Solved: We are working with Cisco SSO

Helena Pechaver Starc · ‎10-20-2015

An update for our community users: after analyzing recent spam attacks across the community, the team has come to a few conclusions:

We don’t believe these are automated BOTS, we believe they are real humans creating accounts and making posts.
These users our bypassing multiple layers of automated SPAM filters, BOT attack prevention tools and CAPTCHA verification.
Each one of these user accounts is creating an account on CISCO.COM which requires CAPTCHA and email verification.
These attacks are happening only in the evening hours after US business hours.

While we continue to find ways to stop this attack, we have put in place a early warning system. Also, we have blocked (and will continue to block) every user account we find posting spam. An email will be sent out to csc-spam-moderation@cisco.com if posting exceeds normal levels. This should allow us to catch and block users very quickly before they have a chance to post 100’s of discussions.

The team has the spam filter threshold very tight at the moment because of this current attack, however, we will relax the alerts after this incident concludes. This may slightly delay valid posts, as we filter through them. We thank you for your patience and understanding.

Monica Lluis · ‎10-25-2015

Thank you for letting us know, Reza. We have been blocking spammers and deleting their content.

I hope you and your love ones are safe and healthy
Monica Lluis
Community Manager Lead

View solution in original post

Helena Pechaver Starc · ‎10-30-2015

We are working with Cisco SSO to do what we can to prevent additional spam but we are already doing a lot of work to automate our ability to protect against this kind of spam. We realize that we cannot ensure 100% protection against this kind of spam, however, at this time, it appears that the recent coordinated spam attack is over. We have updated our SPAM prevention filters, added filters, updated several software applications, added monitoring actions to catch spam, and will continue our on-going work with the Cisco SSO security team to work to prevent future attacks. Thank you all for your support and patience in this regard.

View solution in original post

Reza Sharifi · ‎10-25-2015

Hi Helena,

The spam attacks are back again (Sunday morning 8:00AM). Please see LAN switching and routing forum.

Thanks,

Reza

Monica Lluis · ‎10-25-2015

Thank you for letting us know, Reza. We have been blocking spammers and deleting their content.

I hope you and your love ones are safe and healthy
Monica Lluis
Community Manager Lead

Helena Pechaver Starc · ‎10-30-2015

We are working with Cisco SSO to do what we can to prevent additional spam but we are already doing a lot of work to automate our ability to protect against this kind of spam. We realize that we cannot ensure 100% protection against this kind of spam, however, at this time, it appears that the recent coordinated spam attack is over. We have updated our SPAM prevention filters, added filters, updated several software applications, added monitoring actions to catch spam, and will continue our on-going work with the Cisco SSO security team to work to prevent future attacks. Thank you all for your support and patience in this regard.

Spam Update