Dealing with Forum Spammers?



  • As you may or may not have noticed, a certain spammer keeps spamming the forums. Aside from deleting all the messages, is there anything that can be done to stop this without placing an undue burden on the majority of users (requiring posts/users be moderated, etc)?

    Keep in mind this is a person, not a bot, and the individual uses a few different IPs, meaning a normal CAPTCHA and IP-Bans won't work...





  • How do you know it's not a bot? Maybe they are just using one of the famous "mechanical turks" to pass the captcha... (Or someone figured all the words that get cycled... not like it would be hard...)

    In that case, tried doing the usual stuff? Like renaming the critical pages or adding a "I'm not a spammer" check box on the "register" page?

    If he's really a human, he will probably read this topic as well, so I don't think there is much to do besides iwpg's solution.



  • This was on some news site a few weeks back.

    http://www.caveyourtrolls.com
    It might also work as a spam filter perhaps, since you say it's a human spamming. 

    I'm unsure if it would actually work though. I actually think it won't. But i thought i might mention it.

     
    The other option would be to  delete posts on specific content (since from what i've seen he's pretty single minded about what product to spam). But those kinds of things tend to backfire.



  • If it's just a regular idiot with a bunch of dynamic hosts, IP-based bans will work fine; just because somebody is using half a dozen different /24s doesn't mean you can't ban them all. If it's an idiot with a botnet, it's usually not that hard to programmatically detect and block, and it's probably already in the blacklists anyway.

    CAPTCHAs have never worked, except to deflect the most moronic of spammers towards easier targets. I can bust them in my sleep, and so can the spammers. 

    Far more determined spammers have tried far harder than this, and all have fallen. There is no such thing as a spammer that you can't detect and block. The problem with spam isn't that you can't block them, it's that you can't block the next one before they slip at least one spam past you.

    No further meaningful comment is possible with the information provided.



  • Almost every message/username I've seen involved the word Nike. Although that's a lame block method.


    Another method would be to boost the number of moderators.


    Or slash-dot style moderation


    Rent a bot-net and DoS.


    Have a karma system, and prevent low karma users from posting alot (the more karma they have the less flood barrier they have).



  • I'm currently citing the tibet.org website for the "reason" part when I delete his posts (so he receives incriminating content), hoping that this might one day draw the attention of the Chinese authorities towards him - when they confiscate his PC, he might stop spamming this forum.



  • What boggles the mind is that if this is in fact a real person, how didn't they get the hint yet that there's exactly 0% chance of anyone on this forum being interested in his products.

    Furthermore, I'm curious as to what's the sense behind the spam and annoy marketing technique is he using, and why (presumably, since he persists to use it) does it actually work in some places.

    Almost every message/username I've seen involved the word Nike. Although that's a lame block method.

    I second this motion. I don't think there's any legitimate reason for anyone to be advertising running shoes in this forum anyway.



  • @Alex Papadimoulis said:

    Keep in mind this is a person, not a bot

    How do you know it's a person? The posting pattern doesn't seem to match human-ness.



  • @Sunstorm said:

    What boggles the mind is that if this is in fact a real person, how didn't they get the hint yet that there's exactly 0% chance of anyone on this forum being interested in his products.

    Furthermore, I'm curious as to what's the sense behind the spam and annoy marketing technique is he using.

    Those questions are pretty easy to answer. That he's not a bot (which I still don't believe) doesn't mean he can't use bot-like marketing techniques. It was never intended to sell anything in this forum. It's just about link farming. He hopes that if he leaves enough links here google will eventually pick it up and up the page rank. I don't think this technique still works but we saw already in the other threads how amazingly behind the times some people can be...

    The other theory is of course that he is in fact a disgruntled manager/initech employee who found his code featured here and now wants to destroy this site as his revenge ... by gnawing it off ... piece ... by ... piece...



  • @dhromed said:

    @Alex Papadimoulis said:
    Keep in mind this is a person, not a bot

    How do you know it's a person? The posting pattern doesn't seem to match human-ness.

    One can never be 100% certain about this, but looking over the log files, the user downloads all JS/CSS/images, and has a standard-time click pattern (as opposed to instantly going from page to page). Plus, everytime the account gets banned, a new one is created. While someone could certainly develop such software, it'd probably be easier and less time consuming to pay some Chinese guy (or be that Chinese guy) ...



  • @Alex Papadimoulis said:

    @dhromed said:
    How do you know it's a person? The posting pattern doesn't seem to match human-ness.

    One can never be 100% certain about this, but looking over the log files, the user downloads all JS/CSS/images, and has a standard-time click pattern (as opposed to instantly going from page to page). Plus, everytime the account gets banned, a new one is created. While someone could certainly develop such software, it'd probably be easier and less time consuming to pay some Chinese guy (or be that Chinese guy) ...

    That's pretty convincing, yes.

    Maybe it's a robotic contraption pressing keys and moving the mouse.



  • If he's in it for the links, then why not alter all links to point to a re-direct script.
    http://worsethanfailure.com?redirect=UrlEncoded( url )

    Then implement the redirect script not with a header redirect but with javascript.After that it won't matter anymore, because no search engine will understand that that's a link to another site.  

    The only problem would be, that he might not understand that his spamming isn't having any effect anymore on this site.

     

    It isn't the greatest of idea's but i figure your better of trying to fight the reason he does it, then fighting him doing it. 




  • Another idea, rather sophisticated: Instead of locking the account, which only causes him to create a new one, set a mark on his account so every post he makes triggers a timer that causes the post to be deleted after 3-10 minutes, using one of several pre-defined reasons ("go away", "you suck", "free tibet") etc. So he thinks that this forum has very busy admins and probably goes away.

     



  • @stratos said:

    If he's in it for the links, then why not alter all links to point to a re-direct script.
    http://worsethanfailure.com?redirect=UrlEncoded( url )

    Then implement the redirect script not with a header redirect but with javascript.After that it won't matter anymore, because no search engine will understand that that's a link to another site.  

    That has got to be one of the more roundabout methods to simulate the rel="nofollow" attribute on links that I've seen in quite a while.



  • Tweak the site code so that you can flag accounts as Chinese spammers (add another column to the users table or something), at which point all page requests respond with 301 redirects to random "free Tibet" websites. Should be easy - you can probably drop the code into a master page somewhere.



  • @asuffield said:

    @stratos said:

    If he's in it for the links, then why not alter all links to point to a re-direct script.
    http://worsethanfailure.com?redirect=UrlEncoded( url )

    Then implement the redirect script not with a header redirect but with javascript.After that it won't matter anymore, because no search engine will understand that that's a link to another site.  

    That has got to be one of the more roundabout methods to simulate the rel="nofollow" attribute on links that I've seen in quite a while.

    Although your right, you can't be sure search engines will be nice enough to respect that. 



  • @stratos said:

    @asuffield said:
    @stratos said:

    If he's in it for the links, then why not alter all links to point to a re-direct script.
    http://worsethanfailure.com?redirect=UrlEncoded( url )

    Then implement the redirect script not with a header redirect but with javascript.After that it won't matter anymore, because no search engine will understand that that's a link to another site.  

    That has got to be one of the more roundabout methods to simulate the rel="nofollow" attribute on links that I've seen in quite a while.

    Although your right, you can't be sure search engines will be nice enough to respect that. 

    Google invented it, yahoo and MSN respect it. Who gives a damn about any other search engines? 



  • The chance that some no-name search engine won't respect nofollow is no reason to cut off hyperlinks for any browser that has JavaScript disabled (cough NoScript cough) or doesn't support it.



  • Make a user's first 20 posts go through a review process before they show up on the site.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.