What is going on with these "sell CC whatever" threads

Is the site under attack by a virus, a persistent troll, or what? They're on every forum topic it seems but their deleted. What's going on?

And, good job to the mods.

Quote: Mooseton

Is the site under attack by a virus, a persistent troll, or what? They're on every forum topic it seems but their deleted. What's going on?

And, good job to the mods.

SPAM

FLAG

REPEAT

It's like 50 threads at a time.
We REALLY need a limit to threads per day per user. No one needs to post more than say 5 threads in 1 day. Any new user can well do with 1-2 threads in his first day.

Is anyone familiar with [GlowHost] Spam-O-Matic? It's a firewall that claims to stop forum spam.

But but but I like buying fresh dumps!!!

Quote: 1BB

Is anyone familiar with [GlowHost] Spam-O-Matic? It's a firewall that claims to stop forum spam.

The forums here are custom built.

Quote: thecesspit

Quote: 1BB

Is anyone familiar with [GlowHost] Spam-O-Matic? It's a firewall that claims to stop forum spam.

The forums here are custom built.

It's all Greek to me. I noticed another site that uses it and they keep a running tally of spammers denied registration.

Quote: P90

It's like 50 threads at a time.
We REALLY need a limit to threads per day per user. No one needs to post more than say 5 threads in 1 day. Any new user can well do with 1-2 threads in his first day.

I just put a speed limit on posts for new members. For the first 30 days of membership, the maximum number of posts someone can make is equal to the number of days they have been a member plus one (the plus one allows them to make one post on their first day, because technically they have been a member for zero days until 24 hours have passed since they joined).

This should help combat the problem.

Not that I don't appreciate what you've done, but I think that might be TOO limiting for a legitimate new member.

Quote: DJTeddyBear

Not that I don't appreciate what you've done, but I think that might be TOO limiting for a legitimate new member.

The new limits are now (within the first 30 days of membership):

- Maximum number of threads = age in days + 2
- Maximum number of posts = age in days + 10

Just to be clear, is that per day or total?

Looks like the new limits are working nicely.

We have another new spammer member: quainhan01

He posted 2 threads, but by the time I saw them, only one remained. I hit the Flag Post button, and it disappeared. NICE!

I think we can easily tolerate the trouble required to delete two threads....

I just logged on to flag some more posts (username taxicarrycan or something like that) and they were gone by the time I refreshed. I think limiting someone starting new threads is definitely more effective as the spammers modus operandi seems to be to create as many threads as possible.

Quote: JB

The new limits are now (within the first 30 days of membership):

- Maximum number of threads = age in days + 2
- Maximum number of posts = age in days + 10

JB, how about any new thread with an identical title is automatically deleted? This would limit the new spam threads to just 1.

Quote:

The new limits are now (within the first 30 days of membership):

- Maximum number of threads = age in days + 2
- Maximum number of posts = age in days + 10

works great, until the delay timer gets set to 800 hours after registration.
y-axis protection includes first X number of posts have to be moderated before posting, regardless of account age.

" Remember what the dormouse said" !

Editted for additional thoughts:

JB do you think the e-mail list has been compromised?
Has anyone recently gotten a YouTube Verify e-mail?

Now they are coming in with multiple user names.

I would suggest that you also fix the front pages to not show deleted posts in a forum. Would make things neater.

Quote: JB

The new limits are now (within the first 30 days of membership):

- Maximum number of threads = age in days + 2
- Maximum number of posts = age in days + 10

I would recommend to define "age" as the time that has passed since the first post by this user, not since when he was registered.
"Dormant" "sleeper" accounts are not unheard of in the spammer world.

Are you banning IP addresses of the spammers after they attack? This is not very effective, but easy, and can slow them down some.

How about checking for the "sameness" of the posts coming in?
If a user tries to post something (post or thread) with the same content he already posted today, reject that post. That would also help with occasional double posts made by users because they hit "post" twice etc.
You could get fancier, and compare the content, ignoring case, white space and punctuation. Or even, require a minimum Levenshtein distance to account for minor alterations the spammer could have done to the post.

The "flag" option could be made more powerful. For example, let people flag all posts made by this user within 24 hours (from the actual post being flagged). Or just "flag" the user in profile. (The flagged posts should not disappear forever - just put them into "quarantine" for, say, a week, so that admin can restore them in case they are flagged inappropriately or by mistake).

Is the user required to enter a capcha during registration? He should be. Perhaps, also, you could allow the daily limit on posts for new users to be exceeded, but require to enter a capcha before allowing any post beyond the limit.

You could also require a "double opt-in" for registration (send a confirmation email with a link, the user has to click to activate the membership). This would make it much harder for spammers to create multiple accounts.

In addition to the restrictions on new posts and threads by new members, we now have two secret admins. Secret admins will be able to immediately bust any post, except by another admin. The suggestions above would either require a great deal of coding and/or slow down the system. Let's try a simple solution first.

Can you put members on double secret probation?

Cross thread polination produces unexpected results.

I'm still in a holding pattern about revealing the answer to my question about Babs....

Quote: Wizard

In addition to the restrictions on new posts and threads by new members, we now have two secret admins. Secret admins will be able to immediately bust any post, except by another admin. The suggestions above would either require a great deal of coding and/or slow down the system. Let's try a simple solution first.

I can guess who the secret admins are and I respect their judgment to bust only spam posts and not user content, but aren't you worried you are creating something of a bureaucratic hierarchy here?

"bureaucratic hierarchy" ?
I'm curious to know what you mean by that.


I like the idea of giving a few trusted members the ability to bust a post or thread, rather than wait for enough members to flag it. And I don't think any of us should feel slighted for not being one of those few members.

Frankly, I noticed in the last spam burst that a lot of those posts had 6 or more views. I thought it didn't take that many members to flag something to make it go away. Are there that many people looking at those posts and not bothering to flag them?

That being the case, then I totally welcome the creation of this new elite status.

Quote: 98Clubs

JB do you think the e-mail list has been compromised?
Has anyone recently gotten a YouTube Verify e-mail?

I did

Quote: DJTeddyBear

"bureaucratic hierarchy" ?
I'm curious to know what you mean by that.


I like the idea of giving a few trusted members the ability to bust a post or thread, rather than wait for enough members to flag it. And I don't think any of us should feel slighted for not being one of those few members.

Frankly, I noticed in the last spam burst that a lot of those posts had 6 or more views. I thought it didn't take that many members to flag something to make it go away. Are there that many people looking at those posts and not bothering to flag them?

That being the case, then I totally welcome the creation of this new elite status.

I dunno. I just worry about creating a few "secret elite super wizz-bang" members who have the ability to bust any post. I'm not the least bit bitter about not being one of them. But yeah, I'll reserve judgment until we see how it goes.

Quote: teddys

I dunno. I just worry about creating a few "secret elite super wizz-bang" members who have the ability to bust any post. .

I'd pick Paco, he's here a lot and he's about
as level headed as it gets.

Quote: 98Clubs

JB do you think the e-mail list has been compromised?
Has anyone recently gotten a YouTube Verify e-mail?

Quote: Lucyjr

I did

What indication is there that they are related to this forum? Could you both post them to see if they're the same?

Quote: DJTeddyBear

That being the case, then I totally welcome the creation of this new elite status.

I am all for the elite status, but I don't understand why in the world it needs to be secret? That sounds way too much like 1984, KGB, etc. Is it because we are worried, that an angry spammer might harm these dignified individuals?

Quote: weaselman

I am all for the elite status, but I don't understand why in the world it needs to be secret? That sounds way too much like 1984, KGB, etc. Is it because we are worried, that an angry spammer might harm these dignified individuals?

The secret admins probably don't want to get the daily complaints I get that somebody they don't like isn't banned for a marginal offense. They also may want to blend in with the common folk.

Quote: Wizard

The secret admins probably don't want to get the daily complaints I get that somebody they don't like isn't banned for a marginal offense. They also may want to blend in with the common folk.

Sounds like a great idea to me. Most problems that are attacked with code could be solved more easily through other avenues.

I cant obviously post the YouTube Confirmation e-mail, but it was a bounced^3 link to a pharma site. Its the type of mailing one might get given the policy changes there. Obviously false and misleading in my case since A.) I have no acct, and B.) was time-stamped coincidently with some of the spam-trash here.
I sandboxed it in Linux and DC'd the Telco wire. It was a screen capture of a website page, so it is an image by extension. No click anywhere, and quit the sandbox, and wiped the folders that can store things without admin permissions. Then the usual DC and clear modem/router, reload. Shutdown reload linuz and connect all together again.

Many W-systems probably have enough filtering to stop unwanted mail downloads, so I would presume most of you never received such mail. But, non-W-systems might allow it through. My particular situation is different than most folks, in that I go to my mail, and delete from there on their server. I read what mail I know is good, and toss the rest. Nothing ever gets"transferred" (in the usual download to my inbox sense). A bit of practice and you don't even mouse over the header provided.

E-mail harvesting is quite common, I was wondering if this stuff was going on as well as spam-trashing the site. Basically, some of these bots do double/triple duty. Or are a front for another wave of site interrogation/weakness discovery.

Quote: Wizard

The secret admins probably don't want to get the daily complaints I get that somebody they don't like isn't banned for a marginal offense.

I think, that's easily solvable by making it clear, that you are still the only one with the authority to ban users. Does JB get many of those complaints?

Quote:

They also may want to blend in with the common folk.

Ah, the modesty ...
I guess, nothing wrong with that ... perhaps, my idiosyncrasy towards rule of anonymous authority is not all that rational after all.