MDtravelhealth
TravelWiki
Perfect Place
We are a community of travellers and we want unbiased information for and from our members. There will always be those who try to abuse the service and try to game the system to their advantage (and that means everyone else's loss).
For this reason, and in order to participate in the community, we ask you spend a couple of minutes qualifying your interest in travel by telling us a thing or two about your travel experiences: In the beginning it might be easiest to write a drop box entry about your home town, or some place you know well - we love expert 'local' knowledge, tips and hacks.
Read below about ways Red Planet Travel has been attacked in the past:
Link Spam
Most often a spammer will join a site that has a forum-type capability and post links to their tour or blog page in order to try to gain traffic and rank from our site.
https://redplanet.travel/questions/159/How-long-is-the-Octopus-Card-in-Hong-Kong-Valid
Profile Spam
Redplanetters are encouraged to put links to their blog or website and any social media account on their Profile page. This attracts spammers who use the system to get a link to their service.
https://redplanet.travel/profile/AssignmentWriting32
"Assignmentwriting.ae was founded on the desire to the provision of quality submissions in all our tasks. With the rising education demands in UAE and GCC, it is imminent that students will always compete to edge their peers in terms of performance."
In response to this type of spam profile pages are only active after the user has a reputation score of at least 200.
Chinese fake degree bot spam May 2018
This was an extremely sohipsticated attack that was promoting fake degrees. Huge blocks to text were posted to the site in the Questions area using automated bots. A new Question was posted every 2 or 3 minutes.
The feature to be able to ban a User and delete all their questions was added after this attack.
You can see in the screen capture above 1) the garbage Username - which were all based on the @outlook.com domain, and were all verified emails and 2) the mountains of junk content that were posted by the Bot.
Mass fake user signup May 2019
I started to receive complaints from people via email. "I never signed up to your service! Why are you sending me email?", "You website is a fraud.. Delete my account." Many people were upset, and I can tell you this all very distressing for me too.
So checking the database I can see lots of automated sign ups occuring. About 2 an hour look to be suspect - the accounts are not being verified and often they have a pattern like usernameXX where the last few characters are in uppercase.
What is frustating is that the sign up form contained a Google-Recaptcha anti-bot check. So either the bot is overcoming this or the signups are manual. Either way the Google Recaptcha is not working, and I had to remove it.
I've changed the sign up form to get a sentence from the new user about their home country, and cross check that sentence is about the place they say they are coming from. So far, so good - no spam sign ups.
All in all over 15,000 fake accounts were created. But why? Seems at least a few were genuine email address of unsuspecting folks, but gibberish names had been entered into the Red Planet Travel system.
I started to reply to some of the people and asked them if they other sites were sending them "sign up" emails. My concern was that I was being targetted for some reason.
Seems that is was not the case.
A lot of people said their eBay and other mainstream sites had been hacked. Some people had clicked the "Verify email address" message that will have been sent to their account, which meant a lot of work for me to close all these accounts, and more irritatingly the reputation of my email server (and my account at Sendgrid) were badly damaged. For now.. check your SPAM bin for any messages from me - and please mark as "not junk".