Follow/unfollow for new members

[BankFodder]

We've just had an issue where somebody registered and then with a very short time had managed to "follow" pretty well our entire user database of over 300,000 people – and as you can imagine the system started send out "XXX is following you" notifications which when clicked on would take you to that person's profile with a load of spam for sex and pornography sites.

We caught it 20 minutes after it registered and we managed to delete a very large number of the notifications that were queued up.

However, I then decided that it would be a good idea to configure new users to only be able to employ the "follow" facility after XX number of posts – but there doesn't seem to be such a possibility. I can set something like that for messaging – but not for following.

Have I missed something? I'm a bit surprised.

[Adriano Faria]

2 hours ago, BankFodder said:

We've just had an issue where somebody registered and then with a very short time had managed to "follow" pretty well our entire user database of over 300,000 people

That’s the weirdest thing here. It would take hours (Or days) to someone follow manually 300,000 accounts. 

2 hours ago, BankFodder said:

I then decided that it would be a good idea to configure new users to only be able to employ the "follow" facility after XX number of posts – but there doesn't seem to be such a possibility.

Nope. Follow is available to all members as soon as they’re logged in; the only restriction in follow is for guests. 

You better post this as a suggestion in the proper forum. 

[BankFodder]

Yes it should take days – but have a look at this screenshot from a very excellent tracking application written by a very gifted developer. Of course it was done by a bot

Quote

and yes I will post this as a feature request – and frankly I think it is a fairly urgent thing.

 

--------------------------------------------------------------------------------------------------------------------

I've now posted it as a feature request 

 

Is it possible to disable the follow facility completely?

[christopher-w]

43 minutes ago, Adriano Faria said:

That’s the weirdest thing here. It would take hours (Or days) to someone follow manually 300,000 accounts. 

In banking tech we used scripted  robots to log on and load test functionality, guessing same might have happened here?

[Adriano Faria]

It had to be me! 😂

Well, glad that the app is working fine. 🥴

You can disable FOLLOW/UNFOLLOW until I found a proper solution to this.

I’ll probably will restrict what new members can follow. 

36 minutes ago, christopher-w said:

In banking tech we used scripted  robots to log on and load test functionality, guessing same might have happened here?

Track Members app is following new accounts.

—————

EDIT: just to leave it clear, as stated below, it has nothing to do with Track Members app. It works as it was expected to work by logging the follows. It doesn’t follow people. 

[christopher-w]

4 minutes ago, Adriano Faria said:

Track Members app is following new accounts. 

yes I was referring to the OPs scenario whereby user managed to follow 300,000 accounts in no time. Sounds like a robot.

[BankFodder]

10 minutes ago, Adriano Faria said:

It had to be me! 😂

Well, glad that the app is working fine. 🥴

You can disable FOLLOW/UNFOLLOW until I found a proper solution to this.

 

I’ll probably will restrict what new members can follow. 

Track Members app is following new accounts. 

Yes, your tracking app is working very well. Thank you.

However, I thought the settings simply mean that it won't track follows – but they can still happen. I'm looking for something to control whether or not people can follow others.

If it happened to us then obviously it can happen to others very easily

[Adriano Faria]

Actually, this is weird. Track Members will only TRACK the follows; it won’t make a member FOLLOW something. It’s probably something else... will take a look closer when I reach my PC.

[BankFodder]

Also I notice that you have a "flood control" which prevents the logging of the same action if it happens again within – five minutes – in our case.

Clearly it's not working because we have a very large number of follows within the space of a minute – unless it treats followers of new people as a different event

[Adriano Faria]

Just now, BankFodder said:

Also I notice that you have a "flood control" which prevents the logging of the same action if it happens again within – five minutes – in our case.

Clearly it's not working because we have a very large number of follows within the space of a minute – unless it treats followers of new people as a different event

Flood control works for actions performed by the user. “Auto follow” isn’t a user action.

Anyway:

2 minutes ago, Adriano Faria said:

Actually, this is weird. Track Members will only TRACK the follows; it won’t make a member FOLLOW something. It’s probably something else... will take a look closer when I reach my PC.

 

[BankFodder]

No, I don't think that the tracker had anything to do with the following. It simply recorded it. I suppose that the spammer applied a macro or something which identified members by their user number.

I can imagine that if you see a forum with 350,000 members and you know the way that it works, then it must be quite easy to apply a macro

Quote

 

https://www.consumeractiongroup.co.uk/profile/110089-x redirects to https://www.consumeractiongroup.co.uk/profile/110089-gavmoulds/

 

[Adriano Faria]

Just now, BankFodder said:

No, I don't think that the tracker had anything to do with the following. It simply recorded it.

That’s my guess too but I need to take a look in the script. I really don’t remember from the top of my head. 

Did this happen with other new members too or only with this one? Also, the first follow (take a look in the logs) happened right after the registration or a few minutes later?

[BankFodder]

It was purely by luck that I came across this spammer within 23 minutes of his registration. Our Webmaster flagged up some anomaly and found well over 30,000 emails queued up on the server. I went to investigate the username and found that they were advertising pornography on their cover photo and also in their signature so that if you received the follow notice then you would click on it and you would go to the signature. As soon as I discovered, I stopped it and also change the signature with an apology and explained that it was a spammer – but well over 300 people had gone to look at his profile.

Obviously all the queued emails were deleted

[BankFodder]

As far as I can make out, they joined the forum – then started checking a few profiles, did a few follows which may have been manual because they visited the profile first and then did the follow. Then they uploaded cover photo – and then about 15 or 20 minutes after they first started becoming active, they launched the mass follow of about 300,000 users which took about two hours.

[Adriano Faria]

1 minute ago, BankFodder said:

As far as I can make out, they joined the forum – then started checking a few profiles, did a few follows which may have been manual because they visited the profile first and then did the follow. Then they uploaded cover photo – and then about 15 or 20 minutes after they first started becoming active, they launched the mass follow of about 300,000 users which took about two hours.

Yeah, that says much. The user found a way to follow everyone to get attention to their profile and it isn’t that hard.

This is the URL to follow this topic: https://invisioncommunity.com/index.php?app=core&module=system&controller=notifications&do=follow&follow_app=forums&follow_area=topic&follow_id=455676

I’m on mobile device, can’t test it properly, but it seems to be missing to pass the type (what to follow) parameter and the form submitted (_submitted=1 or something, again, can’t remember now) then you will follow something. Put this in a for statement and then you’re done. 

Again, not tested so I REALLY don’t know if that’s possible. 

[BankFodder]

I have absolutely no idea what you are babbling on about. Sounds like Greek – or Portuguese to me!😁

[Adriano Faria]

Just now, BankFodder said:

I have absolutely no idea what you are babbling on about. Sounds like Greek – or Portuguese to me!😁

Just thinking out loud. I’ll make some tests later to see if I manage to follow all users from my board doing what I described above.👍

[BankFodder]

Okay well I'll be interested know what the results are – but what I really need is something to disable following and to make it subject to a posting limit

[BankFodder]

That's strange, I've suddenly realised – that I said that I had caught it 20 minutes after it had registered – but that can't be correct. If it took over two hours to do its business and send out the follows that I must've caught it about three hours later