Forgot your password?
typodupeerror
Spam

One Man's Fight Against Forum Spam 245

Posted by CmdrTaco
from the heroes-and-villians dept.
JWSmythe writes "Free Internet Press has an interview with 'Random Digilante,' an anonymous hacker who has been taking over forum spammers' email accounts, and notifying forum operators to delete those accounts. It looks like his reasoning is sound, and his methods are safe, where he won't hurt any real users."
This discussion has been archived. No new comments can be posted.

One Man's Fight Against Forum Spam

Comments Filter:
  • by Even on Slashdot FOE (1870208) on Tuesday October 05, 2010 @01:01PM (#33796010)

    Forum spammer sues vigilante, gets both arrested. Vigilante does more time.

    • by geekoid (135745)

      As he should.

      • Re: (Score:3, Informative)

        by bsDaemon (87307)

        That's exactly what a spammer would say. Spam costs real people real money. Email is already a fairly heavily I/O bound process, especially at volume. I've seen spam floods kick a server from a load of 2 to a load of 15, and banning the sending IPs dropped the load immediately, but only once we figured out it was email that was causing the issue. After that incident, that became the first thing I'd check, if it weren't completely obvious that it was a problem account on the server (I was an admin at a w

    • by vlm (69642)

      Forum spammer sues vigilante, gets both arrested. Vigilante does more time.

      I'm guessing a jury trial might provide different results.

  • So silly.... (Score:5, Insightful)

    by catbutt (469582) on Tuesday October 05, 2010 @01:02PM (#33796024)
    Forum spam is best solved with good forum software. A good karma system is probably the best solution. I've never seen spam on slashdot (unless I dig through the low rated posts).
    • by Anonymous Coward on Tuesday October 05, 2010 @01:08PM (#33796118)

      Bad karma? Rush to fast? Increase karma size with v1agral! Bomb woman womb and be king! Souper special deal at RealFarmacee.cm!

    • Re: (Score:3, Interesting)

      by Darkness404 (1287218)
      Not really and Slashdot really highlights it because far too often people who disagree with the poster will mod that post down for no other reason other than that.

      The reason why /. doesn't have much spam is because there is no market, how many people on Slashdot would want to buy P3n15 3nh@nc3rz?
      • by corbettw (214229)

        how many people on Slashdot would want to buy P3n15 3nh@nc3rz?

        You sell P3n15 3nh@nc3rz?!? Man, I need one of those! Where can I get one?

      • Re:So silly.... (Score:4, Interesting)

        by catbutt (469582) on Tuesday October 05, 2010 @01:21PM (#33796318)
        You really believe that the reason that slashdot wouldn't have spam if people were able to post spam on slashdot and have it reach more than a few eyeballs?

        Anyway, slashdots system isn't perfect, and is designed to do more than kill spam. Regardless I think it works fairly well for what it does.

        For eliminating spam in forums and comments, all you need to do is this:

        Give the readers the ability to mark comments as spam with one click, and, as long as the reader has a decent history of not abusing the priviledge, the message will disappear immediately.

        This isn't that hard, but to do it well isn't trivial either. Probably best done by a company like Disqus where it is their business.

        There would need to be some checks and balances, where a person can get reported for erroneously marking something as spam. The system needs to be scalable, so that the admin of the forum doesn't have to deal with much, as all the work is done by users, and there is a checks and balances system to determine how much to trust users.

        The nice thing is that over time it reduces the incentive to bother spamming the forums, since (typically) the first person who sees a message, eliminates it. Also, on a system like disqus, where you have a global identity with some history, it could be smarter about how prominent to make posts if the person has no history of posting without being marked as spam.
        • Your comment is well-thought-out here, but I have to say your recommended approach is flawed when dealing with a vast quantity of comment spam. It certainly will work on high-traffic sites like slashdot. The problem is with lower-traffic sites with a lot of scattered content. In high-traffic forums, your approach will generally work.

          Sites with articles and photo albums, will need to additionally disable comments on older content because it won't be seen by visitors, but the indexing bots will pick up the t
          • by catbutt (469582)
            As I said, its not a completely trivial problem. (BTW, sorry for the first sentence in my post which was garbled. I meant to say something like: "You really believe that slashdot wouldn't have spam, if people were able to freely post spam on slashdot and have it reach more than a few eyeballs?")

            First off, I think signatures that can be changed later are seriously problematic. (I hate sigs, personally) If people find that feature so important, it would have to be handled separately. (e.g. users with
      • by Caerdwyn (829058)

        Not really and Slashdot really highlights it because far too often people who disagree with the poster will mod that post down for no other reason other than that. The reason why /. doesn't have much spam is because there is no market, how many people on Slashdot would want to buy P3n15 3nh@nc3rz?

        You answer your own question.

      • by Fjandr (66656)

        I ran a forum for a couple years that was used by a group of about a dozen people. It was targeted repeatedly by forum spammers.

        The scale of the operation seems to have little bearing on whether they'll target something or not. It's much more likely that the key issue is whether they can easily use automated spamming software. They probably don't bother with unique commenting systems, just those that have a large number of installations.

      • by JWSmythe (446288)

        Actually, Slashdot has done some work to reduce/prevent it. If I remember Slashcode right from years ago, there were significant safeguards. There was a period of a couple weeks where some determined spammers were hitting here, but even then they were only getting 3 or 4 spammy posts in per 100 real ones. I suspect there may have been some upset users who may have taken matters into their own hands on them, or at least it was suggested in the threads at the time. :)

    • There's more to spam than just covering the page. He says the main reason he got into this was that spam was slowing his forums down. Wasted Bandwidth.

    • Re:So silly.... (Score:5, Interesting)

      by Deep Esophagus (686515) on Tuesday October 05, 2010 @01:49PM (#33796730)
      Let me know if you find a good karma system. I have been on /. for years, have never posted anything remotely spammy, have attempted to participate in discussions... so why is my karma set at "bad"? I have no idea what, if anything, I can do about that and because of it my comments never appear in any discussion threads. It is likely nobody will ever see this unless, as you say, they dig through the low rated posts. Not that I'm bitter.
      • Re:So silly.... (Score:4, Insightful)

        by clone53421 (1310749) on Tuesday October 05, 2010 @01:58PM (#33796888) Journal

        I, and lots of other people, read at -1. Don’t assume that just because you’re starting at 0 nobody will read your post; Anonymous Coward posts at 0 by default.

        If you want to get your karma back up, here are a few things to keep in mind. They may or may not help, but hey, it’s free advice.

        Post early. Don’t post often. Make sure you aren’t just repeating someone else’s post. Funny doesn’t give you karma. Funny+Troll burns karma quickly. Sometimes it’s what you say. Sometimes it’s how you say it.

        • by catbutt (469582)
          That's fine that you do, but I don't consider it a big problem that those who want to read at that level are exposed to crap. As far as I'm concerned, the spam problem on slashdot is solved. I think slashdot's system could be a lot better (for instance, I think that those with good karma should ALWAYS be able to mark something as spam...not only when they have mod privileges), but at least there is little incentive to spam slashdot. I seriously doubt anyone who tries it is rewarded with any revenue from
      • Re:So silly.... (Score:4, Insightful)

        by Critical Facilities (850111) on Tuesday October 05, 2010 @02:51PM (#33797782) Homepage

        I have been on /. for years, have never posted anything remotely spammy, have attempted to participate in discussions... so why is my karma set at "bad"?

        Well, it seems that you've only submitted 5 comments in the last couple of years, so you're not exactly participating in a lot of conversations. Thus, you're not really "improving" (term used loosely) any of the comment threads, and therefore not receiving any good karma.

        Not trying to be snarky here, I'm genuinely surprised you didn't realize this.

      • by catbutt (469582)
        Well here you go. You got modded up.

        I agree that what you describe is the worst thing about Slashdots system, it took my a year to get good karma (although I don't think mine was ever bad). I would like to see someone design a system that works better in that regard, and others.
    • by davev2.0 (1873518)
      And, then you get flame wars, cliques, and karma bombing. Nothing like watching a small group of people with multiple accounts spend a few weeks clobbering one's karma by modding down old posts. It has happened to me and can happen to anyone, including you. All it takes is offending the wrong fanboys.
      • by catbutt (469582)
        Only a poorly designed karma system would allow that. For instance, if they have multiple accounts, how did all those accounts acquire a good enough reputation to be able to mod things down?

        This problem is not so different from that of how search engines (e.g. PageRank) deal with link farms.

        Regardless I don't think that is as big a problem as people suggest it is. I'd be interested to see which of your posts caused this....I'm guessing it was pretty inflammatory stuff.
        • by davev2.0 (1873518)
          So, what you are saying is that Slashdot has a bad karma system. Nothing that inflammatory, just completely opposite of those that karma bombed me, backed up by evidence. They couldn't take being proven wrong.
    • by JWSmythe (446288)

      Ok, great solution. But how many forums are run by people who picked a package and got a friend to install it? And of them, how many never upgrade the software, regardless of how many spambots abuse them, or warnings on the publishers site say "you must upgrade because of this huge security flaw"?

      I remember one that was a pretty good little site. He stopped maintaining it, because the forum wasn't just exploited, but they locked him out of the admin interface. He didn't tak

  • Overperforming busy bodies? How does he get them?

  • by BadAnalogyGuy (945258) <BadAnalogyGuy@gmail.com> on Tuesday October 05, 2010 @01:06PM (#33796092)

    I created an account and was banned almost immediately.

    They have extremely vigilant forum monitors who will bring the banhammer down for the slightest offense.

    My offense? I insinuated that gays might be able to serve in the military just as well as straights.

    • How dare you express an opinion about a controversial topic on the internet?

      • Re: (Score:3, Informative)

        by BadAnalogyGuy (945258)

        Many sites develop groupthink. Slashdot certainly isn't immune.

        Free Republic takes it to a higher level and eliminates any dissenting voices by deleting their posts, banning their accounts from posting, and logging their IP address so that future accounts created at that IP are automatically banned.

        Forum spam is a different story, of course. But the thinking behind it is the same. These are posts that are not welcome on this site, therefore we must eliminate them.

        Of all the sites I've visited, Slashdot (and

        • by vegiVamp (518171)
          By that logic, locking up murderers is also groupthink. I would beg to differ - groupthink is a decidedly different beast than a group of people all crying out against the same problem: in the latter case, the majority of the group has come to the conclusion that behaviour x is unwanted on their own, based on their personal experiences; and not because a lot of their peers also have that opinion.
        • by rsborg (111459)

          Of all the sites I've visited, Slashdot (and perhaps Kuro5hin) has the best system.

          The system used by Kuro5hin (scoop) is used by many other sites including political popular sites like DailyKos and RedState.

          Personally, I think Slashdot is better, but it's more developed and nuanced... the moderation qualification (ie, Funny, Insightful, Troll, etc) is what makes a huge difference in avoiding the puritans downmodding sarcasm and/or unpopular but useful posts.

    • by Jaysyn (203771)

      Not so Free are they?

    • by mcgrew (92797) *

      My friend Don Darund was banned from Paul McArtney's web site. The moderator said it wasn't the first time they'd banned Don Darund and it wouldn't be the last.

  • Yon don't take over someone else's email account, just it's automated.

    It's also a stupid way to solve the problem.

  • As long as it's him working manually and the spam bots working automatically he won't even make a dent in the flow of forum spam.
  • Greetings (Score:2, Funny)

    by rakuen (1230808)
    You are a great writer. I found this article very informative. Would you like to be buying genuine spam today [spam.com]?
  • by Dan East (318230) on Tuesday October 05, 2010 @01:19PM (#33796298) Homepage Journal

    As someone who deals with forum spam on a daily basis, I'm rather surprised at how intelligent the spambots are becoming.

    Of course there's always the blatant, obvious spam (99% of which are video encoding tools for iPad, iPhone, etc). But I've recognized two other types of very covert spambots.

    First one will take fragments of sentences from previous posts in the topic and regurgitate them. At first glance it seems on topic, but closer inspection reveals the post doesn't make sense and is just portions of others' posts.

    The second type uses a database of sentences harvested from other websites, and attempts to post a sentence that matches keywords in that topic. Usually I can spot those because they aren't exactly on topic to the thread. I've also seen these modify various throw-away words, like adjectives and articles, so the sentence isn't an exact copy of the original source.

    Now the key thing with both of these kinds of spambots is that they do not include any links initially. A couple weeks after posting they come back and change their signature, which results in spam links appearing under all of their previous posts.

    I've also noticed that the vast majority of spambots use yahoo.com email addresses, so yahoo's captcha must be weaker than gmail / hotmail.

    Now on the topic of this story, I don't quite understand. The forums I moderate have a few spambot accounts created daily (using recaptcha and custom implemented captcha). So it's not like there's just a couple spambot accounts causing all the trouble. Over the course of a month it around a hundred different accounts. So I don't see how this hacker is helping anything going after accounts one at a time manually.

    • by Dan East (318230) on Tuesday October 05, 2010 @01:26PM (#33796380) Homepage Journal

      Here's a specific example of what I'm talking about. Here is a post made to my forums in July 2010:

      You can choose ‘Micro-ATX’ size motherboard for your HP. That limits the possible range of motherboards deals you will find. My advise is to buy a case that fits full ‘ATX’ form factor motherboards and go from there, many choices. It is depending on money and what you want if your building a good rig for gaming multimedia etc and don't buy a case with power supply. Please choose a separate power supply.

      Now here is a post from another website made in 2009:

      Your HP case (the cheapest part of the pc!) takes a ‘Micro-ATX’ size motherboard.

      That limits the possible range of motherboards\deals you will find. (look for a motherboard\processor package)

      Now you are already buying ‘a whole new computer’ except the case, why stop there? (unless you want the small form factor)

      My advise (thats why your here!) is to buy a case that fits full ‘ATX’ form factor motherboards and go from there, much more choice.

      Depending on money and what you want if your building a good rig for gaming\multimedia etc DON’T buy a case with power supply, they are usually sh*t (cheap\unreliable). Choose a case, choose a separate power supply (after research!)

      • Keep in mind that it’s also entirely possible that some guy in India is getting paid fractions of a cent to make those posts. It might not necessarily be a spambot.

    • by clone53421 (1310749) on Tuesday October 05, 2010 @01:46PM (#33796676) Journal

      First one will take fragments of sentences from previous posts in the topic and regurgitate them. At first glance it seems on topic, but closer inspection reveals the post doesn't make sense and is just portions of others' posts. ... A couple weeks after posting they come back and change their signature, which results in spam links appearing under all of their previous posts.

      For another example of this exact thing, just look at slashdot user clint999.

      http://slashdot.org/~clint999 [slashdot.org]

      Last post was yesterday... it’s still active. Funnily enough it almost always posts exactly 30 min. after the hour, but not every hour.

    • Re: (Score:3, Insightful)

      by rhizome (115711)

      Now the key thing with both of these kinds of spambots is that they do not include any links initially. A couple weeks after posting they come back and change their signature, which results in spam links appearing under all of their previous posts.

      You might consider disabling .sigs.

    • by Raenex (947668)

      I'm rather surprised at how intelligent the spambots are becoming.

      I'm guessing those are paid spammers from places like India or even the United States. Amazon's Mechanical Turk [mturk.com] are full of shady jobs like this, and I'm sure they're not the only operation around. Pay somebody 10 cents to put a post on a forum, multiply by a thousand times, and you've got a really good search engine optimization for $100.

    • by Nimey (114278)

      The cleverer forum spammers I've seen will post empty nonsense to a long-dead thread, with a spam link in their signature.

    • by Quirkz (1206400)
      Only a hundred different accounts in a month? With some of my old forum software, I was getting ~20-40 a day for a while. Basically I just turned off automatic activation and required every "real" person to read the activation message to get fully activated. (Small group of people, tied to a game, so people could contact me inside the game as verification.)

      Part of the problem was the captcha was broken in the old version, so I had it turned off. With the most recent update they fixed the captcha, and I've

  • by elrous0 (869638) * on Tuesday October 05, 2010 @01:36PM (#33796512)
    It would be nice to live in a world where whistleblowers and positive vigilantes were rewarded for their actions. But, in the vast majority of cases, these people end up in more trouble than the scumbags they're exposing and fighting. This guy will probably end up with more legal trouble for fighting spam than the spammers themselves will ever face for their network-clogging, frequently illegal, openly harassing activities.
  • by Arjes (1572161)
    I received one of his e-mails today. For anyone interested, here is the e-mail he is sending.

    Do not auto-approve this forum account, it was created by a forum spammer.

    The account which created this forum account did so using automated means. The reason was so that he could post a forum account and then use it to automatically post thousands of fake messages to your forum to promote some form of ridiculous product there.

    In all likelihood your website has nothing to do with whatever this idiot is promot

    • Re: (Score:2, Funny)

      by albertid (1905910)
      Let me guess, his e-mail is: robin.hood@sharewood-forest.com?
  • This is probably obvious, since no one is talking about it, but how is he taking over the email addresses? Surely the bots aren't registrering on his honeypot forums with the same password as is used for the e-mail they use to register.

    • Re: (Score:3, Informative)

      Surely the bots aren't registrering on his honeypot forums with the same password as is used for the e-mail they use to register.

      That's exactly what they are doing.

      From what I gather, he's written a program to automatically feed suspicious looking e-mail addresses into and check the the registration password/e-mail combo to see if they are using the same for both the e-mail address and the forum software. If there it is a successful combination, it flags and suspends the account.

      Dunno if that is 100% correct, but that's what I've gathered (I have not RTFA either)

He who is content with his lot probably has a lot.

Working...