2013-01-25, 08:49 | Link #1 |
Senior Member
|
does AS have anything to do with Helion research
I am wondering this as I received an e-mail yesterday through my hotmail account (which isn't the account I used to register) from that company advertising a mystery shopper job which I thought was just some unsolicited spam until I noticed the URL it asked me to visit (they did mask the last bit with a few x's, but this is what I saw which has been broken to stop anyone clicking on it).
hXXp://www.helionresearch.com/evaluator/r/animesuki Now I'm not sure if my data was handed to them by this place, or if they crawled the profiles looking for any viable e-mail addresses since the only one they could get from my account was the MSN one (if the latter is the case since user profiles can be viewed by anyone, then it might be a good idea to lock profiles views down to registered users only). |
2013-01-25, 09:42 | Link #2 |
Salt Levels Critical
Join Date: Oct 2007
|
You have the user "HelionResearch" in your list of recent profile visitors (as do I and several other members) so it's a good bet that your theory about profile crawling is correct. Also, you can set your profile to only be viewable by registered users; it's under "Edit Options" in the User CP. Though unfortunately that wouldn't have actually helped in this case since that spam account managed to register and view profiles before being banned.
|
2013-01-25, 15:41 | Link #5 |
Administrator
Join Date: Dec 2003
Age: 41
|
Yeah, this seems like a sort of phishing campaign.
1. Join a forum (become a registered member) 2. Scrape useful data from as many public profiles as you can 3. Send spam that alludes to the forum, hoping that makes it more believable/likely to be clicked The MSN Messenger address is a prime target for this, since it's in the form of a valid/working E-mail address. (But with MSN Messenger being phased out in most places, that problem may be going away.) We'll have to think if there's anything we can do to prevent this, or at least to make it more difficult. But I do thank you for bringing it up, at least so it can be clear that, no, this has nothing to do with the site or its staff, and we certainly do not authorize this use of the Forum Profile data.
__________________
|
2013-01-25, 18:47 | Link #6 |
cho~ kakkoii
Moderator
Join Date: Nov 2003
Location: 3rd Planet
|
Yikes! Well, even when I used to chat, privacy is pretty much the main reason why I've never listed any MSN, ICQ, Yahoo Messenger etc. under my profile. I cringe anytime I see such in any users profile. In this age of cellphone, chatting is dieing a slow death, and even if I want to chat with someone, I would rather PM the person with my info than listing it under my profile.
Perhaps we should just consider disabling the option to add Instant Messaging all together from the user profile, or am I overreacting?
__________________
|
2013-01-25, 19:06 | Link #8 |
Senior Member
Join Date: May 2009
|
|
2013-01-26, 09:11 | Link #11 | |
Senior Member
|
Quote:
I've now done some changes to my profile, removing my MSN details and adding my skype ID. It also looks like the profile visibility option doesn't work since it is set to members only, yet I was able to view my profile without logging in (it looks like that option doesn't cover everything since the rest of the profile that can be viewed without logging in is controlled by the profile privacy section of the user CP as once I'd put my contact details to members only they didn't show if I'm not logged in). |
|
2013-01-26, 21:36 | Link #12 | |
Administrator
Join Date: Dec 2003
Age: 41
|
Quote:
__________________
|
|
2013-02-02, 10:20 | Link #13 | |
…Nothing More
Administrator
Join Date: Mar 2003
Age: 44
|
Quote:
When the option was added the default was set to "Members Only", because I thought that was the best option for new accounts being created. Partly it was for privacy and partly to stop spammers from joining and filling their profiles with links in visitor messages. Most bots (and most human spam teams) don't know to change the option because it is bespoke. However, we didn't want to just change how the forum worked for existing users. Indeed some wanted it to stay as it was. Unfortunately this compromised meant I missed an important detail. The way the form looks if you don't have any value set in the profile option. If the default had been the same as existing users, it wouldn't have been a problem. The forum software correctly sets default options for new profiles, but not existing ones. So while it said "Members Only", because that is the default, your profile didn't actually have the privacy setting set to anything at all, it was blank. The logic that decided if you can see the page was treating this lack of setting as it always had: "everyone can see this page". Changing the setting and saving would correct this. I've since fixed the step I missed before that means the profile correctly reflects how the forum will handle the setting regardless of when you registered (i.e. everyone has a profile visibility set explicitly now). I've also changed the display logic to fail-to-private (so if a blank does creep in again it will fail to members only this time). Oh and I've taken the liberty of changing your settings to Members Only. If you repeat your logged-out viewing test it should block as intended. My apologies for the confusion and any leak of information that may have resulted. |
|
|
|