(Archived) Has the Evernote Forum Been Hacked?

[JMichaelTX 4,117]

I've been getting a lot of obviously inappropriate new topic notifications recently.  Most of them are about either movies, tv shows, or escort services.  Had over 10 of these last night, and it seems to have been going on for months.

 

So, it makes me wonder:  Has the Evernote Forum been hacked?

[spg SCOTT 736]

It is called spam, much like any forum, we get it too. Quite aggressively in the last few days.

I would suggest not subscribing to whole forums.

[JMichaelTX 4,117]

Thanks, Scott.  I did recognize it as spam.  LOL

 

But the reason I suspect hacking is that you have to have an Evernote account to post here.

Seems like that should eliminate most of the normal spam.

 

Maybe the Evernote service and/or forum should use one of those graphic verifications that I hate.  :-)

[gbarry 2,658]

But the reason I suspect hacking is that you have to have an Evernote account to post here.

Seems like that should eliminate most of the normal spam.

 

It does elminate all the normal bot spam, but you'd be surprised at how many accounts are manually created just to get spam up onto these forums.  It's very weird.  I suspect people somewhere are paid a very, very (very) low wage to manually create accounts--and if that's happening, then no amount of CAPTCHA is going to prevent them from coming in here.

 

This is really where our Evangelist team comes in handy, and our membership can help too.  If anyone trips over spam, hit the report button (takes a split second) and the mod team will go in there and clean it up.  The more popular this space gets (and it's pretty dang popular) the more of this we'll get. 

[JMichaelTX 4,117]

  I suspect people somewhere are paid a very, very (very) low wage to manually create accounts--and if that's happening, then no amount of CAPTCHA is going to prevent them from coming in here.

 

 

Yeah, I get that.  Sad but true.  But still, the CAPTCHA might slow them down, make it too hard to be worthwhile, so they move on to easier targets.

 

I assume you guys have looked at tracking/rejecting based on IP address and/or domain?

 

So if the forum has NOT been hacked, then GREAT!  That was/is my real concern.  Spam is a nuisance that we all have learned to live with, unfortunately.  :-(

[gbarry 2,658]

We've looked into blacklisting email domains, but since most of the magic happens on the Evernote side of things, there's been little we can do from a forum functionality perspective, and our web and security teams will continue to shore up the web login within their gameplans (which also includes some blacklisting here and there).  The volume has honestly not been so high that it's been a priority, but if this becomes something that even the volunteers around here can't handle, then we'll definitely need to look at more advanced measures beyond what we've got.

[heather 604]

We actually were amazed at the level of people who are willing to create a new Evernote account just to post on our forums, but then we realized it really wasn't much more involved than normal forum verification.

 

Whether its being done with scripts or via a Mechanical Turk type process (more likely), we do have spam controls in place on the Evernote side and on the forum side. You're actually seeing only the most determined of the people to come through.

[JMichaelTX 4,117]

Thanks for sharing guys.

[Martin Packer 162]

@heather Oh, high class SPAMmers only. :-)

[CaptainTime 94]

This is common in many forums. Overseas labour is cheap to outsource to so even captcha doesn't stop it. They just hire people instead of only using bots.

[megsaint 441]

The Apple Support Communities got hit by the escort spam a few months back, hundreds of postings. That forum has, as I recall, an even more onerous registration procedure than this one. I believe they finally had to pull the site off line for a couple of hours before they could get it under control. 

[Metrodon 2,184]

57 million of Evernote's 60 million users are actually spammers and bots.

 

THIS IS A FACT that is backed up by the facts that Evernote haven't implemented 112 levels of nested folders, coloured notebook icons, embedded video, 3gb note size, highlighting (damn they did that one right?) and reminders (s***, that one is here too now).

 

(I may or may not be working too hard)

[BurgersNFries 2,407]

57 million of Evernote's 60 million users are actually spammers and bots.

 

THIS IS A FACT that is backed up by the facts that Evernote haven't implemented 112 levels of nested folders, coloured notebook icons, embedded video, 3gb note size, highlighting (damn they did that one right?) and reminders (s***, that one is here too now).

 

(I may or may not be working too hard)

You forgot manually organized notes/notebooks & full out encryption.

[BurgersNFries 2,407]

The realty is no one really uses this board...we are all bots here. Some are just better bots than others.

[JMichaelTX 4,117]

Guess I'll have to unsubscribe from this forum (Evernote General Discussion".

The spam is getting much worse, and my email inbox is filing up with stuff like ""pakℐstaⁿℐ ℰScoℛT In Dubaℐ00971552244915ℒℴcal ℰScoℛT ℊiℛls""

 

Sure seems like there should be a pattern that could be detected by the forum spam filter.