Facebook, OfferUp, LetGo

Discussion in 'General Chat' started by david62311, May 3, 2021.

  1. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,165
    Likes Received:
    251
    I had to get rid of some stuff that I have collected before the end of the Last Month. I tried Facebook and I got a few messages asking "is this still available"? Facebook has improved a little. The function wasn't working before but, it was there for adding your item to other marketing places but, it's working now.

    I had heard people had some luck in the past selling with OfferUp. I uploaded the app for it and noticed LetGo have merged together.

    I put up a few things and I got respones within the first 30 minutes. I was selling a recliner couch for $300. The first user wrote, I want to buy your recliner couch for $300. I wrote back and said that they have to come and pick it up and that I would help them take it out the door. I got a reply asking me for my phone number. A warning came up from OfferUp suggesting that I end the conversation. It came up while I was typng a message back telling the user that all transactions including conversations would have to be through OfferUp. I never heard back from the user. Then about 3 more messages came through and said "please kindly give me your number and I will come and pick it up" They didn't mention that they would pay me. I looked at all 4 profiles and all of them were new accounts with no picture and no selling or buying transactions were showing in their account which is a red warning flag. I wasn't even on OfferUp for more than an hour and I could tell bots were texting me and the place had a lot of them. Those bots had no intention on picking up my couch. They just wanted my phone number.

    Never ever give out your phone number except to friends and family if you can help it. It is a BIG security risk and bigger than you can imagine. There are companies that ask for it and almost every customer thinks it's harmless to give it to the company. Your number is like gold to them but, most companies just use it for promotions and some sell the number to other companies. Nobody ever questions what else they use the number for besides promotions. Someone can use your number to find your location and do other things with that number which I won't mention. If I can't help but, give a company my, number I used my MagicJack Voip number that helps stop unwanted calls. Most companies won't even accept my MagicJack number if they want to send a text to verify that number. They can tell it's a VOIP number.

    You would think a big company like OfferUp would have control of the bots but, the bots are out of control on their app. Someone I know said that OfferUp used to not be like that and now there seems to be a tons of bots on OfferUp. Trust me, when I tell you that it's bad. At least Offerups chats are monitored and an Auto warning comes up warning people to discontinue the conversation when someone ask for a number.

    The problem we had with Webid was that people could continue a chat through e-mail once a conversation started up instead of through the Webid messaging system. Once that happened us Webid Admin's lost record of the conversation. I mentioned that before but, we never tried to do anything about it. We couldn't monitor a convesation if something went wrong between sellers and buyers if they were sending messages using their own e-mail system.

    The latest block from me for bots this week is to block chrome/88 user-agents blocked via the .htaccess. My Webid site has been well protected from bots but, the bots in the passed few days have been hitting my wp-login.php trap pages nd they get automatically banned and get my attention. It was shooting me an e-mail every time one hits the trap page and it showed their user-agent and IP info. I just block the browsers by the 10s. I added chrome/8 to my .htaccess user-agents blocks like this below. This is a block to block out past Google and Firefox Browser Versions. Chrome is in the 90s now so, it will not block out the latest versions. Browser versions get updated all of the time and without us knowing it. This right there below will stop a lot of bots from hitting a site.

    Code:
    # BLOCK USER AGENTS
    RewriteEngine on
    RewriteCond %{HTTP_USER_AGENT} Chrome/1 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/2 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/3 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/4 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/5 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/6 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/7 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Chrome/8 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/1 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/2 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/3 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/4 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/5 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/6 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/62 [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/3\. [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/4\. [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/5\. [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/6\. [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/7\. [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} Firefox/8\. [NC]
    RewriteRule !^robots\.txt$ - [F]
     
    Nootkan likes this.
  2. Nootkan

    Nootkan New Member

    Joined:
    Sep 7, 2018
    Messages:
    27
    Likes Received:
    0
    How do you know whether this is only blocking bots and not legitimate users with older browsers?
     
  3. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,165
    Likes Received:
    251
    If someone is using an old PC with old software then I don't even want them on my site. Browers on newer PCs get updated frequently. People that use bot programs are usually lazy about keeping up with the latest browser number.

    My suggestion to us my block is a suggestion. Use it if you want! I have never noticed a real user to get block on my sites with my suggestion. You can tell when a real user comes to a site. They leave a track of footprints in the visitor log like coming in on the main page and then all of the images get activated.

    A bot will be attracted to say an item that you put up. They have no interest in your item and when the log shows that the user-bot hit that item page, it won't show a log for the images like it would a normal user. The bots are using your item page to get to the register link page.

    I have close to 10 years of dealing with bots and I've done a lot of research on how a bots work. As a matter of fact, I was the one to discover them through Webid when they were mild like things back in the day. I've tried many different blocks. Back in those days if you put too much coding up to block, it would slow down the page loading but, today that is not as big of an issue with faster servers and internet speed. The evolution of the bots has grown and they are more aggresive now than ever and they adapt. If you block them one way, they seem to get more aggresive when they find another way around. You got to block every hole the bots find. I find it's best just to keep them off the site completely.

    I used to check my visitor log every day and everybody should if their sites are not protected. If you have over 1000 hits a day in your visitor log and no business on your webid site with some items up, then your site is being attacked or being poked at to see if there are any holes. If you have a site with a lot of users putting up rubbish items then your site is infected with bot users that have gained access to your site and probably gained access to your server if they are posting a lot. I will suggest checked out every folder on your server for infections if bots are posting items a lot with images. I can say no more here about that.

    If you do a Google search for "powered by Webid" and look at some sites and you see a site like shopitera for example that has 2814 users and nobody is selling, it's because something is wrong with the site or the bots can't get passed the 2nd captcha to submit their rubbish items. The webid site called climatechange has 9109 users and not one item for sale. It's just another admin that doesn't have their site working properly and is not paying attention to their visitor logs. There are plenty more Powered by Webid sites out there that the protection is being neglected by the admin of those sites. If I was those admins, I will suggest to delete all of those users and put up .htaccess blocks like the one I shared up at the top of this post. The browser block is just one piece of my .htaccess blocks that are the easiest ones to use and that's why I shared them with you all here.

    I could go all day and tell you about bots but, I will stop here.
     
    Nootkan likes this.
  4. david62311

    david62311 Well-Known Member

    Joined:
    Aug 29, 2013
    Messages:
    2,165
    Likes Received:
    251
    Don't trust the Google Captcha! It's a false sense of security! The bots are so aggresive today that they will get by it! I don't think there is a captcha out there that will stop them. We did have a good captcha that was created by Dahl in here but, it got removed. It was working. I find for me it's best just to keep the bots from even making it to my sites and let the real users in.
     
    Nootkan likes this.
  5. Nootkan

    Nootkan New Member

    Joined:
    Sep 7, 2018
    Messages:
    27
    Likes Received:
    0
    david62311,
    great to see you responding to the forum! I thought everyone had given up. I have been following all your threads regarding bots and have to say it is a good read.

    Right now I have my auction registration shut off as I didn't have time to keep deleting and banning the bots. Also I have so much to do until I feel comfortable allowing users to register.

    I did find this bot script (called stopbadbots dot com) that works very well on a normal html/php website I have and there is a plugin version for wordpress that works well on a number of wordpress sites I have built. Haven't tried it yet on webid but will eventually.

    Sure would like to see more users visit this forum again to help me with some issues I have been struggling with but I guess I will figure them out eventually.
     

Share This Page