Group spam attack
33 views
Skip to first unread message
Pierre Ossman
Dec 11, 2023, 10:30:22 AM12/11/23
to TigerVNC Developer Discussion
Sorry about all the spam that seems to be getting through. We're
continuously marking it as abuse, and it seems to be getting better.
Hopefully, Google are able to update their filters to keep this stuff out.
Regards
--
Pierre Ossman Software Development
Cendio AB https://cendio.com
Teknikringen 8 https://twitter.com/ThinLinc
583 30 Linköping https://facebook.com/ThinLinc
Phone: +46-13-214600
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
continuously marking it as abuse, and it seems to be getting better.
Hopefully, Google are able to update their filters to keep this stuff out.
Regards
--
Pierre Ossman Software Development
Cendio AB https://cendio.com
Teknikringen 8 https://twitter.com/ThinLinc
583 30 Linköping https://facebook.com/ThinLinc
Phone: +46-13-214600
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
DRC
Dec 11, 2023, 11:02:29 AM12/11/23
to Pierre Ossman, TigerVNC Developer Discussion
You need to modify the group settings so that new members are moderated by default. The attack involves bots that automatically create a new Google account, subscribe to a list, spam it, then delete the Google account. If new members are moderated, then the spam will only be sent to the group admin, who can flag it before it reaches the subscribers. If a moderated new member tries to post a legit message, then the group admin will receive it as well, and they can unmoderate the member at that time. I did that with my lists, and apparently the spammers got the hint and stopped trying.
> On Dec 11, 2023, at 10:30 AM, 'Pierre Ossman' via TigerVNC Developer Discussion <tigervn...@googlegroups.com> wrote:
>
> Sorry about all the spam that seems to be getting through. We're continuously marking it as abuse, and it seems to be getting better. Hopefully, Google are able to update their filters to keep this stuff out.
> --
> You received this message because you are subscribed to the Google Groups "TigerVNC Developer Discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to tigervnc-deve...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/tigervnc-devel/f926d979-0f1f-41ba-ae46-2216657b871b%40cendio.se.
> On Dec 11, 2023, at 10:30 AM, 'Pierre Ossman' via TigerVNC Developer Discussion <tigervn...@googlegroups.com> wrote:
>
> Sorry about all the spam that seems to be getting through. We're continuously marking it as abuse, and it seems to be getting better. Hopefully, Google are able to update their filters to keep this stuff out.
> You received this message because you are subscribed to the Google Groups "TigerVNC Developer Discussion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to tigervnc-deve...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/tigervnc-devel/f926d979-0f1f-41ba-ae46-2216657b871b%40cendio.se.
Pierre Ossman
Dec 12, 2023, 8:59:09 AM12/12/23
to DRC, TigerVNC Developer Discussion
On 11/12/2023 17:02, 'DRC' via TigerVNC Developer Discussion wrote:
> You need to modify the group settings so that new members are moderated by default. The attack involves bots that automatically create a new Google account, subscribe to a list, spam it, then delete the Google account. If new members are moderated, then the spam will only be sent to the group admin, who can flag it before it reaches the subscribers. If a moderated new member tries to post a legit message, then the group admin will receive it as well, and they can unmoderate the member at that time. I did that with my lists, and apparently the spammers got the hint and stopped trying.
>
I'd prefer to add more hassle to the process. But if it's hopefully just
> You need to modify the group settings so that new members are moderated by default. The attack involves bots that automatically create a new Google account, subscribe to a list, spam it, then delete the Google account. If new members are moderated, then the spam will only be sent to the group admin, who can flag it before it reaches the subscribers. If a moderated new member tries to post a legit message, then the group admin will receive it as well, and they can unmoderate the member at that time. I did that with my lists, and apparently the spammers got the hint and stopped trying.
>
a temporary measure, then it sounds more worthwhile.
Pierre Ossman
Dec 12, 2023, 9:33:06 AM12/12/23
to DRC, TigerVNC Developer Discussion
On 12/12/2023 14:59, 'Pierre Ossman' via TigerVNC Developer Discussion
wrote:
>
wrote:
>
> I'd prefer to add more hassle to the process. But if it's hopefully just
> a temporary measure, then it sounds more worthwhile.
*prefer to avoid adding more...
> a temporary measure, then it sounds more worthwhile.
DRC
Dec 12, 2023, 11:20:30 AM12/12/23
to Pierre Ossman, TigerVNC Developer Discussion
On 12/12/23 9:33 AM, Pierre Ossman wrote:
> On 12/12/2023 14:59, 'Pierre Ossman' via TigerVNC Developer Discussion
> wrote:
>>
>> I'd prefer to add more hassle to the process. But if it's hopefully
>> just a temporary measure, then it sounds more worthwhile.
>
> *prefer to avoid adding more...
It probably isn't a temporary measure, but personally I would rather
> On 12/12/2023 14:59, 'Pierre Ossman' via TigerVNC Developer Discussion
> wrote:
>>
>> I'd prefer to add more hassle to the process. But if it's hopefully
>> just a temporary measure, then it sounds more worthwhile.
>
> *prefer to avoid adding more...
accept a little bit of hassle on my part than defer that hassle to my
users and potentially drive them away from my projects. The number of
legitimate new subscribers I have had to deal with since changing my
list settings a couple of weeks ago is zero, so thus far, the additional
hassle has also been zero. (Actually it's less, because I don't have to
flag multiple spam messages anymore. The bots engaging in this attack
will always try a test message before flooding the list, so I can flag
that one message and ban the user before the message ever goes
through.) I don't know if this is the case for the TigerVNC groups, but
my groups are being mirrored to at least one mailing list archive.
Simply flagging a message as spam doesn't prevent it from being
mirrored, so unfortunately some of the spam messages to my groups made
it into the mirror before I changed the group settings. That is bad PR
for the projects. As an independent OSS developer, my ability to make a
living depends on the health of my communities, so I don't have the
luxury of hoping that Google is doing the right thing. I already have
users who refuse to use the groups because of anti-Google sentiment, and
every spam message that doesn't get handled bolsters that sentiment.
Just my perspective. You do you.
Reply all
Reply to author
Forward
0 new messages