Current wave of spammy friend requests

Forum » BookCrossing Site Announcements | Refresh | Search

Sort Options 

Complete Thread
Just a quick note for the time being:

The whole team is aware and since hours the Volunteer Support Team is doing all they can in blocking spammy accounts that you are reporting!

I've been on the road for a few hours but meanwhile have done some investigation.

I'll report in more detail later (don't hold your breath, may not be today ...).
Right now I rather spend my time breaking this wave.

==== 1st. short update: ==

a) After some analytic I've blocked those spam accounts by different methods.
Those spammy Friend Requests have instantly stopped.
However, to some extent I had to use emergency measures, which means that may turn out not to be thorough enough, we'll see tomorrow ...

b) All suspicious Friend Request have been removed (of course not the emails that already have been sent out ;-> ), even if they already had been accepted.

c) It appears that those spammy accounts in fact have formerly been accounts of BookCrossers "in good standing", some even with books registered etc.
Apparently their accounts have been "hijacked", most likely because they were re-using credentials (email + password) that they've used elsewhere and where those have been stolen from.
I've checked a sample of those accounts against https://haveibeenpwned.com/ and almost all of them were hits, some credentials were found in even more than 10 breaches that happened throughout the past years!

==>> Don't use the same combo of email-address/login-name and password on different websites!
==>> Change your password(s) *now* if you realize you're re-using them in different places!

==== Next Morning update ==

Turns out they've indeed changed their strategy and since a few hours they've started again.

I may need to fully disable sending Friend Requests for now.
If that happens there will be a separate Announcement.

==== Update: ==

Sending Friend Requests has been - supposedly fully - disabled for now.


==

[Note from Support - we no longer need members to report these Friend Requests via Contact Us. Thank you]

 

thank you very much. It's a strange thing that the requests are from different people.

 

Good luck with the detective work!

 

 

+1

 

 

für die rasche Bearbeitung!🌼🌺💐

 

für die rasche Bearbeitung!🌼🌺💐

+1

 

Ive had two of those recently

 

Thank you!

 

Thank you!

 

Thanks :D

 

I've had a couple too - thanks for all your hard work in keeping the site spam free.

 

 

wingardikwing 1 mo ago
short update
==>> Don't use the same combo of email-address/login-name and password on different websites!
==>> Change your password(s) *now* if you realize you're re-using them in different places!


a) After some analytic I've blocked those spam accounts by different methods.
Those spammy Friend Requests have instantly stopped.
However, to some extent I had to use emergency measures, which means they may turn out not to be thorough enough, we'll see tomorrow ...

b) All suspicious Friend Request have been removed (of course not the emails that already have been sent out ;-> ), even if they already had been accepted.

c) It appears that those spammy accounts in fact have formerly been accounts of BookCrossers "in good standing", some even with books registered etc.
Apparently their accounts have been "hijacked", most likely because they were re-using credentials (email + password) that they've used elsewhere and where those have been stolen from.
I've checked a sample of those accounts against https://haveibeenpwned.com/ and almost all of them were hits, some credentials were found in even more than 10 breaches that happened throughout the past years!

==>> Don't use the same combo of email-address/login-name and password on different websites!
==>> Change your password(s) *now* if you realize you're re-using them in different places!

 

 


*T*H*A*N*K* *Y*O*U* Support Team members and the wonderful ardik for keeping our forum safe from these people :)

Only rc'd one, and didn't open it, having read this link first

Guess where the email is going? :)

 

Thanks so much!

 

Received first one today from Dokybanana. LOL It seemed odd but I would never turn down a request until I checked it here first, so thanks for the due diligence!

 

Thank you!

 

roanporter76 1 mo ago
Roan
Thank you!
Spammy link removed.
You're welcome!

 

winghyphen8wing 1 mo ago
RE: Roan
Really? Spam reported.

 

wingardikwing 1 mo ago
RE: Roan
Groan rather ... ;-]

 

[...]

== 1st. short update:

a) After some analytic I've blocked those spam accounts by different methods.
Those spammy Friend Requests have instantly stopped.
However, to some extent I had to use emergency measures, which means that may turn out not to be thorough enough, we'll see tomorrow ...

[...]


Thank you so much, but today it seems not to be solved. I get the next one (trippy1976) this morning at the same time as the BookCrossing Alerts Summary.

 

- It's eight in the morning, not my preferred time to work ... ;->
- They are back ... :-(


Turns out they've indeed changed their strategy and since a few hours they've started again.

I may need to fully disable sending Friend Requests for now.
If that happens there will be a separate Announcement.

 

At 6.15 this Morning .
In Germany.
jabba65

Thanks for all.

 

Yesterday from Idealchocolate
and today from JHandy

Many thanks


 

Me too again

pistachoo

 

Me too again

pistachoo

Me too:
petojoke

 

So do I : archalain_costa

 

(Zoidberg voice)

Thanks, support team!

 

https://www.bookcrossing.com/---/unm - this account has been suspended, and friend request is about 2 hours old

previous request was from https://www.bookcrossing.com/---/fvillava - also now suspended - however i note the profile now includes a link to a blog which wasn't there yesterday (it was totally blank)

they still be trying.... and trying ...

; )

 

Yep, here's another one: kumarmahesh
spam reported to support.

 

for keeping us informed and for all the work you do for this site.

 



 

Another one for me today : I received an Friend Alert from CMBarton80.

 

By the way after all this is sorted, could we have an option to delete friend requests which we received but didn't accept? They stay as sort of pending right now...

 

By the way after all this is sorted, could we have an option to delete friend requests which we received but didn't accept?


Yes, yes, that's how it rather should be, in my humble opinion.

 

Thanks again ardik for your hard work.
I know there are tons of small or larger features that need improving/correcting around the site -and there is so much one can do...

 

 

I got a couple of them - very mysterious why I was getting friend requests from them.

Thanks for figuring things out.

 

 

wingBookgirrlwing 4 wks ago
Priya111
As Jackie Gleason used to say (playing Ralph Cramden) - "To the MOON, Alice!"

 

Well, that's what I get for trying to be friendly :P I thought it was a former BCer looking to come back to the site, so I wanted to be nice and welcoming and accept their request. Thanks for keeping on top of this!

 

KS_Art 4 wks ago
Hi
Thanks

 

ToxicGinger704 and Koto57; I'm afraid I was too busy and ignored them, and now after reading this, I'm glad I did.
Edited to say I just checked, and both accounts have been suspended. Good work!!

 

Are you sure you want to delete this item? It cannot be undone.