strange people trying to join


Anita L
 

I have so many strange emails all from aol trying to join. I keep rejecting them.

Is this happening to anyone else?

Thanks

Anita


Susan
 

Yes!  I joined this group specifically to address this problem.  We have been getting these requests approximately every other day for months now and it is irritating, to say the least.  I believe they are spambots, sent in an effort to collect email addresses and any other available data.  We have been rejecting them, but would love to find a way to completely block them without affecting our one long-time member who still uses an aol address.  Any suggestions would be appreciated.

Susan


David Grimm
 

On Thu, Jan 23, 2020 at 01:12 PM, Anita L wrote:
Is this happening to anyone else?
Now that you mention it, yes.

I had about a dozen new members in 2019. So far this MONTH, I've had that many. Nine of the 12 were AOL, 2 were Gmail and 1 Verizon. I just figured it was protesters trying to glean information from our group so they could plan their next protest. Since our group is about information that any member of the public could ascertain just by opening their eyes, there is nothing 'secret' to learn on our group, so I took a laissez-faire attitude and accepted their requests with a NuM-1 default... and a quick trigger finger if they violate my group posting rules.

Maybe it's something else, but I'll still keep my high-alert on.

Dave


David Grimm
 

On Thu, Jan 23, 2020 at 01:46 PM, Susan wrote:
I believe they are spambots,
Hadn't thought of that. Would spam-bots send their requests to join from various different ISP's geographically, but all the same domain, i.e. AOL? Other than the opt-in Directory, what other information would be vulnerable?

Dave


James Proffer
 

On 1/23/20 11:37 AM, Anita L via Groups.Io wrote:
I have so many strange emails all from aol trying to join. I keep rejecting them.

Is this happening to anyone else?
I have seen three all of the form name name three-letters @ aol.com .  The latest was allegedly from [Redacted by Moderator] @aol.com .


Susan
 

I have no idea about the ISP's, but have noticed that all of our questionable requests have reasonable sounding people's names - there is not a fuzzy unicorn or puppy mama to be found - and, so far, all come from aol.  They have also all declined to reply to our very short required questionnaire. We try to discourage it, but some members include personal info, such as home address or phone number, in their posts.  We also encourage removal of all previous information from forwarded material, but again, some members do not remove it thereby providing email addresses that are not even part of our group.

Susan

On 1/23/2020 1:01 PM, David Grimm wrote:
On Thu, Jan 23, 2020 at 01:46 PM, Susan wrote:
I believe they are spambots,
Hadn't thought of that. Would spam-bots send their requests to join from various different ISP's geographically, but all the same domain, i.e. AOL? Other than the opt-in Directory, what other information would be vulnerable?

Dave


Robert Oshel
 

We've had several requests to join our neighborhood group in Maryland from AOL addresses.  The Subscription Approval Needed message from Groups.IO say they were logged in from New Jersey.  They never reply to our request for real name and address for neighborhood residency verification.  

   Bob


On Thu, Jan 23, 2020 at 2:35 PM James Proffer <james@...> wrote:
On 1/23/20 11:37 AM, Anita L via Groups.Io wrote:
I have so many strange emails all from aol trying to join. I keep rejecting them.

Is this happening to anyone else?
I have seen three all of the form name name three-letters @ aol.com .  The latest was allegedly from [Redacted by Moderator] @aol.com .


Jeri Dansky
 

As others have reported, I’ve also had a flurry of requests to join coming from AOL addresses. We’re a freecycle group in California; the requests are coming from Missouri, Ohio, New Jersey, etc. — even India.

We have a message (with some questions) sent to all prospective members, and — no surprise! — none these addresses replies to that message.

If it were a single request I’d think maybe the person was using a VPN, which would hide their actual location. But with this many, it’s obviously something else. They couldn’t possibly care about our actual content, so I’m not sure what they ARE after.

Jeri

I have so many strange emails all from aol trying to join. I keep rejecting them.

Is this happening to anyone else?


Anita L
 

I also have sent emails to them for their information and never got a response.
 
Very strange.
 
Anita


Cleveland Park Editor
 

Yes, this has been happening daily on my group since January 17. Some days, it's 2 or 3 email addresses per day, but it was 5 email addresses on January 20 and 7 on the first day, January 17. They all follow the same pattern, LastnameFirstname then a couple of random numbers or letters @ aol.com. (Like these: Redacted@... PowellRedactedYH6@...) The co-moderator of another group in Washington DC that's having the same problem told me it looks like these addresses are being generated by a fake-address generator: 
https://fakedetail.com/fake-mail-generator/aol


If someone's set up a program to generate fake AOL addresses and get them to subscribe to GIOs all over the place, this could go on indefinitely. It sounds like some sort of coordinated attack on Groups.io. 

Is there any defense?

Peggy Robin


 

>>> I have so many strange emails all from aol trying to join. I keep rejecting them.   Is this happening to anyone else?


It also has been happening on two of my eight groups, for about a week or so, and now that I see I'm not the only one, yes, it must be a coordinated spam/scam/spambot campaign, maybe not necessarily just to GIO, but possibly other group places, I don't know.  Thankfully I had not cleared out my trash folder and just went back and looked at all those *.aol address subscription notification emails I received, and all but two (which were legit as they replied back with the requested info) have been sent from the same place:

>>> Logged in: Windows Opera 65 - Clifton, New Jersey, US (104.xxx.xxx.xxx)

As to what to do, if you are fine with it, just reject them if they fit the pattern; if you're unsure, send them the app info questionnaire notice through something else than GIO itself.  I had problems recently with sending groups.io notice emails to the two good AOL accounts mentioned above, they never replied even if resent the notice (maybe due to the +owner suffix it's going to their spam/junk??), but they replied when I emailed them from my (throaway) Gmail group mod address.  So in the early days, I also had been sending a reminder message to the suspect accounts thru gmail, but no answer as expected, so after a day or two, I hit the reject button.  Now that I saw the pattern, I  may not bother and just reject right away.

One thing I'm curious, both of the two groups I'm experiencing this have short names, three & four letters, the rest of  my groups have many more.  How about yours?

I also just looked in the Activity logs, all of those suspect joins were requested through the web, not through email, at least in my case, I wonder if they wrote a script to automate "clicking" the Join button (or they just figured out the code/process or something), and they are working "up the ladder" with groups names, using some name generator or something, in which case it may become worse.

Cheers,
Christos


 

More weirdness; in my case, it started on Jan 15 in only one of the two groups, same everything except those initial addresses used 4 random suffix chars, not the later 3.  Then it stopped for a couple of days or so, then it started again, this time on both groups, with the 3-suffix scheme we see now.

Cheers,
Christos


 

On Fri, Jan 24, 2020 at 05:22 AM, Christos G. Psarras wrote:

all of those suspect joins were requested through the web, not through email
Did you put Promote "Copy/Paste Onto Your Site" HTML code on some website other than groups.io?
If you did, that can be a bot spamming the form.

Are there bounces in Email Delivery History?


 

Did you put Promote "Copy/Paste Onto Your Site" HTML code on some website other than groups.io?
No, we're fine there, both groups are private, only the home page is visible as in all groups.


Are there bounces in Email Delivery History?

Actually there is, one of those two first suspects from Jan 15 started bouncing yesterday (Jan 23).

I pruned some already but I'll leave the rest of the 6 suspects left in the pending queue, just to see if they also start bouncing.

Cheers,
Christos


Duane
 

One thing that concerns me about these is that they all seem to be Confirmed addresses, no NC showing.  For that to happen, someone would have had to Direct Add them to a paid group or use a script to generate replies.  I'd bet on the Direct Add.

I have gotten the same address on a couple of groups, but most are one-off.  The earliest join date I've seen is Dec 17 2019.

Duane
--
GMF's Wiki: https://groups.io/g/GroupManagersForum/wiki
Help: https://groups.io/static/help
Search button at the top of Messages list
A few site FAQs: https://groups.io/static/pricing#frequently-asked-questions


Chris Jones
 

On Fri, Jan 24, 2020 at 10:55 AM, Duane wrote:
One thing that concerns me about these is that they all seem to be Confirmed addresses, no NC showing.  For that to happen, someone would have had to Direct Add them to a paid group or use a script to generate replies.  I'd bet on the Direct Add.
An interesting possibility, but... IIRC (and it is if) for the NC flag to be omitted on any application to join a group the user in question (i.e. the email address) has to be logged in at the time the application is made. Would an address being directly added automatically be logged in as a result? I would have thought not, but you never know...

Chris


Duane
 

On Fri, Jan 24, 2020 at 06:13 AM, Chris Jones wrote:
IIRC (and it is if) for the NC flag to be omitted on any application to join a group the user in question (i.e. the email address) has to be logged in at the time the application is made
Not quite.  NC only shows up for an email address that hasn't been confirmed (doesn't have an account on GIO).  Direct Added addresses are automatically confirmed.  All they'd need to do is enter the email address in the box for the group they're trying to join.

Duane
--
GMF's Wiki: https://groups.io/g/GroupManagersForum/wiki
Help: https://groups.io/static/help
Search button at the top of Messages list
A few site FAQs: https://groups.io/static/pricing#frequently-asked-questions


Peter Cook
 

I know this isn't practical for every group, but ours is not listed in the directory, so you have to know about it to join.

Peter


Robert Oshel
 

I just had a join request for my neighborhood group in Maryland from an AOL address with the name in the reported first name. last name. letter/number pattern  "Logged in: Windows Chrome 79 - Hyderabad, Telangana, IN (115.113.213.11)."   That's India, not Indiana.   I guess they aren't just from New Jersey any more!
 
  Bob


T Golding
 

On Fri, Jan 24, 2020 at 12:07 PM, Robert Oshel wrote:
I just had a join request for my neighborhood group in Maryland from an AOL address with the name in the reported first name. last name. letter/number pattern  "Logged in: Windows Chrome 79 - Hyderabad, Telangana, IN (115.113.213.11)."   That's India, not Indiana.   I guess they aren't just from New Jersey any more!
 
  Bob
I'm wondering if it would do any good to report this to AOL.   they still have email support, they might want to know what's going on.
Terri