Postimage spam links

Discussion in 'BeerAdvocate Talk' started by Todd, Sep 17, 2021.

  1. Todd

    Todd Founder (6,504) Aug 23, 1996 California
    Staff Moderator Fest Crew Society Trader

    Heads up for those of you who use Postimage for hosting and sharing your beer images.

    It's been brought to my attention that in some cases spam links are being injected when users embed beer pics in threads like, but not limited to, What beer are you drinking now? and New Beer Weekend when using Postimage.

    As such, the service is currently blocked to help protect the site.

    Additionally, I might be forced to purge past posts that contain embeds from Postimage. If so, this will impact the number of posts and likes for some users.

    Thanks for your understanding.
     
    mikeinportc, Peach63, REVZEB and 7 others like this.
  2. BigIronH

    BigIronH Champion (845) Oct 31, 2019 Michigan
    Society Trader

    For those of you who might not be aware of where to go next, IMGUR is a perfectly acceptable alternative and it works nearly the same way to my understanding. Add your photos, post them; either public or private which you will be given the option of, and then copy image link and paste into the image url box. Easy as pie. Cheers all.
     
  3. DrStiffington

    DrStiffington Meyvn (1,229) Oct 27, 2010 New Jersey

    That’s too bad. I started using post images because Imgur stopped working for me. No more pics I guess.
     
    tzieser, REVZEB, eppCOS and 3 others like this.
  4. Brugesman

    Brugesman Initiate (62) Apr 22, 2020 California
    Trader

    Thanks for letting us know. That is the only way I have learned to post images. Perhaps other Advocates can suggest alternatives.
     
    REVZEB and BigIronH like this.
  5. DavetotheB

    DavetotheB Champion (899) Sep 30, 2017 Pennsylvania

    Sorry to hear this. I had actually been manually deleting the spam links in the postimage link before posting. There did seem to be an uptick in the number of spam links over the past week or so. Guess I get to learn something new! Thanks and Cheers!
     
    Shanex, woemad, BigIronH and 3 others like this.
  6. beergoot

    beergoot Poo-Bah (7,519) Oct 11, 2010 Colorado
    Society Trader

    Perhaps too early to call, but will this be a permanent block?
     
    Shanex, BigIronH and ChicagoJ like this.
  7. DIM

    DIM Poo-Bah (3,141) Sep 28, 2006 Pennsylvania
    Society

    Same here
     
    REVZEB, woemad and BigIronH like this.
  8. Todd

    Todd Founder (6,504) Aug 23, 1996 California
    Staff Moderator Fest Crew Society Trader

    @DIM: Thanks for letting me know about imgbb. I've blocked them too.
     
    Shanex, DIM and BigIronH like this.
  9. Todd

    Todd Founder (6,504) Aug 23, 1996 California
    Staff Moderator Fest Crew Society Trader

    As of right now, yes.
     
    BigIronH and beergoot like this.
  10. BBThunderbolt

    BBThunderbolt Poo-Bah (8,935) Sep 24, 2007 Kiribati
    Society Trader

    Whelp, I started using post images because Imgur got too cranky. I'm not even gonna bother any more.
     
    rodbeermunch, Shanex, woemad and 6 others like this.
  11. ChicagoJ

    ChicagoJ Meyvn (1,399) Feb 2, 2015 Illinois

    Will Beer Advocate join Untappd in the 21st century and allow users to upload photos directly, or is this a pipe dream?
     
    Rug, REVZEB, Shanex and 12 others like this.
  12. DrStiffington

    DrStiffington Meyvn (1,229) Oct 27, 2010 New Jersey

    Would be really cool if BA had a feature where we could just upload or paste pics from our own photos on our phones.
     
    rodbeermunch, Rug, REVZEB and 8 others like this.
  13. BigIronH

    BigIronH Champion (845) Oct 31, 2019 Michigan
    Society Trader

    I’ve seen a couple complaints about Imgur. What exactly is happening, fellas?
     
    mikeinportc and ChicagoJ like this.
  14. Todd

    Todd Founder (6,504) Aug 23, 1996 California
    Staff Moderator Fest Crew Society Trader

    Allowing users to attach pics to forum posts directly from their devices should be an option with the next major forum upgrade.
     
  15. Roguer

    Roguer Poo-Bah (6,264) Mar 25, 2013 Connecticut
    Moderator Society Trader

    @Todd I'm not sure which image hosting sites are going to be immune to this - and stay around. Various sites over the last few years have gone dead, or behind a user wall (if you're not logged into their service, you can't see someone else's photos).

    But the spam link, if I understand this correctly, is an additional link below the photo, kind of like:

    [Picture]
    [Seven great recipes that turtles love!]

    In the case of both postimages and imbb (the most reliable hosts I've used in a long time now), that link - when it shows up - can very easily be deleted from the user's post.

    Might it be a better approach to delete posts that don't appropriately "trim" those spam links, instead of banning the entire host? I worry that we will soon have no photo hosts, at the rate things are going.

    Or perhaps I'm not understanding how the spam is getting embedded in the links. I'm not programming-savvy. :slight_smile:
     
  16. BillAfromSoCal

    BillAfromSoCal Disciple (361) Aug 24, 2020 California

    IMGUR will, on occasion, get wonky and fail to process images in a way that successfully saves them or it fails to allow a valid link to the picture to be copied so that it can be pasted elsewhere (like here at BA). I'm sure there are more technically correct descriptions of the issue, but I am a beer drinker and not an IT guy. I don't expect to have to troubleshoot IT systems or understand this stuff just to post a picture like I do very easily on other social media platforms every day. In my experience, the problems at IMGUR seldom last more than a couple hours. However, I agree with others....at some point the effort to post pictures is not worth it. My activity related to anything that benefits from posting pictures here is rapidly declining.
     
    #16 BillAfromSoCal, Sep 17, 2021
    Last edited: Sep 17, 2021
    Shanex, woemad, Beersnake1 and 4 others like this.
  17. Todd

    Todd Founder (6,504) Aug 23, 1996 California
    Staff Moderator Fest Crew Society Trader

    @Roguer: I would need to investigate things a bit more, but we're talking hundreds, maybe even thousands, of posts that would need to be manually edited. (Some of the spam is also hidden.) Or we'd need to develop a script to scan the entire forum and remove the spam without damaging the posts.
     
    mikeinportc, Rug, Shanex and 3 others like this.
  18. zid

    zid Poo-Bah (1,636) Feb 15, 2010 New York
    Society Trader

    If things get to a point where past posts are deleted, BA will lose a ton of content and thread coherency will be lost. I really hope there is an alternative if steps need to be taken with old posts.
     
  19. woodchipper

    woodchipper Meyvn (1,413) Oct 25, 2005 Connecticut
    Society

    @Todd -Thanks for keeping the site "clean".
     
    mickyge and Roguer like this.
  20. Roguer

    Roguer Poo-Bah (6,264) Mar 25, 2013 Connecticut
    Moderator Society Trader


    Yeah I get that. I just fear that we are about to run out of image hosts. Once embedding images is integrated into the site, that won't matter - except for past content, as @zid mentioned.

    I don't think people are frequently revisiting images from years-old threads, so perhaps the script could remove the links, but not the posts themselves - which would spare users the loss of likes, karma, contributions, etc. Things that shouldn't really matter, but of course, they do. :slight_smile:
     
  21. shkin

    shkin Initiate (155) Feb 6, 2011 New York

    I'm curious about the technical side of the issue. The second option in Postimage is a direct link to the photo, like `https://<offending_host_url>/<some_hash>/image.png`. If this is used for the image, there is very little Postimage can do to add a spam link. Were people using something else?
     
    IKR, Rug, brewskis and 2 others like this.
  22. MattOC

    MattOC Zealot (517) Jan 13, 2013 Massachusetts
    Trader

    I’d been using the 3rd option from the bottom, Hotlink for Forums. If there was something funky after the picture I posted, I always edited and deleted, but it happened few and far between.
     
    woemad, LarryV, Roguer and 3 others like this.
  23. cjgiant

    cjgiant Poo-Bah (5,725) Jul 13, 2013 District of Columbia
    Society

    From a technical point of view, allowing something like that directly in a forum (without some cleansing or validation) potentially opens a slew of security issues.
     
    mikeinportc and Scrapss like this.
  24. Todd

    Todd Founder (6,504) Aug 23, 1996 California
    Staff Moderator Fest Crew Society Trader

    There's a pattern forming as I look at the post, which matches the report from the user who alerted us. The spam seems to be for same site and the posts seem to be from the same users. This could indicate that these users have malware on their end that's injecting the spam via their browser.
     
    teromous, officerbill, Rug and 7 others like this.
  25. shkin

    shkin Initiate (155) Feb 6, 2011 New York

    Absolutely, no one wants an XSS attack. But a pure image URL is relatively easy to sanitize to prevent that.
     
    Roguer and cjgiant like this.
  26. zid

    zid Poo-Bah (1,636) Feb 15, 2010 New York
    Society Trader

    Personally, I don't really care about karma and likes (they are not valuable)... and I could live with the removal of images from old posts of mine (I use Imgur), but I go back to old posts of mine constantly for information. The information in the BA forum is the most valuable thing about BA for me. Just to use a recent-ish thread of mine as an example, how would this thread read if the first post was entirely deleted? Now imagine that across the history of BA forums that are still accessible. It's a big loss in my eyes.
     
    meefmoff, mikeinportc, IKR and 8 others like this.
  27. shkin

    shkin Initiate (155) Feb 6, 2011 New York

    Gotcha. That seems less of a problem of the image hosting sites and more of a problem of the forum's malicious content posting prevention.
     
    ChicagoJ likes this.
  28. Todd

    Todd Founder (6,504) Aug 23, 1996 California
    Staff Moderator Fest Crew Society Trader

    From the forum's point of view, the user is simply adding a link to another site. That's all we're talking about here, and we have some protections in place for malicious posting.
     
    ChicagoJ and shkin like this.
  29. Todd

    Todd Founder (6,504) Aug 23, 1996 California
    Staff Moderator Fest Crew Society Trader

  30. DavetotheB

    DavetotheB Champion (899) Sep 30, 2017 Pennsylvania

  31. BigIronH

    BigIronH Champion (845) Oct 31, 2019 Michigan
    Society Trader

    I get it. The price we pay to participate on this site.
     
  32. Todd

    Todd Founder (6,504) Aug 23, 1996 California
    Staff Moderator Fest Crew Society Trader

    Postimage is currently useable while I investigate. I'm also manually editing out spam links in those 92 or so posts. Someone owes me a beer!

    Please let me know if any services attempt to inject a link into your post.

    Thanks.
     
    hopsputin, jts211, snaotheus and 18 others like this.
  33. Bitterbill

    Bitterbill Poo-Bah (7,879) Sep 14, 2002 Wyoming
    Society

    I use imgbb. Sometimes there are 2 links ending in url but I always delete the second one cuz I didn't know what it entailed.
     
    woemad, DIM and Roguer like this.
  34. HoppingMadMonk

    HoppingMadMonk Poo-Bah (2,412) Mar 3, 2017 New Jersey
    Society Trader

    Sorry that you have all this extra work added to what is probably already a heavy amount of work.
    Seeing as my name was on the list is there anything we can do to help or try and prevent this happening again??
     
  35. Specialmick

    Specialmick Aspirant (259) Aug 26, 2019 Connecticut

    I guess I am in the doghouse with the the founder.Oh shit. I was just following the advice of fellow advocate @LarryV . He told me to do it HAHA . ya use postimage it woks so easily now I am the bad guy. I guess I am going to use IMGUR now
     
    LarryV likes this.
  36. Todd

    Todd Founder (6,504) Aug 23, 1996 California
    Staff Moderator Fest Crew Society Trader

    Yeah. Check your post before and after you submit, and remove any links. :+1:
     
    hopsputin, snaotheus, Rug and 10 others like this.
  37. ChicagoJ

    ChicagoJ Meyvn (1,399) Feb 2, 2015 Illinois

    Yes, I noticed the links road few of the users noted above, but never felt the urge to click the link below the photo.

    Thanks for your efforts with this.
     
    DavetotheB likes this.
  38. HoppingMadMonk

    HoppingMadMonk Poo-Bah (2,412) Mar 3, 2017 New Jersey
    Society Trader

    I usually always go back and delete attachments I didn't add but will be more diligent in the future.
    Thanks for keeping the site safe
     
    woemad and DavetotheB like this.
  39. jvgoor3786

    jvgoor3786 Poo-Bah (2,181) May 28, 2015 Arkansas
    Society Trader

    Once I noticed the links I began removing them prior to posting. It's pretty easy to do. The links are clear at the end of the URL.
     
  40. MacMalt

    MacMalt Poo-Bah (5,016) Jan 28, 2015 New Jersey
    Society Trader

    The one positive from this situation is that many of us have learned how to use Imgur in case postimages becomes unavailable. Who says an old dog can't learn a new trick.