Spam cleanup

posted by Jeff | Thursday, February 24, 2022, 10:36 PM | comments: 0

After 20+ years with CoasterBuzz and PointBuzz, it shouldn't be surprising to hear that I've had to deal with a lot of spam over the years. I've never understood why anyone would bother with trying to drop spam there because the communities are busy enough that there's always someone there to take it down relatively quickly, but not so big that it can go unnoticed. Well I missed a ton that landed last year, and I removed over 10,000 accounts generated in the same two weeks.

Let me dial it back to the start though. Since I rolled my own forum, and it's still around today, I learned some things the hard way early on. The first was to introduce a time delay between posts, because someone quite easily scripted a pounding that flooded the forum with thousands of posts. By introducing a delay, they could only do damage very slowly. Around the same time, I implemented ban lists for IP addresses, as well as email addresses. From the start I required email verification, so you couldn't do anything until you clicked a link in email.

Later on, there were things like Google's reCAPTCHA to detect bots, which I adopted for the sign-up process. This all worked pretty well, but eventually someone figured out that you could pay people on the other side of the world next to nothing to start putting stuff on the Internets manually. I discovered this was going on a few years ago by doing some forensic analysis of the stuff that I log. Even anonymous users have their session recorded by IP. You could ascertain by looking at the events, a sign-up, an email verification, that it was in fact humans doing the work. They would often create a number of accounts in a row.

The actual things people would post was the usual spamming posts, but they got tricky. Sometimes they would place a link on a period so you couldn't tell it was there. Even better, they would actually act like a new member, and when their post was back far enough, they would return and edit a link into the text. But the big thing they started doing was not posting at all, and filling their profiles with spam. This is kind of stupid for a few reasons. First, putting text in the post signature field is only seen if you post, and they weren't doing that. Then they would put a link in the web site field, but without text around it, it has little to no value for search engines, and that's what they want, not random people to click links. There's also the issue that profiles are only indexed if they happen to appear in the "currently online" list, which changes all of the time. They could manually submit the URL of the profile, but again, without context, it's of little value to search engines.

So basically, there's just a lot of annoying data that no one will ever see. It was easy enough to sniff it out, because they do silly things that makes the spam stand out as abnormal. I added a feature to look at recent accounts in the admin, which includes email and IP, and I've gotten to know the blocks that are based in India and other places where there are few roller coasters. Again, what they signup with is often a dead giveaway.


No comments yet.

Post your comment: