Share:|

Background...

In past few months up until last week, we have observed handful of spam attacks on BMC Communities violating BMC Communities Guidelines and Rules and BMC COMMUNITIES TERMS OF USE (“TERMS”). Moreover, providing an unpleasant experience to our fellow community members. 

 

Specific Case

Last week, a spammer account by the name of Vina Lorenzana tried accessing BMC communities and sending private (spam) messages to other users. The user was using a Pune egress Public IP & all the transaction for Communities for Pune is happening through this Egress IP. See the screenshot below:

 

Vina Spam.png

 

To mitigate spammer related risk, we immediately:

  1. Deactivated this account
  2. Removed the external identity to disconnect the account from SAML authentication. Simply put, making sure that the SSO enabled user cannot re-activate the account in self-service.

 

In cases such as above, we also consider banning the IP address to disallow the spammer to create multiple accounts or run scripts to most hundreds of spam posts.

If you come across any phishing attempt or any suspicious account, please click on report abuse under actions on the content in the right rail. Also, you can reach out to Admin Team or to me directly.

Looking Further

In an effort to reduce the noise created by spammer and valuing the commitment of fellow users who love BMC Communities, we are taking the following action.

 

Follow-Back Messaging

BMC Communities users will be allowed to send private message to other users only if both the users follow each other. That means any future spammer would not be able to send you private messages until you decide to follow them back. Also, at any given point of time, you can unfollow someone to stop receiving private messages for that person. Here's a resource to help you in identifying and following experts: Learn from product experts.

Find more resourceful content to make you a communities champion here.

Other Measures Include

For spams not related to private messaging, we have taken following actions in the past:

  1. Abuse reporting - As explained above, it allows users to report abusive content by clicking an abuse label on the content, which is then sent to a moderator. Automatically hides content after 5 abuse reports.

  2. Link Moderation - Any content which contains links to domains not on the whitelist is placed into moderation.

  3. Keyword Interceptor - The Keyword Interceptor allows us to prevent users from creating content that contains keywords or phrases that are considered by the tool as problematic.
  4. Message Governor Interceptor - The Message Governor Interceptor prevents users from posting multiple content in quick succession.

Still have questions? Post them in the comments section below