none
Spammer able to undelete spam posts that had years ago been deleted RRS feed

  • Question

  • I have a worrying development to report.

    I have just received two alerts of new posts (one to a thread where I am now a Moderator and one to a thread where I am no longer a Moderator) from the same person.

    These alerts are in fact not to new posts from this person (although the alert says "has replied to") but are in fact to very old posts from him that were deleted because all this person does is post adverts for his company's own products and where he has now undeleted them - the notification is thus of an undelete.

    I could see this in the following thread

    http://social.msdn.microsoft.com/Forums/en-US/sharepointinfopath/thread/3990aa9b-6ea6-4995-bffc-da1912db9d00/

    where I am an administrator so it was possible to see that I had earlier deleted the thread as spam and that it had been undeleted by the person who posted it

    The other thread in a forum in which I am no longer a Moderator is probably the same - I remember telling a Moderator there of the habit of this poster in only posting advert posts and him reacting to that information by deleting posts. (I can't see the delete undelete pattern there)

    -----------------------------------------------

    Either:

    1- There is a problem in that non-Moderators are now allowed to undelete their own deleted threads

    Or

    2. A known spammer has been given Moderator rights (if so this is unbelievable!). Because we can no longer see the "Moderator" next to the name of a person it is impossible for us to see this anymore.

     

    If the latter, I would request that this poster be immediately stripped of his Moderator rights throughout the system and especially in all SharePoint 2010 and in all pre-SharePoint 2010 forums.

    (The poster is http://social.msdn.microsoft.com/Profile/Ethan%20Bach and that other thread is http://social.msdn.microsoft.com/Forums/en-US/sharepoint2010general/thread/a3df3760-3616-4e2d-813b-dfb7acae7a3a/)

     

    Mike Walsh

     

     P.S. I am now finding via his profile evidence that he has undeleted all of his posts that were earlier deleted as spam. Some I can delete again. Others I now can't.

     P.P.S. There is at least one case of him being able to undelete a post in a locked thread !! How is that possible?

     P.P.P.S. I am going through the lot now. If he in turn undeletes them again, I want him banned as the spammer he is.

     


    SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
    WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
    Both also have links to extensive book lists and to (free) on-line chapters

     

     



    Thursday, July 21, 2011 12:12 PM

Answers

  • We actually contacted the user and they weren't very helpful, explaining they didn't remember undeleting anything. If we see this again we could look into it, but for now my hunch is the user was temporarily given mod rights for a while.  But we won't be digging into this more unless we have more data or a repro. 
    Community Forums Program Manager
    Saturday, October 15, 2011 5:11 AM
    Answerer

All replies

  • There must have been about 50 posts from this guy. ALL were proposing a product from his company and ALL the over 40 where I could see this had been undeleted within a couple of minutes of each other.

     

    I suggest we ban him direct. We can do without such posters and then having the cheek to undelete all of his posts is just the final straw.

     

    Mike Walsh Moderator pre-SP 2010 forums / ex-Moderator SP 2010 forums.


    SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
    WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
    Both also have links to extensive book lists and to (free) on-line chapters
    Thursday, July 21, 2011 12:36 PM
  • I'll look into this, hoping it is an issue where someone gave the user mod rights. Checking with some others on banning question.
    Community Forums Program Manager
    Thursday, July 21, 2011 5:24 PM
    Answerer
  • Most likely (haven't looked, though) an exploit in the system. E.g. that user found a way to undelete posts, but I doubt he did it manually.
    For every expert, there is an equal and opposite expert. - Becker's Law


    My blog
    Thursday, July 21, 2011 7:19 PM
    Moderator
  • Yeah, that's what we are looking into, ensure there isn't some http only post like way to do this or something.
    Community Forums Program Manager
    Thursday, July 21, 2011 10:53 PM
    Answerer
  • > Most likely (haven't looked, though) an exploit in the system

    That was my idea too although I must admit I was somewhat afraid to say so publically.

    There were two reasons for thinking that.

    1. The undeletes occured very rapidly and much faster than it was possible for me later to access and delete them again manually.

    2. Some of them had four hours earlier before the undelete cycle been *deleted* by him (a delete on top of an older delete, presumably). This indicated to me someone who was trying out a hacking technique and getting close the first time and then refining it for the second cycle.

     

    Of course it may just be "given Moderator rights" but anyone looking at the totality of his posts ought to have seen a) relatively few posts and b) only posts pushing products from his company so requirements for Moderator should by no means have been satisfied.


    SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
    WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
    Both also have links to extensive book lists and to (free) on-line chapters
    Friday, July 22, 2011 5:53 AM
  • Yeah, that's what we are looking into, ensure there isn't some http only post like way to do this or something.
    Community Forums Program Manager

    Any conclusion?
    Ed Price a.k.a User Ed, Microsoft Experience Program Manager (Blog, Twitter, Wiki)
    Saturday, October 15, 2011 12:21 AM
    Owner
  • We actually contacted the user and they weren't very helpful, explaining they didn't remember undeleting anything. If we see this again we could look into it, but for now my hunch is the user was temporarily given mod rights for a while.  But we won't be digging into this more unless we have more data or a repro. 
    Community Forums Program Manager
    Saturday, October 15, 2011 5:11 AM
    Answerer