PDA

View Full Version : forum image spam - similar to email image spam


rrr
03-20-2009, 04:57 PM
I'm noticing a trend of a new kind of forum spam where real users signup for multiple forums and make "real sounding" posts.

At the end of their posts, they include a tiny 1x1 pixel image from a random image hosting service using the [img] tag so that you can't even see it or notice it within the post.

I did some google searching and noticed the same small image posted on dozens of differerent forums.

Our guess is somewhere down the line, this person will change the image from a "harmless" 1x1 pixel to some type of advertising/obscene/obnoxious image like those seen in email image spam.

My question: is there a way to combat this as a forum admin? Block the use of the img tag for certain usergroups? Another solution?

There's this mod (https://vborg.vbsupport.ru/showthread.php?t=178611) that blocks members from posting images and links if they have fewer than 15 posts, but I don't want to block new members from posting their link in our intro area, so that mod would be too far reaching.

There's also this mod from Cyb (https://vborg.vbsupport.ru/showthread.php?t=177704) that adds advanced permissions, but it also lumps links and images together, instead of just blocking the embedded [img] tag.

Does anyone know of a mod that *just* will block the [img] tag for members of a certain usergroup or a certain amount of posts?

rrr
03-23-2009, 03:30 PM
anybody have any suggestions?

J105C
03-24-2009, 09:09 AM
Well if you know the image link you can simply use the Replacement Variable Manager to change the image URL.

AdminCP>Styles & Templates>Replacement Variable Manager

Then select, 'add new replacement variable' next to each active skin and copy the ENTIRE or PART of the 1px image URL and paste it into the section, 'Search for Text' then enter a new image URL into the section, 'Replace with Text'.

That should fix ALL the 1px images from ever showing. If there are TONS of different trailing image file names I would create a new replacement variable for the base domain name to result in a red X.

Jafo232
04-21-2009, 03:35 AM
Problem here is, they are using multiple domains, in fact, I am a bit surprised an attacker would have this many. I am seeing this beginning to crop up.