Yesterday I wrote about how spammers have managed to flood Facebook’s official help forum, the Facebook Help Center Community Forum, for a second time. I contacted the social networking giant to notify the company of the issue, and got a reply back today saying the issue has been fixed.
“Protecting the people who use Facebook from spam and malicious content is a top priority for us,” a Facebook representative told The Next Web in a statement. “Recently, we experienced a spam attack targeting our Help Center that exploited a misconfiguration of our spam protection systems. Our team responded quickly and we have eliminated most of the spam caused by this attack. We are now working to improve our systems to better defend against similar attacks in the future.”
The problem is that this simply isn’t true. I quickly checked two out of the 23 sections of the help forum (Search and Messages) that were hit particularly badly. New spam is steadily coming in. Furthermore, spam from yesterday and earlier in the week doesn’t appear to have been deleted.
Maybe Facebook got rid of some of the spam (there’s simply too much for me to keep track of it all) but that’s it. It is very clear to me, however, that this problem has not been fixed: both new (a few minutes) and old messages (a few days) are all over the place. What a mess.
While the forum is designed for asking questions regarding various help topics, spammers have managed to overrun it with their junk. Not only does the spam attack mean Facebook users seeking help can be duped into clicking on spammy links, but it also renders the social network’s self-help support forum next to useless.
This particular spam campaign includes fake Facebook accounts pushing links to purported streaming live sports matches and other TV content. Multiple bogus accounts were created for just this purpose.
Somehow, spammers managed to get around Facebook’s current systems for fighting spam, which a company spokesperson detailed for The Next Web:
To help protect our users, we’ve built enforcement mechanisms to quickly shut down malicious Pages, accounts and applications that attempt to spread spam by deceiving users or by exploiting several well-known browser vulnerabilities. We have also enrolled those impacted by spam through checkpoints so they can remediate their accounts and learn how to better protect themselves while on Facebook.
Beyond these protections, we’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people. In addition to the engineering teams that build tools to block spam we also have a dedicated enforcement team that seeks to identify those responsible for spam and works with our legal team to ensure appropriate consequences follow.
I said in my post yesterday that “this attack isn’t as bad as the last one” but if “Facebook doesn’t do something quickly, however, it could get out of hand again.”
That’s exactly what’s happening.
Image credit: stock.xchng.