Looks like we’ve had a wave of porn bots hit recently. Screenshot is a sampling of what’s popping up on my threads feed when sorted by new.

A heads up to @ernest and to folks with magazines that might get hit by these guys. Looks like they’re submitting from a couple of different domains, so it’s difficult to block them from the user side, and some admin action might be necessary.

EDIT: ernest has removed the accounts and content, looks like all is well.

  • DarkThoughts@kbin.social
    link
    fedilink
    arrow-up
    17
    ·
    1 year ago

    DON’T CLICK ON THEM! They use multiple redirects which potentially leads them to load websites in the background that could infect your system.

  • DeusHircus
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    My feed just got completely flooded by them, all from random. All of them have a very sketchy looking URL, might not even be porn but porn-bait with something more malicious on the other end

    • Arotrios@kbin.socialOP
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      Yep - 100% a bot phishing attack - seen it a bunch on other sites I’ve run in the past. Probably goes without saying, but don’t click the links. I’ve been reporting them as I block so the admins have a paper trail for when they’re ready to purge the accounts.

  • ernest@kbin.social
    link
    fedilink
    arrow-up
    9
    ·
    1 year ago

    @Arotrios The magazines have been cleaned up and I’ve deleted the associated accounts. If this happens again, I’ll apply a temporary fix. And if the campaigns cease, I’ll work on a more comprehensive solution. Thanks for reaching out.

  • acastcandream@beehaw.org
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    1 year ago

    PSA for Mac OS users: get little snitch mini. Best protection against harmful URL redirects and such, especially coupled with uBlock Origin.

    • Arotrios@kbin.socialOP
      link
      fedilink
      arrow-up
      19
      ·
      1 year ago

      I would, but it’s not just one server they’re submitting - they’re pushing multiple domains.

      That being said, I think I’ve reported and blocked all of them, and my feed is clear now - there were about 20 - 30 accounts in total. This indicates that someone manually set them up by going through Kbin’s login process - if they had built a bot that could hack the login, we’d probably see numbers in the hundreds.

  • Arotrios@kbin.socialOP
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    And still coming in at a rate of about 10 every two hours… 6:30am PST, 17 hours from original post

  • Arotrios@kbin.socialOP
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Update 11 hours from original post - 12:45am PST - still catching them. Got another 10. It looks like they’re firing off roughly every three hours.

  • Brkdncr@kbin.social
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Might need to throttle posts from anyone to a single domain that isn’t already allow listed.

    • Arotrios@kbin.socialOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      @ernest nixed them already. Note that according to reports, the porn wasn’t good and the sites full of malware and redirects.