Recent spam attack

[Paul]

I'd like to thank everyone who has reported the many spam posts over the last few days. Your effort *really* helps!

Robin's on a brief vacation. Normally she monitors spam and proactively bans spammer accounts and the IP numbers they use. This recent surge of spam isn't really anything new. We're just feeling the effects of not having Robin's behind-the-scenes work for several days.

I just went through the last few days of spam, and banned a couple hundred accounts and IP numbers. Hopefully that'll quiet things down a bit until she returns tomorrow.

Long-term, we're planning to migrate this forum to Xenforo & Vaultwiki. I know there are a number of things we could do on the software side, but we're intentionally avoiding extra mods or customizations, since they greatly complicate preserving all the forum data during the migration process. Originally I'd planned to migrate last June-July, but Teensy 3.5 & 3.6 development took priority and has pushed those plans well into 2017. Xenforo isn't likely to solve all spam issues, but it will bring new anti-spam features. We'll probably also be more open to mods after we're comfortable with Xenforo.

In the meantime, my hope is the reporting of spam and Robin's monitoring will continue to be pretty effective. It's tempting to jump into problem-solving mode on spam and get distracted from developing Teensy and helping solve real problems that real people have. There's much to do, especially on libraries to leverage the powerful peripherals in the new boards. Your reporting the spam posts really does help me to stay focused on developing Teensy and libraries and Arduino contributions, and helping real people with their projects.

 

[Arctic_Eddie]

Are you banning the exact IP or including all possibilities in the last octet?

It seems strange that the spammers continues their attempts when nobody views the post. I spot them by just hovering over the title and never go beyond that point.

 

[KurtE]

Like every weekend they are back.

Sure wish there was way to make it harder for them. Like maybe not allow links for your first 5 postings. Not allow postings to certain sites.
Not allow link names with names of sports teams...

 

[Arctic_Eddie]

Some forums require a new member to have their first, and sometimes second, post approved by a moderator before it can be viewed by the general membership. Maybe the new forum software that Paul spoke of recently has more features that might add to his ability to stop the garbage.

 

[defragster]

..
It seems strange that the spammers continues their attempts when nobody views the post. I spot them by just hovering over the title and never go beyond that point.

Agreed - not sure why they bother - post's don't last very long even when they get in.

Arctic_Eddie> In order to stop the spammers from enjoying any benefit PJRC made all users able to WACK SPAM and delete a post with a single: " REPORT POST "

Open the post and click on the lower left Triangle Exclamation point - I copy the message text on the report with a click drag select, copy , paste - otherwise I have to type something to submit the report.

 

[Arctic_Eddie]

I hesitated doing that as I didn't want to increase the 'viewed' count and encourage the spammer. By just hovering over the title, I could see the content. Usually, the title alone is enough of a clue. Does the WACK SPAM button prevent the count from increasing?

 

[GremlinWrangler]

As far as I know hitting the wack a mole button is the most effective since it hides the post both from further increase in view counts and from any potential payout monitoring crawler software. I'm assuming the live streaming links are trying to push up the page rank for google et al rather than actually getting any forum member to directly click on them, so wondering if it would be possible in moving the forum to get new joiners links to be hidden from search engine crawlers. Potential there to loose something ground breaking of course.

Also wish I knew what the live streamer poster was using as thread title text since it looks like sentences lifted from a book or similar. Wondering if you could trace their work by following the narrative across the forums of the internet.

 

[defragster]

I hesitated doing that as I didn't want to increase the 'viewed' count and encourage the spammer. By just hovering over the title, I could see the content. Usually, the title alone is enough of a clue. Does the WACK SPAM button prevent the count from increasing?

It does indeed up the view count - just before the post is OBLITERATED.

If anyone seeing SPAM did that it would be gone even sooner. The 15 second wait was even removed so popping a couple in a row doesn't take as long.

In fact you click the post - hit the REPORT POST - and submit the note on WHY and then it tries to return to the post - but cannot as it is PUSHED out of the system and into an ADMIN location where only PJRC gets to bring it back if there was an improper deletion.

 

[mortonkopf]

i have noticed today that spammers are starting new threads /posts without links, and then editing the posted message a short while later to add in a link. perhaps the spammer thinks that there is automated software running to remove those initial posts if they have links embedded.

 

[defragster]

Wow - that is dedication - they must be disappointed to return and find their posts already "Missing".

Invalid Thread specified. If you followed a valid link, please notify the administrator

 

[PaulStoffregen]

they must be disappointed to return and find their posts already "Missing".

The spam is almost certainly posted by bots. Humans appear to be involved in the registration process, but even there, seems like they're using some sort of tool to partially automate the process. It's possible the people & systems doing the registrations are selling the freshly made accounts to others who run the bots on behalf of disreputable SEO companies.

I'm pretty sure nobody, not even the bots, ever returns to check whether or for how long their spammy messages survived.

 

[defragster]

I've not noted an edited post that I marked SPAM - but some number are devoid of links which is just noise.

Do accounts with validated/reported SPAM get removed? That would make their bots frustrated and reports very dismal.

I just zapped one and noted the user had two posts - which is rare - so I went and zapped the other post too as it was also SPAM.

 

[PaulStoffregen]

Do accounts with validated/reported SPAM get removed?

The messages are deleted. The accounts get banned, not deleted, so another account can't be created with the same name or email. Recently we've also been adding their IP number to the list of blocked addresses. Sometimes when there's a clear trend, an entire 8 or 16 bit subnet is added to the block IP list.

This is a manual process. Usually Robin does it multiple times a day, but much less on the weekends.

Robin also looks for recently created but dormant (no posts yet) accounts that appear to be spammers. She bans them as well. These are actually more common than you might think, and her proactive identification of those accounts saves us from lots of spam before it gets posted. My theory is the accounts are being registered by one group of companies who sell them as assets to others who run the shady SEO services. That might also explain why the spammers seem to be so unaware of the effectiveness of which forums to target, since there's probably no feedback from the SEO folks posting the spam back to the people choosing which sites to target.