FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Block spam posts containing popular spam products





Ankhanu
Most of the spam I've been reporting as of late has been for a suite of software titles, such as a "4Videosoft" converter. It might go a long way to cleaning and preventing the spam accumulation to put in a filter for the most common spam products (whether the text, or elements of the domain names/URLs used), perhaps throwing up a warning that the post contains a reference to spam, in case someone is legitimately asking about the software or what have you... this would allow someone legit to remove the link from their post to ask their questions.

Blocking the most common few sources of spam would go a long way towards reducing the spam traffic you mods need to deal with and that we end up reading.
ocalhoun
True... but it would also create more work compiling and updating that list...


...The way I think it works is,
Company that needs advertising --> pays --> spamvertising company --> pays (outsourced) employees/freelancers to spam
-or-
Company that needs advertising --> pays --> spamvertising company --> dispatches bots to spam

So, the block list would need updating every time the spamvertising company takes on a new client.
(I've played around with the idea of signing up to be a spamversising company employee... to see if I could glean some extra secrets about how they work, and maybe take them down from the inside...)


Of course... there are automated things that could be done...
searching for...
> The link | link or link|link|link signature format... particularly when all the links point to the same domain.
> The
link
link
link
signature format, particularly when all the links point to the same domain.
> Sharing IP addresses
> Making less than 4 posts
> More than 1 link in first post.
> Multiple identical posts.
> Multiple posts with URLs pointing to the same domain

An automated process could be made to look for combinations of factors like that, and then take automated action... perhaps with the severity of the action dependent upon how many spam characteristics the post matches. (Of course, some characteristics, like the <4 posts, would have to be required for any action, to protect against false positives against real, long-established members.)
More characteristics could perhaps be found, if we examine trends in usernames, emails, and 'website' profile fields filled out by spammers... Or perhaps if we examine the timing between spam posts for trends unusual in ordinary posts*.

*Such as a user's first 2 or 3 posts all being made within a span of less than 5min.
tidruG
We really need to look into it, I think. We have been getting particular types of spam lately. Specifically of that kind where people register, post one long post with a solitary link to a site/product and never return.

I think it's worth exploring additional counter-spam measures for specific kinds of spamming like this and the one you mentioned.
Ankhanu
Some good ideas there.

Could also disable link usage for new users. A couple forums I've registered for have done this, and while kind of annoying for a new user, it has its advantages in the spam realm. Until you make x posts, you simply can't post a URL in your posts. This, of course, doesn't address the signature linking, though.
ocalhoun
Ankhanu wrote:
Until you make x posts, you simply can't post a URL in your posts.

They'll simply paste the link in as plain text, and let it get automatically parsed.

... and if you disable automatic link parsing... they'll paste the link in as plain text anyway.

That should work...
But spammers are either too stupid to realize their links aren't working, or they are satisfied with even getting a plain text url posted.
Ankhanu
ocalhoun wrote:
Ankhanu wrote:
Until you make x posts, you simply can't post a URL in your posts.

They'll simply paste the link in as plain text, and let it get automatically parsed.

... and if you disable automatic link parsing... they'll paste the link in as plain text anyway.

That should work...
But spammers are either too stupid to realize their links aren't working, or they are satisfied with even getting a plain text url posted.


IIRC, the site(s) that utilized this simply didn't allow a URL to be posted; they'd return an error saying that URLs or links weren't allowed, even plain text (whether in [url] tags or not). Though losing the http:// might have gotten around that, I can't quite recall.
deanhills
Ankhanu wrote:
Most of the spam I've been reporting as of late has been for a suite of software titles, such as a "4Videosoft" converter. It might go a long way to cleaning and preventing the spam accumulation to put in a filter for the most common spam products (whether the text, or elements of the domain names/URLs used), perhaps throwing up a warning that the post contains a reference to spam, in case someone is legitimately asking about the software or what have you... this would allow someone legit to remove the link from their post to ask their questions.

Blocking the most common few sources of spam would go a long way towards reducing the spam traffic you mods need to deal with and that we end up reading.
AWESOME idea Ankhanu. If one could have put the word "4Videosoft" in a spam filter, particularly after the third incidence, then they would all have been caught. We've been having those now for months. I've also been reporting them so wonder how many others have. Our reports have to be spam in their own right in the Moderator Panel.

I'm completely fascinated with this spammer. As he/she is using different IPs obviously to do the same spam. Most of the spam posts are quality spam posts. The articles written in excellent English. This must have been the most sophisticated spam I've seen so far. Artistic, creative, resourceful and has not failed getting through Frihost's defenses so far .....

I just picture the spammer having great fun at all the Forums' expense that he has been targetting - who knows, maybe he is testing how he can get through Forum defenses for developing an anti-spam product that he will be selling to the Forum Administrators at a later stage. Including some very unique filter tools. It would tag some key words automatically from posts that have been identified as spam.
tidruG
deanhills wrote:
I'm completely fascinated with this spammer. As he/she is using different IPs obviously to do the same spam. Most of the spam posts are quality spam posts. The articles written in excellent English. This must have been the most sophisticated spam I've seen so far. Artistic, creative, resourceful and has not failed getting through Frihost's defenses so far .....

I doubt the posts are Frihost-specific. Whenever I search for portions of well-written spam posts on Google, I always get hits on other forums. I think spammers have become wise to automated measures against poor quality posts. So now, they probably basically have a number of well-written posts that are copy-pasted across the internet. It's not exactly a new concept (which is why on blogs and forums you will find a lot of spam posts with HTML code, which becomes instantly recognisable if you do not allow HTML tags in your comments), but what they're doing new is focusing on content quality. It probably doesn't take too long for one guy to sit and write 10-15 quality paragraphs with a single link. The advantages:

  • Less likely to be called out as spam by forums unless we specifically search for similar posts on the net and find that it's an organised spam attack.
  • Try to fool Google's algorithms because keywords in the text will be associated with the link to the home-page.


Devious!
deanhills
Thanks tidruG. Makes sense.

What does this particular spammer earn out of it? Were the links attached to 4Videosoft referral links?
ocalhoun
tidruG wrote:

Devious!

Oh, the devious ones are the ones who spam by saying,
"Can anybody tell me about [spam link]? I was thinking of trying it because they have [spam list of what's great about spam link], but I'm not sure."

Those are the ones I could see actually fooling moderators and actually luring real users into the spam site... A very sneaky form of advertising.

*edit*

Actually, speaking of, I just discovered a new sneaky one.
This pattern:
-Make one post asking, "What is [spam product]?" With no links.
-Reply to own post, answering with a [list of what's great about spam product], and a link.

Luckily, both were under the same username, which made the ploy rather obvious... but if the spammer had done this with two different usernames, it would be much more difficult to detect... it would look just like somebody asking a question and getting a helpful reply...
Related topics
Spam Assassin level.
Warn Moderator
does 31337sp34k make you giddy?
Frihost Forum Rules
Help with PhpBB
What is non-spam post?
my gmail cannot block spam
You're a spammer.
We steal the easy posts from those who needs them!
WooHoo! My forum just made it over 1000 non-spam posts!
Anti-Spam Quarantine
1 million posts!
SPAM - not just canned meat!
Return to Original Forum after Submitting Spam Report
Reply to topic    Frihost Forum Index -> General -> Suggestions

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.