Revenge upon the spammers

[ReleaseTheGeese]

Just came back to see if this place was still alive and kicking. I hate to see any good forum fall prey to spammers.

So what can we do? I notice they have contact forms on their web sites - but I also have a script that will generate lots of nonsense on the fly, and flood any given endpoint with comically useless data. The script was written to fill the databases of a FB phisher and make his dataset worthless. Might be funny to see if it can work with any success against these spammers.

So we have two pages - one selling fake passports (naughty) and another selling fake language certificates in German (sehr VERBOTEN) - going to set this up in the morning.

The details of my script and how it works is here:

https://www.thran.uk/writ/devlog/2024/0 ... ahapl.html

You're welcome to have a go yourself, if you know any Perl.

[ReleaseTheGeese]

I've the script working to target our friends at "World Passporte". So far they've received 250 new contacts, each with his favourite classic copypasta, political speech or verse of sumerian poetry in the message body.

The script "haha3.pl" is attached. If anyone else wants to play with it, and make SEO really pay off, I'm happy to provide setup instructions.

Note: to make the server accept the request you'll need to send at least one message using your web browser with dev tools open, and get the 'nonce' from the form request, then change the nonce parameter in the $TPL template.

[flatrute]

I have to thank myself for emailing Matt to give me the moderation role since this place would be dead months ago Anyway sorry for not nuking the spams soon enough...I have things to finish IRL

[ReleaseTheGeese]

not a problem, I had an excuse to use my script for yet more great justice. thanks for consigning them to oblivion!

[Doublewhammy]

Are these spammers attacking every message board or jus tthis one?

[Halamix2]

They attack any board sadly

[Doublewhammy]

I visit lots of boards and they don't seem to have the problem. So most board must have anti-spam software activated? Sorry if that's a newb question but I'm gneuinely curious about what it's like to maintain a board.

[ROllerozxa]

I visit lots of boards and they don't seem to have the problem. So most board must have anti-spam software activated? Sorry if that's a newb question but I'm gneuinely curious about what it's like to maintain a board.

Any public Internet forum with open registrations and a straightforward enough registration process is under a constant barrage of spam. They crawl the Internet to find any kind of input field and form and either attempt SQL injections, XSS attacks, or regular comment section spam. And when they find a website with an account system such as a forum they will usually attempt to register and see if they can post some spam somewhere. Either they will be discreet and try to blend in their posts, and then edit the posts to embed hard to see links, (did you see that the comma was a link?) or they will try to synthesise a conversation using sockpuppets to advertise a service, or they go instantly mask-off with spam links. It's all very systematic and I can only speculate on the sheer size of the spam operations.

As for anti-spam methods:

- Regular modern CAPTCHA solutions like reCAPTCHA and hCAPTCHA are essentially broken nowadays as it is very cheap to get humans to manually solve the challenges for you in bulk.
- Knowledge questions about the niche of the site fares pretty well in my experience, but if/when the answer to the question shows up easily in Google search results you'll likely need to switch it out for a new one.
- Some forums have a system where your first or second post needs to be manually approved before it will show up. That is typically very effective as even the most discreet first post generated by AI to be topical to the forum can typically be sussed out by moderators, but of course also needs active moderation to approve regular users' first posts in a timely manner.

If the other boards you're on have any combination of the two latter methods that's probably how they are able to combat spam or not make it visible to regular users. Or they just have very active moderation. In the case of this forum the registration form just uses reCAPTCHA, and in addition to that it's a forum running well-known phpBB - forum spammers have most likely created streamlined methods of quickly registering for all major forum software that they come across.

[flatrute]

- Knowledge questions about the niche of the site fares pretty well in my experience, but if/when the answer to the question shows up easily in Google search results you'll likely need to switch it out for a new one.
- Some forums have a system where your first or second post needs to be manually approved before it will show up. That is typically very effective as even the most discreet first post generated by AI to be topical to the forum can typically be sussed out by moderators, but of course also needs active moderation to approve regular users' first posts in a timely manner.

I consider combining both to be the most effective way to counter spams. I registered an account on K4sum1's forum and the form told me to select features characterizing the good 7 and the evil 8+ and after that I still need to wait for manual approval by the owner. My thinking now though is what questions I could tell Matt to add into our phpBB...