05 fuji

The spam is back in the General section

datlas 

Reported. Cleanup needed in aisle 1.

datlas 

Bueller??

cb400bill

This type of thread is unnecessary. All you need to do is report the spam and the mod staff will take care of it. Thanks.

livedarklions

Thank you for making that clear. Also, thank you for the immediate response and clean up! That was perhaps the fastest spam dump so far, and I'm absolutely impressed by how fast you guys responded. They obviously are starting these things around 2 a.m. US time when you can't reasonably be expected to be on guard, but someone must have taken care of this as soon as they got up for the morning.

smontanaro 

I don't follow the general discussion forum, so I've not encountered this problem except indirectly seeing it here. How is this spam propagated? Are these new (bot-created?) accounts, or are existing users' accounts being compromised? Are steps being taken to mitigate the problem?

datlas 

From what I can tell, the spammer gets a new account, posts the daily max 5 posts over a few minutes, then gets another new account, repeats process and an hour later “general” is full of stupid spam ads. Unclear if BF has the ability to prevent this. I am guessing not.

smontanaro 

Back in another life, this sort of thing happened with spammers on a bunch of related mailing lists. The solution was pretty simple. Don't allow new members to post for a bit. Sounds like maybe 30-60 minutes would do the trick here.

79pmooney

They're back. (The Dubai Call Girls, No, I did not open the link to verify.)

unterhausen

People talk about bots a lot. I think they are bots in this instance. Usually I'm pretty sure it's a person, although the user accounts are probably set up by someone automatically somehow. There is good evidence that this is pretty typical, someone sets up the account and someone else uses it to spam. The ones where they make 10 posts must be pretty expensive as these things go.

79pmooney

You mean this isn't about one and a half call girls for every man, woman and child in this country? I'm disappointed.

datlas 

Back again. I already reported it. Wonder if there is a better way to keep it from happening?

Kapusta

If not for this thread I would have reported it as well. Would you prefer to get boatloads of people reporting the same spam?

smontanaro 

This is clearly an ongoing problem. Is there any indication from the devs that they are actively working the problem? In Ann earlier post I mentioned forcing new users to wait before posting for the first time. Another option is to put all new users on moderation for a bit (n posts or m days, something like that).

unterhausen

It's a difficult balance between newbies leaving the forum forever because of the rules and catching spammers. This forum dies without new people signing up. You can scan through this subforum and see the bitter complaining people do about the limited controls we have in place now. Others just leave right away.

Some threads and posts do get moderated, but it's a bit much to expect that volunteer moderators will handle the workload from expanding that system to every new user. I suspect there is something that can be done. But it seems like they do an occasional probe, we delete everything, and then they go away for a while. It's hard to believe they are making money off of the kind of spam they are posting now, but who knows?

smontanaro 

As I indicated in post #8, it can be pretty automated. I'll bet if the devs looked at the post and sign-up history of the spammers, they'll see it was at most a few seconds between sign-up and first post.

In the email world, most spam is sent from compromised computers. It doesn't take long for ISPs to detect suspicious activity and isolate machines or subnets to stop the spam. By forcing an automatic delay between sign-up and first post (a few minutes will do), much spammy content can be avoided.

I think what most people complain about are arbitrary limits on post counts before pictures can be embedded. That's necessary because the camel's nose is already under the tent (heck, the camel just walked in through the open tent flap). If an initial waiting period was instituted (again, just a few minutes, time for a non-bot to make a cup of coffee), many downstream barriers could be reduced. If new users were moderated for their first five or ten posts, mods could tell pretty quickly if a user's first pic was of a naked bike or a naked woman.

Then there are various captcha-type systems, likely also pretty effective at separating the wheat from the chaff.

These are all well-understood tools. We encounter them all the time, mostly without noticing them. I am led to believe Internet Brands has a bunch of forum sites running on the same PHP-based software. Implementing some of these guards would ikely apply across the entire collection of websites.

livedarklions

I think you've already gotten your answer on the moderated first post bit--the volunteers really aren't going to find that a reasonable unpaid workload.

I don't want to spell this out too much, but this appears to me to be manually done, I don't think an automated program would do things in the sequence this is being done, it's taking hours to do what could be done in minutes. They're averaging approximately one post a minute, I think a properly automated system would be a lot faster than that. Hell, I think a person doing this could post a lot more nearly simultaneously but I don't want to give the spammers any ideas.

unterhausen

I think you are underestimating how patient spammers can be. If they have to wait 5 minutes they'll just program it into their bots. Signup and spam is often different people/bots. I have seen accounts that are over a decade old when they are used to spam the first time. Regular people are nowhere near as patient.


I imagine IB would fix picture uploading if they could, it causes everyone some degree of headache. The mod staff has suggested allowing new users to post pictures.

The current set of spammers has really figured out the forum rules and come up with one of the few kinds of spam that would work here. It must be incredibly low yield. It's a bit baffling. The side effects of making changes can be extensive. I'm a bit worried that a lot of innocent new users would be caught up in any mitigation effort.

smontanaro 

I guess I'm indirectly laying the blame at the feet of the forum devs (paid, I believe), not volunteers. By not implementing solutions which are available, they are the ones increasing the workload on the moderators.

livedarklions

At this point, I think it best to let the mods handle it in conjunction with the devs behind the scenes. My guess is they probably don't really want to discuss security measures in a public forum--why tip off the spammers?

livedarklions

TBH, I almost think this is a DDOS campaign disguised as spamming.

smontanaro 

Nah, you wouldn't get dozens. You'd get thousands upon thousands.

smontanaro 

Sure. I wasn't suggesting they should. I was offering possible mitigation techniques I've seen work elsewhere, developing spam filters and being a mailing list admin.

livedarklions

I chose the phrase "almost think" for a reason--point is it's a really stupid spamming strategy because it requires immediate removal to restore the usefulness of the forum. Something less aggressive would be up for much longer.

smontanaro 

This is just an educated guess.

Over time, search engine crawlers figure out the frequency of updates for various websites and web pages. Those which change more often (forum sites would qualify) are crawled more often. My guess is the spammers wanted to get their links sucked into the search engine, this generating crawling and by the sheer number of references on various spammed websites, get search engines to rank their sites higher in search results pertaining to whatever they are selling on their sites. (Search for Page Rank Algorithm.) It's very indirect, but when the scheme is executed at scale, I'm sure it helps.