece of software.
This is only possible because of open source.

If the maintainer of closed source software gives up, users are in trouble.

1 Like

I am in the same group, never had any cause to complain, does just what it says on the box without issue. only time I have experienced any is in conversion of a word document of PowerPoint they dont appear the same but If I stick with libreoffice everything works

2 Likes

The two I remember are old and apparently unsolved ones. So old I don’t have a record even of my own contributions.

With the Calc spreadsheet you can’t/couldn’t protect the sheet while still allowing data entry. It might be a sales quotation or invoice issued by a micro-enterprise, where an accidental change to the layout could have nasty consequences. Perhaps less serious with a school worksheet or homework assignement, though teachers may have other things to worry about.

Here’s a link, which gives a link to the prehistory which seems to be inaccessible: Protect sheet options - English - Ask LibreOffice

The commercial offering WPS Office make use of this bug as a ‘selling point’. When I tested it a few years ago, it displayed a big self-adulatory pop-up. WPS is a bit expensive after the first year, but I liked it because it has original ways of doing things.

This sort of issue helps explain why businesses favour bespoke locked-down database applications, so (very old joke) your know-it-all boss can’t crash the company with a typing error in Excel.

…..

The other ancient bug is in fact a complete set of bugs: Libreoffice (Calc, Writer & I don’t know what else) has many difficulties with date, time and number formats. For example, the date you type isn’t always the date you get. Just one link, a recent one about dates:

The above link doesn’t mention the chaos that strikes when your document is opened in a different locale (country) that has different formatting conventions; I won’t try to describe what happens if the language is different as well.

A least in the old bug reports, the trouble was ascribed to a design fault that can’t be corrected because that would mean changing the Open Document File specifications.

1 Like

Microsoft is just as problématique

That says it all.
Using a spreadsheet for data entry is like typing data directly into a running interactive program. One slip and you are dead.
We used to use a dedicated C program for data entry… and it included a verify mode where you typed it all in a second time to catch errors.
The old idea was to do data entry offline, independent of any computing. Breaking jobs down into steps is a fundamental concept. Modern interactive computing seems to have lost this idea.

1 Like