Postimage spam links

Blog Discussion in 'BeerAdvocate Talk' started by Todd, Sep 17, 2021.

Thread Status:
Not open for further replies.
  1. shkin

    shkin Maven (1,281) Feb 6, 2011 New York

    I'm curious about the technical side of the issue. The second option in Postimage is a direct link to the photo, like `https://<offending_host_url>/<some_hash>/image.png`. If this is used for the image, there is very little Postimage can do to add a spam link. Were people using something else?
     
    IKR, Rug, brewskis and 2 others like this.
  2. MattOC

    MattOC Pooh-Bah (2,100) Jan 13, 2013 Massachusetts
    Pooh-Bah Trader

    I’d been using the 3rd option from the bottom, Hotlink for Forums. If there was something funky after the picture I posted, I always edited and deleted, but it happened few and far between.
     
    woemad, LarryV, Roguer and 3 others like this.
  3. cjgiant

    cjgiant Grand High Pooh-Bah (6,560) Jul 13, 2013 District of Columbia
    Pooh-Bah Society

    From a technical point of view, allowing something like that directly in a forum (without some cleansing or validation) potentially opens a slew of security issues.
     
    mikeinportc and Scrapss like this.
  4. Todd

    Todd Founder (13,254) Aug 23, 1996 Finland
    Staff Super Mod Pooh-Bah Society Trader

    There's a pattern forming as I look at the post, which matches the report from the user who alerted us. The spam seems to be for same site and the posts seem to be from the same users. This could indicate that these users have malware on their end that's injecting the spam via their browser.
     
    teromous, officerbill, Rug and 7 others like this.
  5. shkin

    shkin Maven (1,281) Feb 6, 2011 New York

    Absolutely, no one wants an XSS attack. But a pure image URL is relatively easy to sanitize to prevent that.
     
    Roguer and cjgiant like this.
  6. zid

    zid Grand Pooh-Bah (3,058) Feb 15, 2010 New York
    Pooh-Bah Society Trader

    Personally, I don't really care about karma and likes (they are not valuable)... and I could live with the removal of images from old posts of mine (I use Imgur), but I go back to old posts of mine constantly for information. The information in the BA forum is the most valuable thing about BA for me. Just to use a recent-ish thread of mine as an example, how would this thread read if the first post was entirely deleted? Now imagine that across the history of BA forums that are still accessible. It's a big loss in my eyes.
     
    meefmoff, mikeinportc, IKR and 8 others like this.
  7. shkin

    shkin Maven (1,281) Feb 6, 2011 New York

    Gotcha. That seems less of a problem of the image hosting sites and more of a problem of the forum's malicious content posting prevention.
     
    ChicagoJ likes this.
  8. Todd

    Todd Founder (13,254) Aug 23, 1996 Finland
    Staff Super Mod Pooh-Bah Society Trader

    From the forum's point of view, the user is simply adding a link to another site. That's all we're talking about here, and we have some protections in place for malicious posting.
     
    ChicagoJ and shkin like this.
  9. Todd

    Todd Founder (13,254) Aug 23, 1996 Finland
    Staff Super Mod Pooh-Bah Society Trader

  10. DavetotheB

    DavetotheB Grand Pooh-Bah (3,617) Sep 30, 2017 Pennsylvania
    Pooh-Bah Society

  11. BigIronH

    BigIronH Grand Pooh-Bah (3,718) Oct 31, 2019 Michigan
    Pooh-Bah Society Trader

    I get it. The price we pay to participate on this site.
     
  12. Todd

    Todd Founder (13,254) Aug 23, 1996 Finland
    Staff Super Mod Pooh-Bah Society Trader

    Postimage is currently useable while I investigate. I'm also manually editing out spam links in those 92 or so posts. Someone owes me a beer!

    Please let me know if any services attempt to inject a link into your post.

    Thanks.
     
    hopsputin, jts211, snaotheus and 18 others like this.
  13. Bitterbill

    Bitterbill Grand High Pooh-Bah (6,772) Sep 14, 2002 Wyoming
    Pooh-Bah Society

    I use imgbb. Sometimes there are 2 links ending in url but I always delete the second one cuz I didn't know what it entailed.
     
    woemad, DIM and Roguer like this.
  14. HoppingMadMonk

    HoppingMadMonk Grand Pooh-Bah (4,679) Mar 3, 2017 New Jersey
    Pooh-Bah Society Trader

    Sorry that you have all this extra work added to what is probably already a heavy amount of work.
    Seeing as my name was on the list is there anything we can do to help or try and prevent this happening again??
     
  15. Specialmick

    Specialmick Pooh-Bah (2,018) Aug 26, 2019 Connecticut
    Pooh-Bah Society

    I guess I am in the doghouse with the the founder.Oh shit. I was just following the advice of fellow advocate @LarryV . He told me to do it HAHA . ya use postimage it woks so easily now I am the bad guy. I guess I am going to use IMGUR now
     
    LarryV likes this.
  16. Todd

    Todd Founder (13,254) Aug 23, 1996 Finland
    Staff Super Mod Pooh-Bah Society Trader

    Yeah. Check your post before and after you submit, and remove any links. :+1:
     
    hopsputin, snaotheus, Rug and 10 others like this.
  17. ChicagoJ

    ChicagoJ Grand Pooh-Bah (4,073) Feb 2, 2015 Illinois
    Pooh-Bah Society Trader

    Yes, I noticed the links road few of the users noted above, but never felt the urge to click the link below the photo.

    Thanks for your efforts with this.
     
    DavetotheB likes this.
  18. HoppingMadMonk

    HoppingMadMonk Grand Pooh-Bah (4,679) Mar 3, 2017 New Jersey
    Pooh-Bah Society Trader

    I usually always go back and delete attachments I didn't add but will be more diligent in the future.
    Thanks for keeping the site safe
     
    woemad and DavetotheB like this.
  19. jvgoor3786

    jvgoor3786 Grand Pooh-Bah (4,186) May 28, 2015 Arkansas
    Pooh-Bah Society Trader

    Once I noticed the links I began removing them prior to posting. It's pretty easy to do. The links are clear at the end of the URL.
     
  20. MacMalt

    MacMalt Grand High Pooh-Bah (6,658) Jan 28, 2015 New Jersey
    Pooh-Bah Society Trader

    The one positive from this situation is that many of us have learned how to use Imgur in case postimages becomes unavailable. Who says an old dog can't learn a new trick.
     
Thread Status:
Not open for further replies.