forum spam handling

[petzl]

9 hours ago, RobiBue said:

Apologies, but I do see a problem with that. I mean, this is a spam fighting forum, and if someone posts a question about a spam and the words include something that would be filtered, then the OP would have to wait until the admin frees it to the forum...

Just need to invoke a CAPCHA or what is 1+2 = or something similar
Anyone who can't work this out is not going to be a full quid
This forum is being destroyed by spammer static. Google can't search it efficiently and was a good anti-spam resource,

[Lking]

8 minutes ago, petzl said:

Just need to invoke a CAPCHA

we add one several months ago.  Sign out and then click the sign up button to see it.

[petzl]

2 hours ago, Lking said:

we add one several months ago.  Sign out and then click the sign up button to see it.

Not working it seems?

[gnarlymarley]

31 minutes ago, petzl said:

Not working it seems?

Nope, the capcha is not working.  I think it was only about two months ago that Richard increased the capcha challenge level.  Due to the typos and spaces, I don't think this is done by computer.  I think it is done by one or two humans.  If it is humans and you try to stop them with a capcha, you will  also stop legitimate forum users.

But then they have already developed AI on computers that can read any capcha more accurately than humans, so maybe it is a computer.  The "typos" as I call them appear to be when copying from a microsoft product where a space is sometimes added at the beginning or end.

[petzl]

16 hours ago, gnarlymarley said:

Nope, the capcha is not working

Just a check box I'm not a robot

[Lking]

9 minutes ago, petzl said:

Just a check box I'm not a robot

Well not working the way we expect.  (Surely did not block/slow down any spammers this morning!)

On the other hand when I checked earlier, I checked the box and got a series of 4 or 5 'find the traffic lights, car, bicycles'   Now it checks the box for me. So I tried changing my IP (moved VPN from Texas to Chicago).  Still didn't ask.  Cookies maybe?? It did seem to take a second to say I was OK - could be slow network or system was reading a cookie

At any rate, It is not significantly blocking spammers.  If my anecdotal test is true, a human gets passed the first one, and the bot can do the rest.

[petzl]

3 minutes ago, Lking said:

Well not working the way we expect.  (Surely did not block/slow down any spammers this morning!)

On the other hand when I checked earlier, I checked the box and got a series of 4 or 5 'find the traffic lights, car, bicycles'   Now it checks the box for me. So I tried changing my IP (moved VPN from Texas to Chicago).  Still didn't ask.  Cookies maybe?? It did seem to take a second to say I was OK - could be slow network or system was reading a cookie

At any rate, It is not significantly blocking spammers.  If my anecdotal test is true, a human gets passed the first one, and the bot can do the rest.

My bank has three fields, two need different passwords?
Maybe a solution, I read though you believe they are manually entered not by Bot?  

[Lking]

1 hour ago, petzl said:

believe they are manually entered not by Bot?

I was guessing. IF my experience today is indicative I just suggested that a human passes the  capcha then a bot takes over (using the same PC/IP) and creates several accounts to later post the spam.

I think there are several approaches in use.  1) A bot, does it all opens account, replies to the challenge email, and post spam.  (15min - hr between join and spam). 2) cheap labor does step 1 & 2, bot post spam.  3) Some poor sap does it all.  I think a signs of human are changing the photo, posting 'interest', 'about me', sex, location, etc.  But most spam accounts don't do anything except post one spam.

[petzl]

2 hours ago, Lking said:

I was guessing. IF my experience today is indicative

Yes I value your experience.
Signed out removed all cookies and passed the "captcha" test one click?

[RobiBue]

Oh dear, I think I created a monster 😉

I haven't been active recently. just been popping in occasionally (lately)...

Anyway, back to the discussion:

I do believe that the login in created by carbon entities who are promised a certain amount for every successful post

On 8/26/2019 at 10:02 PM, Lking said:

I was guessing. IF my experience today is indicative I just suggested that a human passes the  capcha then a bot takes over (using the same PC/IP) and creates several accounts to later post the spam.

I think there are several approaches in use.  1) A bot, does it all opens account, replies to the challenge email, and post spam.  (15min - hr between join and spam). 2) cheap labor does step 1 & 2, bot post spam.  3) Some poor sap does it all.  I think a signs of human are changing the photo, posting 'interest', 'about me', sex, location, etc.  But most spam accounts don't do anything except post one spam.

approach 1) I think it's too complicated, as there are too many diverse systems floating around.

approach 2) more likely, but still with the differences in the systems somewhat complicated to have bots do it right. although sometimes the resulting spam posts do seem incoherent at best.

approach 3) is IMNSHO the most likely scenario. I think what they do is do some bookkeeping to receive their money, and that is what takes them so long in-between, and they probably have different forum systems open and jump from one to the other. Then, at the end, they copy and paste the spam into all the open forum posts they have in their batch.

 

So let's say it's carbon entities and not silicon based bots.

Side question: why isn't the advertised "By harnessing the combined knowledge of thousands of Invision Communities, our spam Defense can assess the potential threat of each new user and stop them before they can cause any problems. It's instant and free with all plans." not working?

My original thought on marking them as spam by peers, hiding the post in default view after a certain amount of reports, would still be the most feasible option -- if the original developer could/would implement it, that is.

[Lking]

1 hour ago, RobiBue said:

My original thought on marking them as spam by peers

Several thoughts.  You had marked 4 of the 12 spam I cleaned up just now. In the morning (when you read this) one member, sometimes two, will mark the spam before I delete it even when I sleep in.

Another way to look at it is

• On "Thursday"  10 members visited the forum
• 6 show 1 post and have 1 warning point (i.e. been band for spamming)
• 2 have joined and not posted yet.
• That leaves 2 members in good standing ( + me)

[RobiBue]

17 hours ago, Lking said:

Several thoughts.  You had marked 4 of the 12 spam I cleaned up just now. In the morning (when you read this) one member, sometimes two, will mark the spam before I delete it even when I sleep in.

Another way to look at it is

• On "Thursday"  10 members visited the forum
• 6 show 1 post and have 1 warning point (i.e. been band for spamming)
• 2 have joined and not posted yet.
• That leaves 2 members in good standing ( + me)

If I read this correctly:

1. 10 members visited the forum; that is everybody that logged in/signed up(registered) (but not guests) to read and/or post (including me)
2. 6 of the 10 have all been now banned for spamming and received a warning point (for posterity)
3. this leaves 4 (including me and you) and 2 of them have not posted yet

• so who posted the other 6 spams?

I am a bit confused...

And according to what you say, there aren’t enough people around to mark the spam...

bummer!

Edited September 1, 2019 by RobiBue
Added som comment

[petzl]

just looking at latest forum flood

https://pil4pedia.com/krygen-xl/
198.54.125.159   NAMECHEAPHOSTING.COM

https://topwellnessblog.com/control-x-keto/
185.61.152.24  NAMECHEAPHOSTING.COM

[gnarlymarley]

On 8/26/2019 at 6:39 PM, Lking said:

If my anecdotal test is true, a human gets passed the first one, and the bot can do the rest.

I can cut and paste from wordpad almost faster than running a scri_pt anymore these days.  A few months ago, we had some duplicates where the email subject (or the post's title) where one started with "http" and the other started with " http".  So if a bot is posting it, would the bot randomly add a space in the title?  (Either at the beginning or the middle.)

On 8/26/2019 at 9:02 PM, Lking said:

(15min - hr between join and spam)

I think the quickest one I saw a few months ago was between three and four minutes.  If I was going to automate any part of this (via a bot), the sign up portion would be what I would automate.  Most of the providers have imap or pop and the fetchmail command can output the email directly to a scri_pt.  I expect that if I were to do this, the posts would show around the first 10 seconds of every minute.  (It could be they do a randomized sleep, but cron starts at the top of the minute.)

[petzl]

1 hour ago, gnarlymarley said:

I can cut and paste from wordpad almost faster than running a scri_pt anymore these days.  A few months ago, we had some duplicates where the email subject (or the post's title) where one started with "http" and the other started with " http".  So if a bot is posting it, would the bot randomly add a space in the title?  (Either at the beginning or the middle.)

I think the quickest one I saw a few months ago was between three and four minutes.  If I was going to automate any part of this (via a bot), the sign up portion would be what I would automate.  Most of the providers have imap or pop and the fetchmail command can output the email directly to a scri_pt.  I expect that if I were to do this, the posts would show around the first 10 seconds of every minute.  (It could be they do a randomized sleep, but cron starts at the top of the minute.)

The log-in IP is not a Bot'; 
Namecheap runs 1000's of Bot's from their domains, all with different IP's.
Domain blocklisting is now the most effective way of stopping forum spam.
https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level

latest flood
https://topwellnessblog.cXm/fungus-eliminator/
185.61.152.24  abuseXnamecheap.cXm

Edited September 3, 2019 by petzl

[gnarlymarley]

On 9/2/2019 at 8:53 PM, petzl said:

The log-in IP is not a Bot'; 
Namecheap runs 1000's of Bot's from their domains, all with different IP's.
 Domain blocklisting is now the most effective way of stopping forum spam.

This is in part why I try to put a note for the reports going to legitimate hosters such as "You might want to work with your customer to clean up their compromised system."

[ninth]

If the forum spam is caused by upsetting someone as was suggested on here recently then it would be helpful if the admin considered not allowing guests. As this is a niche topic most members join for the specific purpose of discussing a subject that is inherently private because it's caused by security breaches and cyber crime and most of the posts require at the very least a basic understanding of the technical aspects involved. It should be a safe place for members to be frank about a serious and growing problem affecting everyone online and not worry about causing offence leading to a headache for the forum minders.

[Hanco]

Do you need long time member volunteers to help with moderation? I’ll help deleting the actual spam posts if you like.

[ninth]

How about creating a new thread for off topic like on other forums and train the snake oil salesmen to post emojis there?

Winking smiley face

 

 

[Lking]

9 hours ago, ninth said:

and train the snake

How do you train a snake? Training requires an 'up-side' for the trainee. From the snake's point of view what would be the up-side for posting in the new thread?

[RobiBue]

snakes don't care where they post, as long as they can earn their bucks.
Honestly, I do not know what their incentive is, if they get commission per click, per proof of post, or per how long their spew was up until it got removed. would be interesting if one of them snakes could enlighten (sorry, a thing of impossibility)

 

Hah! (LIGHTBULB!) 💡
How to train a snake:
again, incentive (up-side) for the snake: when do they get paid? if someone clicks on their spew? have a snake pit for their garbage with a bot clicking on links only in that pit... well, probably bots won't be counted for clicks, but who knows, maybe a "promise" that if they post in the snake pit, people will click... ok, I lied....

Edited May 2, 2023 by RobiBue

[ninth]

16 hours ago, Lking said:

How do you train a snake? Training requires an 'up-side' for the trainee. From the snake's point of view what would be the up-side for posting in the new thread?

First restrict new members from starting new topics until they achieve a higher level of membership.

[RobiBue]

30 minutes ago, ninth said:

First restrict new members from starting new topics until they achieve a higher level of membership.

yeah, but...
how can one achieve a higher level of membership without "posting"...
starting a new topic or replying in an existing thread, both are equally bad when it comes to junk.
just waiting? some of them already do that. they create their "personas" a day or more ahead due to mandatory wait times in some forums.

hence my suggestion of already established members reporting and by adding reports, user gets blocked from posting until mod either kicks them or re-allows access.

I'd have several ideas or suggestions that could be discussed... Yes, maliciously blocking existing members is always a downside of such actions

 

edit:

as I am adding this, there are 9 new 💩posters in the system (one of them created their account on Monday) and three of them actively posting their 💩 at almost 5AM CDT

Edited May 3, 2023 by RobiBue

[ninth]

The other benefit of hiding the topic button for new members is they have to look around to post in existing topics so they think twice about posting comments already covered. Which leads me to creating a new warm and fuzzy introduce yourself here topic and restrict newbies to those areas and maybe the lounge for a trial period? 

The forum should recognize the difference between the spam and scam posts by strongly encouraging spammers to post in off topic with the incentive that if they cooperate by following the rules they avoid getting potential buyers offside and it saves time if their login and posts aren't deleted.

Note that many other forums experience this problem and receive the same posts at the same time when the forum to forum salesmen are awake and on the coffee and spamware. I appreciate the complexities involved in making changes to the forum at the back end but if they can be considered during future upgrades or maintenance work they work well on other forums.

[ninth]

Last but not least the multiple posts with the same phone number are an attempt to flood the search engines and be listed higher up in the results than the real companies in order to trap victims into handing over credit card details for goods and services that don't exist. According to rebooking scam complaints going backs years all roads lead to the indian version of flight centre along with paid ads at the top of the search which have the actual website but it redirects to a message to call those dodgy numbers. A woman answers without delay and either hangs up or hands over to a man if all goes well.

If the mods vetted each post before they go up would they take their bat and ball and go home?

Edited May 4, 2023 by ninth
tag