Grimrock

Asteroth wrote: Why are we plagued by this?!
Why does it haunt us??!!
Sometimes I feel like I should just curl up into a ball and leave the internet entirely. Paid spam-ninjas acting as double f%^#ing agents. WHY?!?!?!

The above quote is from a thread I nuked, as it was a reply to a spammer.

Moderating these forums has been an interesting experience in that I've noticed a few patterns emerging related to spammers.

First, why this forum? Probably a combination of a high google ranking and known forum software.

Second, who can afford actual humans doing spamming? That depends on the money spent on this form of "advertising", which we don't know, of course, but we do know that there's a huge difference between the salary levels of various net-connected countries, which has led to phenomena like "gold farms" for MMOs, where someone sets up a shop in China or somewhere in Africa, and pays kids to play WoW so that they'd have gold or high-level characters or items or whatever to sell to rich western-world idiots who'd rather pay money than play the game they're paying to play.

As long as the westeners pay more for their virtual gold than the investment to generate it, well.. there'll be someone who does it.

So, why wouldn't this work with spam? All you need is a bunch of people with marginal grasp of the English language to sign on to forums and beat captchas, and then let the bots take over. Maybe have a bunch of people hammering captchas alone, and when the system is known enough (like this forum's limited question/answer set), the bots can flood the forums.

But bots are easily spotted, captchas can be updated.

Next step is to require a bit higher grasp of English language and make a few posts spread out over a few weeks, and then, when the account has some credibility, post the spam links. If done well, nobody will notice, but Google will, and the advertised sites' ranking will go up; mission accomplished.

So, what kind of task would this be for the spam-peon? I'd suspect they'd get paid per post, which means the more posts you do, the more you're paid. So you don't want to spend a lot of effort on your posts. So you get stuff like, "I had the same problem, thanks for posting!", which might as well be an output from a bot..

The more sophisticated ones read a few posts and then write something in the same lines, but often you can spot that they don't really know what they're talking about. Unfortunately, there's lots of people who are posting legitimately and don't know what they're talking about either, so one can't just go banning people on a hunch =)

Sometimes the quality of posts from the same account vary a lot. There's some very convincing posts, and then there's almost-botlike posts; this probably just means that the posts are farmed to several people, some better at their job than others.

So, what can be done about this? Nothing much, really, apart from what we're already doing: updating the captcha and cleaning up the forums every day..

There's, of course, alternatives, but they all make things worse.

1. Require CC information to register
- Good bye, most of the users; many people either don't have a CC (being underage, for example), or are not comfortable giving the info.
- There's also plenty of CC fraud out there, so the CC validation isn't exactly bulletproof.

2. Require bought copy of the game(s) to register
- Not a very good PR-move, and there may be people contributing to the forums who haven't bought (or otherwise acquired) the game.

3. Use stronger captcha
- Makes things tougher for actual humans, and won't stop spam farms anyway.

4. Put new users' posts into moderation queue
- Would hide spammy stuff from other users until moderators feel the user is safe, but...
- Makes life harder for new users (who often register to find a solution to either technical or gameplay problem)
- Makes life harder for moderators (more work)
- Won't stop smart spam (due to posting more or less sensible stuff for some weeks).

5. Disallow links
- This is the internet. We like links. And, reporting problems often requires links.

6. Login through twitter/facebook/etc
- As if those services don't have fake accounts..

Do you use any anti-spam services like akismet?

http://www.1stwebdesigner.com/wordpress ... lternativ/

Palander wrote:Do you use any anti-spam services like akismet?
http://www.1stwebdesigner.com/wordpress ... lternativ/

I'm all for akismet, but it's not my decision to make =)

Anyway, it won't completely stop "smart spam", as it's virtually indistinguishable from normal users: written by humans, spread out through time..

I think if links within signatures could be banned until the user has at least a certain number of posts (5? 10?) that would help a bit, as new legit users don't really need that. But then more importantly, if we could get a notification when a user adds a link to their signature if they have less than, say, 15 or 20 posts, that would help us quickly nuke the ones that manage to make 10 decent fake posts before sneakily updating the profile with a spam signature link.

Komag wrote:I think if links within signatures could be banned until the user has at least a certain number of posts (5? 10?) that would help a bit, as new legit users don't really need that. But then more importantly, if we could get a notification when a user adds a link to their signature if they have less than, say, 15 or 20 posts, that would help us quickly nuke the ones that manage to make 10 decent fake posts before sneakily updating the profile with a spam signature link.

We don't have that fine of a control that we could disable links or bbcode from signatures of certain users/groups but I think we should be able to disable signatures altogether until X amount of posts have been made. How would that sound?

edit: actually I found some custom code that would do exactly what Komag suggests. The code doesn't look very complex either (I'm always a little careful when adding plugins or custom code since it might make long term support/updating more cumbersome). Should we give it a go?

All I know is that I have an irrational fear and aversion to spam. They have me terrified. ('cept on almost human's blog updates. Everyone commenting there is a spambot. The comic absurdity immunises me.)

What about disabling links in user names? Most of the bots seem to be named with hyperlinks.

Let's try it for a month or two, see how we like it. Maybe let's start easy on people, only require 5 posts before allowing links in sigs, then notify us if link is added between 5 and 10 posts

Actually getting the custom code to work turned out to be a little more scary than it looked like at first glance so I went with the solution that new users cannot add signatures. I set the limit to 10 posts for now.

Now we'll have to just wait and see what kind of an effect it has. Oh, and let me know if you spot any other irregularities too because doing that meant that I had to set up the user group for newly registered users. I tried to match their permissions to the ones that regular users have (with the exception of signatures, of course) but it's always possible that something has managed to slip past my radar.

Sol_HSA wrote:

Palander wrote: Anyway, it won't completely stop "smart spam", as it's virtually indistinguishable from normal users: written by humans, spread out through time..

It depends... it can be stopped if the post is made on several forums bundled with such an anti-spam. And of course spammers do that! This reminds me of :

viewtopic.php?p=49154#p49154