Spam Update

Status
Not open for further replies.

Robin

Administrator
I'm sure you've noticed an influx of spam recently. Bastards...

I've gone through recent user registrations and saw that the spammers were coming from about 4 different blocks of IP addresses. Those are all banned now. It's like a game of whack-a-mole. Grrrrr.....

I'm working on a Spam Cop user group that will be able to ban a spam message with only 1 report rather than 3. I'm having a few challenges with it, but I'm sure I'll get it worked out. Give me a day or two and I'll start making some users into Spam Cops.

We're reluctant to put too many restrictions on first posts because we want to encourage new users to follow the forum rule and post links that are relevant to their project. I am looking at whether or not I can prevent someone from only posting a link in their first post, I'm not real hopeful on that option, but I'm looking into it.

In the mean time, keep reporting spam as you see it by clicking on the triangle with the ! in the lower left corner of the post. Three reports will make it disappear for everybody but me.
 
Is there any type of first post filtering you can do, such as requiring very first posters to put "first post" or something like that in the post title? This way it would make filtering spam posts super easy. I don't think it would help with repeat spammers, though.

EDIT: I think someone else mentioned it a few weeks back, but all the spam posts seem to include just a single link in the post description and no additional text. Perhaps the single link and no other text can be used as an "identifier" of a spam post?
 
Last edited:
How many new REAL users do a 'first' post on a given day? Could you just set moderation review on all new users? Spammers would never get their message out - though REAL first posters would then have to wait for moderation. Spammers that get in seem to be able to jump any hurdle. [maybe they just post twice unless the system can black list any user under moderation]

Of course all this changes if PJRC leaves vBulletin - is there only one level of 'moderation required' purgatory? If there were a second queue all new posts could go there and any 'SPAM COP' group user could let valid posts out (without the addition of one strike removal by a spam cop groupie) , and spam mark any queued bogus entry that would show up where it does now. That requires system support - but would allow 24x7 response - odds are if no spam cop is cruising the forum at some odd hour then nobody would respond to the first post anyhow.
 
Eventually we may have to consider using moderation on first posts if the spam gets worse. But there are many much less drastic measures we'll try first.

I'm also trying stay focused on answering tech questions and fixing bugs and developing new libraries and features and products. Many of the things we could do would require me to get involved on a technical level, some moreso than others.

For now, Robin's working on setting up the SpamCop group. That simple change should drastically cut the time spam is visible.

Until only a few days ago, Robin was only banning specific IP numbers. Now she's blocking 8 & 16 bit subnets. It's a game a whack-a-mole, but those subnet blocks are really cutting down a lot of the spam. It appears the spammers are using low-wage human labor in specific areas.

If things get worse, another option we have is turning on the Are-You-A-Human check on the first few posts. That's really annoying for legitimate users, and it'll only slow the spammers... but it's probably the next step that reduces the problem without preventing real people from posting questions immediately and doesn't drain away dev time from answering questions and developing new stuff.
 
How about shipping a token of some sort with every PJRC product? Customers can enter the token when they create their forum account to bypass new user annoyances. Non-customers with questions get whatever the usual inconvenience is.
 
Last edited:
How about shipping a token of some sort with every PJRC product? Customers can enter the token when they create their forum account to bypass new user annoyances. Non-customers with questions get whatever the usual inconvenience is.

I've actually considered doing something very similar to this. A physical token would be really problematic for sales through distributors, but Teensy itself could be the token with special software support in Teensy Loader to generate the proof-of-ownership key. Anyone with a USB microcontroller and low-level USB programming experience would probably clone Teensy's descriptors well enough to spoof such a scheme, but if the only benefit is bypassing forum anti-spam measure, hardly seems like a big deal.

This idea falls into the category of things that would take significant time away from dev time used for answering tech questions, fixing bugs and developing new software and products.
 
Paul, I had something simpler in mind. Just a random number printed on the sticky paper used to close the pink bags. One time ever a file of random numbers would be generated. Whenever you print new sticky product labels, the next batch of random numbers would be 'mail-merged' in. These days it's easy enough to generate enough tokens that you never have to do it a second time.

But, from my perspective, the spam problem is minor and like so many of us, I'm much more excited by what you do, "answering tech questions, fixing bugs and developing new software and products."
 
If you just search for "live streaming" in a post, you'll get all the recent spam I've seen.
 
If you just search for "live streaming" in a post, you'll get all the recent spam I've seen.

I feel like the spammers are reading this thread where we are discussing what to change/audit, because I noticed a spam post yesterday that had other terms such as "processor", "LCD", "memory", etc., in addition to the live streaming link. So I feel like they're adapting to different methods based on our plan of attack to combat it.

Regardless of what content is in the spam post, IIRC all of them linked to a post in Reddit. Can we use that as a filter? I don't think I've seen any "authentic" posts from users where they linked to Reddit.
 
Last edited:
test test 123

I made this for a SPAM test and killed it - Robin Restored it - I wondered how it showed up on my thread
 
Last edited:
We're avoiding more forum customizations. vBulletin is dying. We're going to migrate to XenForo at some point, but probably not until after Teensy3++ is released.

The migration process only imports vBulletin's base features. Fortunately, we've been running pretty close to the stock vB setup. Diverging from that could really complicate the migration.

XenForo has more powerful anti-spam features, and it's being actively developed and maintained by people who care and are deeply invested in its success. In fact, they're mostly the former vBulletin devs.
 
I noticed yesterday when I hit 3 or more spam's they all just went away. I posted a 'test' here minutes ago and flagged it SPAM and it went away - it seems that one strike removal is active? If that works for me and a few others - spam won't last long and isn't worth any other effort - beyond what PJRC is doing on the IP blocking etc.

I did notice the trend to more text in posts - and even simulated tech relevant content

<edit> just tapped another 'football spam' and it vaporized
 
I might have gotten frustrated with playing whack-a-spammer and lowered the threshold to 1. Behave yourselves.
 
I might have gotten frustrated with playing whack-a-spammer and lowered the threshold to 1. Behave yourselves.

This seems to be working well - at least on pushing off the spam posts. I wonder if they ever give up when they get so little traction?
 
This seems to be working well - at least on pushing off the spam posts. I wonder if they ever give up when they get so little traction?

You are presuming its humans doing the submissions. My guess is that we're dealing with a botnet of CPUs in various places of the world that has been given a list of vbulletin installations and has been programmed to target them specifically.

Many sites add on captchas and so on - add enough entropy / bypass difficulty to the registration process to foil common scripts. That works ok until you reach a certain scale and then they'll target you with low paid humans.

Also consider how click fraud affects these criminals... It's entirely possible that the spammer is only paid on the basis of how many posts they managed to get up, not the click through rate.
 
Last edited:
Am I right to think that > 95% of these botnet computers are running outdated Windows versions (XP and earlier) and that their owners have no idea of what their computer does in its "free time"?
 
Oh it gets worse than that. No OS is immune, some are simply harder to crack than others (i.e. FreeBSD with a good admin). Commercial use OS's are riddled with holes, especially if a user installs garbage like adobe flash, etc.

They've caught ios devices with click fraud happening while people played dumb games. That is, the person would play a game and in the meantime the phone would be requesting hundreds of ads yet never display them. The criminal then collects $ for steering people to those ads. The advertiser has no way of knowing which ad views were legitimate, only that the follow-on uptake was zero.

The iPhone and iPad users likely noticed that their devices were warm, sucked down tons of bandwidth, but had no explanation until someone analyzed the web traffic requests coming out of the device while they were playing dumb games. Best of all, the garbage continued even if the application was in the background.

Unless apple and other OEMs take an interest in this sort of stuff, I doubt it will get resolved. Too many people want the technology but cannot be bothered with handling it responsibly.
 
Last edited:
This seems to be working well - at least on pushing off the spam posts. I wonder if they ever give up when they get so little traction?

They never give up. They slow down a bit when IP address are blocked, but they just find another server to exploit. Grrrrrrr.....
 
I have a small forum on forums.net for my pro work. I set it up as by invitation only. New user must request an invitation. The admin or delegated moderators look at the requests and approve each. That causes an email to go back to the requester to start the registration. Works for forums with low registration rates.
 
Status
Not open for further replies.
Back
Top