August 7, 2010Delayed Spamming
I’m sure I’m not alone in seeing this new spammer tactic… I called it delayed spam. How does it work?
A spammer registers on a board. They might not do anything for a while. Then they try to post something that looks legitimate, using generic language that could be appropriate anywhere. Stuff like:
You make some good points, please keep posting
I find your arguments compelling, can you link your sources?
Thanks, it helped me
None of those add anything to the discussion, but they’re not really spam. What happens next? The spammer goes quiet for a few weeks, hoping that the topics they have posted in will fade from the front page. Then they carefully go back in and edit their post. They might change the text of the post itself, or they might add a signature that wasn’t there before. They are relying on the fact that phpBB (and other boards as well) do not bump a post back to the front page if something is edited, only if new content is added.
Very frustrating.
So far I have not come up with a programmatic solution to the problem. I am working on code that will capture the edit history of a post and allow board moderators to revert to an original version, so that at least would let me prove how the spammer added their content after the fact. That doesn’t solve the problem, it just provides an audit trail should I decide to try to take action against the spammer.
A frequent suggestion at this point might be something along the lines of preventing someone from posting URLs or links until they reach a certain level of post. That doesn’t help either, as the spammers often have five or ten posts under their belt before they come back and edit. Plus it impacts the legitimate new users that come on board with questions that require links. It’s not my favorite concept.
So today what my moderator team does is a manual process. When we get a suspected spammer, they will do a web search for either their username, their email address, or both. If they find the same username on hundreds of different boards that’s a good indication they’re a spammer, especially if the user is recently registered on all of them. They can also pull up posts from the user on these other boards. If they look similar to what they’re posting on our board, that’s another indication. All of these steps are used to decide whether to preemptively ban the spammer before they spam, or decide to wait.
It’s all a manual process for now. So while I’ve been away from phpBB2 for a while because of other demands on my time, this has never really been far from my mind. I just haven’t come up with an idea that can be implemented in code versus a manual process.
Guess I should check in with the BB Protection folks, and see what they’re up to at this point.
Comments (4)
I heard about that not long ago from another website, where spammers were posting useless comments and editing them later on.
Probably the best I could think of would be logging all edits, rather than just editing by other users. But I imagine that would fill up the moderator logs pretty quickly.
I guess the main problem is that a moderator might pass the topic and would not normally view the topic again unless it was replied to or the topic was reported.
Comment by onehundredandtwo — August 9, 2010 @ 5:12 am
“If they find the same username on hundreds of different boards that’s a good indication they’re a spammer, especially if the user is recently registered on all of them.”
And from my experience running the honey pot forum which recorded the plain text password, they use the same username/password combination on other sites too.
Comment by Dog Cow — August 9, 2010 @ 1:09 pm
Most often this “technique” is used in seo forums as a form of “black hat” way of getting backlinks back to their sites to up their search engine rankings over time.
So my question would be, is the stock phpbb code for url links (both in posts and sigs) nofollow or dofollow?
I saw a forum (seo.ph) that has a warning on their front page that all links are nofollow so there’s no use of spamming the forum.
I’m not sure how this would help alleviate spammers.
Some seo forums even share lists of dofollow blogs and forums that they can spam with their links with senseless posts.
Maybe a good way is to code for the detection of recent activity. If a certain account has not posted for a long time (2 months?) then their posts are automatically tagged for review and if they are just senseless posts (kthxbye, etc) then an automatic email would be sent to check if they are still interested in the forum or are still active. Pending reply to that email their posts would be automatically rendered as junk so as not to belong to the thread.
/2c
Comment by Jed — August 13, 2010 @ 2:49 am
Easier way. Mod post approval notification and review panel. Any post that changes mods know immediately whether you have 1000 posts or 100 million post on your board
Comment by JLA FORUMS — August 13, 2011 @ 1:52 am