Skip navigation
7952 Views 11 Replies Latest reply: Jun 22, 2011 12:22 PM by Robert Dell'Immagine RSS
Chirag Desai Level 2 31 posts since
Jul 27, 2010
Currently Being Moderated

Jun 12, 2011 3:01 AM

Qualys Community Spam?

Er...Irony at its best? Spam within the Qualys Community.

Screen shot 2011-06-12 at 2.02.27 PM.png

  • randamw Level 1 14 posts since
    Aug 2, 2010
    Currently Being Moderated
    Jun 12, 2011 6:26 AM (in response to Chirag Desai)
    Qualys Community Spam?

    I received one of those too. From the same address.

  • Currently Being Moderated
    Jun 12, 2011 6:36 AM (in response to Chirag Desai)
    Qualys Community Spam?

    Hey guys,

     

    I got one too; we're looking into it.

     

    Thanks,

    :Chris

  • Arnold Murphy Lurker 1 posts since
    Sep 24, 2010
    Currently Being Moderated
    Jun 12, 2011 2:44 PM (in response to Chirag Desai)
    Qualys Community Spam?

    Could this be spear phishing for passwords, the login was a little rough through the link. I am resetting my password, and suggest everyone look for any non-authorized usage of their Qualys scanning accounts, this may be the objective, to gain access to other accounts through a spear phishing campaign looking for common passwords using a cross site script or a fake login.

  • Robert Dell'Immagine Level 4 251 posts since
    Apr 26, 2010
    Currently Being Moderated
    Jun 12, 2011 4:31 PM (in response to Chirag Desai)
    Qualys Community Spam?

    Thank you for reporting this.  I (the Qualys Community administrator) also received this spam this morning, and I immediately deleted the account that sent it (which also deleted the message).

     

    Bob, you got the error because I deleted the user and the spam message. So if you (or anyone else) click the notification, you will get this error message because the spam message is no longer in the system.

     

    Arnold, I do not believe this is a spearphishing attack. Here's what I believe happened.  An actual person (not an automated system) created a Qualys Community account in the exact same way as every Qualys Community member has done. This person then sent a private message to a large number of other accounts on the system, again using the same mechanism a legitimate member would use.  Well, I supposed if someone did reply to the message and sent their real email address, that could put them at risk, but presumably anyone but the most naive user would not reply to the email.

     

    The best solution I can think of is to limit the number of addresses in a private message to some low number, say 5, and then it become more difficult for spammers to send this type of spam.  I have requested this feature (unfortunately it is currently possible to limit the number of recipients).

     

    Again, thank you for reporting this.  And I apologize for any disruption or inconvenience this has caused.

     

    Regards, Robert

     

    Robert Dell'Immagine

    Director of Community, Qualys

  • Robert Dell'Immagine Level 4 251 posts since
    Apr 26, 2010
    Currently Being Moderated
    Jun 22, 2011 12:22 PM (in response to Chirag Desai)
    Qualys Community Spam?

    Hello All,

     

    I'm considering the following changes: limit the number of recipients on the distribution list to something low like 5, and limit the number of private messages that can be sent from new accounts (less than 1 week old, for example).

     

    The private message spam I have seen always comes from new accounts, and legitimate use of PMs generally doesn't include large distribution lists. So these two restrictions should impact the ability of spammers to send PM spam without inconveniencing community members.

     

    Other options considered included a captcha, but this inconveniences all community members and would not prevent spam sent by an actual person. A 'mark as spam' button won't prevent spam, and community members will still get the email notification, even if the link to the spam is disabled.

     

    Please feel free to comment here on this topic. In the meantime, we're starting work on the two above limits, and I hope to have them deployed by the end of June.

     

    Thanks, Robert

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points