This is just speculation on my part, but I’ve participated in forums where there is a banner announcing that a new person has joined. Maybe what they are trying to do is register, put their spam links in the profile, and then let curious forum members who see the new member announcement go to the profile out of curiosity and then click through the spam links.
By doing that, they potentially reach a lot more people than posting spam in a thread (since the announcement is usually on the main page for a while) and still fly under the radar of mods.
Again, just speculation, but that might explain that behavior. On a site like the SDMB that doesn’t work since we don’t have that sort of announcement but spammers by their very definition repeat the same behavior at different places, regardless of how effective it might be at a particular site.
Profiles don’t include clickable links. They may include website addresses, but not always. They are usually just advertising, with a logo and description of services.
They are often wildly inappropriate to the membership of this board, like for a parking garage in Mumbai or taxi service in New Delhi. Then there are some in Thai or Sanskrit. These are clearly not targeted in any way.
But many spammers don’t post any profile information. They register, confirm their email, but then never post. I don’t understand what the point of this is. It doesn’t seem time-efficient for a spammer.
I also would strongly urge the mods to consider auto-closure of topics older than, say… 10 years? For example:
16 years later stings a bit … it would be nice to reduce the attack surface a little here for future mods.
There shouldn’t be a big problem with spam going forward (the above spam post predates the migration, which was completed, based on what I’ve seen, around August 2020) but it is better to be safe by default.
Either is fine – I recommend we reduce the attack surface a bit.
Perhaps something closer to 5 years old, whatever time in years the mods think is a good balance of letting a new person revive an old topic with useful info by replying to an (x) year old topic, versus spam risk.
maybe I missed something upthread, and if so, I apologize. But why is it riskier to have old threads open than any other thread? Or is it just that extra open threads of any sort increase the risk, and you think old threads are unlikely to spark current interest from real people?
Visiting the about page, there are ~864,000 topics. That’s 864k places for spammers to reply.
Reducing that to “only topics someone replied to in the last 5 years” or “only topics created in the last 5 years” would reduce the attack surface from 864k to … well, I’m guessing, but something like maybe 100k instead?
About page says there were 878 topics created in the last 30 days, so back-of-the-napkin estimate is 12k topics per year, 12k times 5 = 60k.
It makes future moderators jobs a bit easier with a smaller attack surface; it’s completely up to the mods here to decide what makes sense. I strongly advise not leaving all topics open forever though.
(If a user felt very strongly that an old topic should be open, they could flag it for moderator attention, so it’s possible at least. But the odds of a drive-by user doing that are nil, since new users can’t even flag until they’ve read for a while, opened a certain number of topics, etcetera.)
If there’s no spam in their profiles, and they don’t post any spam, how do you know that they’re spammers, as opposed to lurkers who want to use the features of being logged in (‘new posts’, for instance) but just want to read and not write?
That’s actually an argument against closing all the old threads. A surprising number of (real) new posters seem to show up by bumping some old thread. Growing the number of new posters seems more important than avoiding spammers, at least at the current rate of both of them.
I think between the software itself and the mod staff, spammers get handled pretty quickly here. We also have a group of maybe a dozen users that seem to hunt down spam fast and flag it. A lot quicker than I find it. It really helps.
So I guess I’m saying I agree with puzzlegal. We’re fine leaving the old threads open.
They’re from hinky IPs in India, Pakistan, Nigeria, Ukraine, Kazakhstan and other spamistans. Very often they have names typical of those areas, or else is a very generic name like BobWilliams. The odds of a legitimate poster joining from those sites is almost nil. And they usually have zero topics viewed and zero posts read (although a spammer sometimes reads some posts.)
If they have an IP from the US, Canada, Western Europe, Australia, or New Zealand I usually give them the benefit of the doubt even if they have zero topics viewed and zero posts read. Although most real posters read some posts after joining, a few don’t. (I suppose they must have read some posts before signing up to be interested enough to join.)
If there is a big disconnect between username and email address, that’s also a huge tell. E.g. the IP is from India and the account name is “David Smith”, or the email is felicityjones951@yahoo.com which, again, doesn’t correlate in any way with the region of the IP or the username.
Anyway, user profiles have a whole different system and are hardened against this stuff; try viewing a user profile as an anonymous not logged-in user to see what I mean.
A large majority of non-posting spammers are from Pakistan, probably over 70%. It’s basically seems like it’s a national industry. Many of the rest are from India. Spammers from the US and Canada usually actually post their spam.
That makes me think a body shop in Pakistan is being hired to create accounts. Their product is accounts, not posts.
Later they’ll turn the accounts over to whoever is paying them. Presumably this is some sort of preparation for a flood attack. On FB or twitter, you can see the value of suddenly being able to unleash hundreds or thousands of “like minded posters” who suddenly all start parroting QAnon’s latest, some Russian garbage, or testimonials for the latest penis pills. And who cross-repost each other’s posts. The spammers are hoping to trigger a viral exponential growth response by legit posters.
That won’t do much here at SDMB, except increase the workload of the mods. But they’re not thinking of the specifics of our community; they’re just attacking “Discourse-based social media” or maybe even “message boards” as one-trick ponies.
Every one from a unique IP? They are from various cities across Pakistan. Many accounts have south Asian names, or are things like parkinggarageinChennai. They wouldn’t be taken seriously by legit posters.
Your scenario is so implausible that I have to assume you are joking.
Back in the past, the value of spam was that if you had an email list you could send out thousands of messages with little effort. One thing that is puzzling about the current spammers is that they put a significant amount of effort into each account, creating usernames and email accounts, and then confirming the email (although many never confirm).
Like you, I’m struggling to understand the motive and the process. Clearly somebody thinks they can make money from posting spam to message boards. After that it’s all pretty opaque to me.
Which probably means 3 or 4 layers of middlemen ripping one another off. And mindless foot soldiers at the bottom paid a pittance to keystroke fresh accounts. We’re seeing the whip end of that chain of greed, sleazy business, lies, and deceit, and can only guess at what the chain is made of or who has their hand on the handle.
It’s a lot better than it used to be. Around 2015 we had a couple of spammers from Pakistan who posted links to streaming sites. They seemed put more effort into it than a real job. Every day, day in and day out, they would post dozens of these. They had to come up with new usernames and emails for every one since we usually banned them almost immediately. This went on for several years.
One day one of them went nuts, maybe out of frustration, and posted more than 100 `spam messages. I was the only mod on duty when the attack began. I got something like 60 of them. This is an event that lives on as Spampocalypse.
They eventually went away. Maybe they got a real job, but I like to think they got hit by a bus.
Definitely want to thank everyone who reported spam!
I am (in a temporary admin account) visiting every search result of “spam reported” by @running_coach since the year 2000… there are around ~1500 of them. I’m personally making sure every spammer is processed and destroyed as a spammer, which helps train Akismet (default anti-spam that all new user posts are passed through) for this domain, using both post content and any URLs entered in their user profile as well.
I’m doing it in reverse chronological order and I’m down to 2015 so far.
(This is not something that should be a problem now or in the future because Discourse has far more sophisticated anti-spam protection than anything that was ever in vBulletin. That being said, avid forum members are always the best and last line of defense, so don’t hesitate to push the button on any post that you believe to be spam.)
it would be nice to reduce the attack surface a little here for future mods.
button on any post that you believe to be spam.)