Just on the streaming spam question. I noticed that one of the links in a recent spam link was clearly a link into what must be a compromised server. In this case www.colorado.gov.
Is there any policy on notifying the owners of a compromised site that they have been compromised? I know it is extra trouble, and not always either easy or even welcome. However these sites are always going to be much more valuable in either dollars (if bought on the dark net) or in time, if compromised by the spammers, so anything that pro-actively hits them here might be expected to slow them down a lot more. They might get the message that spamming here is a net loss.
I hear the spammers are putting a contract out for this RC guy. This might end badly, but I want you to know, I appreciate your efforts. You’ll live in board lore for eons my friend, we’ll never forget you.
Seriously though, thanks for your efforts in this.
Colibri, I doubt that the spammers are going to as much effort as you imply. Most of it is probably completely automated. I suspect that the only human involvement, if any, is in entering the CAPTCHAs (assuming that the computer hasn’t figured out how to defeat those, too).
I don’t know. If it’s automated, I wouldn’t think there would be a time gap before the edit.
Very occasionally, I’ve managed to type and post “reported”, make the report and be back before the edit.
And I’m not a bot.
You may change your mind after watching them for a while. Like I said, the evidence for this is how they periodically change their behavior, and also the variety of tactics they use. Sometimes the thread titles are exact copies of existing ones, sometimes partial copies, sometimes strings of words that partially make sense, sometimes total gibberish. Sometimes they make a decoy post before posting the spam, mostly not. Many of their names have a certain similarity (which makes them easy to identify) but don’t seem to be randomly generated. Others are random strings of letters and numbers.
Eh, changes in behavior could also be multiple spammers using slightly different automated systems, or different settings in those systems, or occasional upgrades to the system.
Assuming these are not robots, IMHO SDMB is just in a bunch of undifferentiated sites that the spammers hit. I doubt that they keep a list of sites that ban their posts as readily as we do. I’ve seen lesser-used boards that still retained spam posts many months later, and I suspect spammers assume all boards are like that.
I doubt if they frequently check back to see if their names or posts are deleted. It reminds me of the telephone spammers who constantly call my phone(s). Even when they are questioned, insulted, and subjected to as much time wasting and abuse that I can heap upon them, the calls still keep coming, and from the very same sources, only a few hours or days later. My theory is it is more cost-effective to blanket the world with this stuff, and less cost-effective to try to tailor their calls to the less gullible recipients.
But that doesn’t explain why they go to the trouble to evade detection with decoy titles. They might as well just title them STREAMING SPORTS VIDEOS! Also, they must know we ban them rapidly, because they rarely get more than one use out of a name before being banned, and we often ban them while they’re in the middle of the process of editing in the spam links.
If the reason for the spam in the first place is to get people to click on the links, then decoy titles make a lot of sense. I’ve clicked on a lot of threads with odd or potentially interesting titles, and if I do, others might, too. Not every user is as sophisticated as many of ours are, and a misleading title might indeed lead traffic to their intended site. I think fooling moderators is secondary to driving traffic – because even the best moderators/sites don’t catch everything instantly, and until they do, spammers’ schemes are working.
Once more, it’s unlikely that they know this site works differently from many others.
To support my point, I just saw a new “live streaming” spam thread (no point in linking to it, it’s been reported and hopefully will be gone if you look). My point is it showed as having 8 views so far. From the spammer’s POV, that’s 8 potential customers for his customer. Maybe even Bangladesh wages make this profitable.
But certainly if you are interested in streaming sites a title that indicates that is going to get more hits than random unrelated one. And many of the titles make no sense at all or are just gibberish.
Interestingly, it’s pretty much only the streaming spammers (who make up probably 99% of the spam we currently get) who do this. People selling fake passports and other stuff virtually always say what they are selling in the title.
Obviously I am not privy to the information about spammers that the mods have, so I am merely speculating.
I think that the spammers aren’t targeting sports fanatics who might enjoy streaming sites, but just looking for clicks from the gullible or un-knowledgeable who haven’t yet learned what this spam really is, but are merely curious. If the business model is only looking for clicks, then one click is as good as another.
My theory is based partially on the extensive log and recordings I have of spam phone calls in the past 12 months, calls made to a honeypot I maintain. I find many similarities.
If you have any contrary or modifying info, I’m all ears.
ETA: The particular thread I used as an example didn’t show running_coach as reporting it, but someone else. RC must be napping.
One click may be as good as another for a spammer, but I don’t see how it could be for whoever is paying them to post it. They want to drive business to their site.
In any case, the ratio of clicks to threads that the spammers post here must be extremely low, since they are deleted so quickly most of the time.
