Page 1 of 2

SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 9:54 am
by Freddie Chopin
I see you have a problem with SPAM accounts mass-registering on the forum. Looking just through the list of the "users" with birthdays today, 10 out of 14 are SPAM accounts (SEO-SPAM link in website and/or in signature):
memberlist.php?mode=viewprofile&u=77541
memberlist.php?mode=viewprofile&u=77739
memberlist.php?mode=viewprofile&u=69726
memberlist.php?mode=viewprofile&u=81026
memberlist.php?mode=viewprofile&u=65940
memberlist.php?mode=viewprofile&u=72535
memberlist.php?mode=viewprofile&u=73705
memberlist.php?mode=viewprofile&u=71586
memberlist.php?mode=viewprofile&u=77257
memberlist.php?mode=viewprofile&u=76572

Then we has the most recent "user", which is in the same category:
memberlist.php?mode=viewprofile&u=87130

Looking through the list of the most recent "users" I would risk a guess that almost all of them (overwhelming majority, really) are such SPAM accounts. Even if they don't have such link in their website/signature now, this is a common tactics to add such link only after a few weeks.
memberlist.php?mode=&sk=c&sd=d#memberlist

I hope that you're not all about numbers, as for sure having 79960 users registered on the forum looks good, but I wouldn't be surprised if 3/4 of them were fakes, as only 28000 of them wrote at least one post. The state of the internet nowadays is really appaling...

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 10:15 am
by Loewchen
This is nothing new, and as long as spam messages do not make it through not a problem. Assuming real users rarely create accounts without posting at least once, you can estimate that there are 28000 of them.

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 10:20 am
by Bilka
Freddie Chopin wrote:
Fri Feb 07, 2020 9:54 am
as actually only 237 users wrote at least one post (according to the search engine).
Use the memberlist to find accounts, when sorting by posts made, even at 14k people still have 2 posts: memberlist.php?sk=d&sd=d&start=14000 and as Loewchen says, you need to go to 28k to find people with 0 posts: memberlist.php?sk=d&sd=d&start=28025

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 10:25 am
by Freddie Chopin
Loewchen wrote:
Fri Feb 07, 2020 10:15 am
This is nothing new, and as long as spam messages do not make it through not a problem.
Unless you care whether your domain is a link-factory to Russian fake websites or things like that (; I would imagine that this is easily solvable (if the forum engine allows it), by disabling signature and private website for users without X posts (say 10) and/or being on forum shorter than Y days (say a week). Obviously XRumer - which is used to create these accounts - can break through all the naive captchas and things like that, but most likely fails when faced with some creativity (add custom textbox for registration with requred input which needs very little thinking for a human but a lot of thinking for a bot, sth like "what is seven + two?" [accepts only "nine" or "9"]). Or maybe it would be enough to tweak google's recaptcha settings or switch to a different version of it?
Loewchen wrote:
Fri Feb 07, 2020 10:15 am
Assuming real users rarely create accounts without posting at least once, you can estimate that there are 28000 of them.
Please note that some of these SPAM accounts DO create posts, although they lack any meaningful content at all. Take a look at this user, who seems to be advertising some android application:
memberlist.php?mode=viewprofile&u=84829
1 post:
"Thanks alot bro."

Seems legit (;
Bilka wrote:
Fri Feb 07, 2020 10:20 am
Freddie Chopin wrote:
Fri Feb 07, 2020 9:54 am
as actually only 237 users wrote at least one post (according to the search engine).
Use the memberlist to find accounts, when sorting by posts made, even at 14k people still have 2 posts: memberlist.php?sk=d&sd=d&start=14000 and as Loewchen says, you need to go to 28k to find people with 0 posts: memberlist.php?sk=d&sd=d&start=28025
I did that and it really showed me 237 users then, maybe I accidentally clicked some other criteria too.

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 10:39 am
by Koub
Two populations can do something against these spambot accounts :

1) The administrators of the forum, by updating it, and adding mechanisms trying to prevent spambot registration.

2) The moderators : we can't prevent them from registering, but you must admit there's not much spam visible on these forums. You don't see it, but some of the devs and us moderators reject a significant amount of spams, and ban the accounts

My job as a moderator is to keep these boards clean and a pleasant place to be. This includes make it so that there is no spam visible to all the members, and I think I, with my fellow moderators, do that job decently. I have no way to automate bot detection any further, so everything is done manually upon first post (post rejected or deleted, and account banned).

Also:
Freddie Chopin wrote:
Fri Feb 07, 2020 9:54 am
I hope that you're not all about numbers, as for sure having 79960 users registered on the forum looks good, but I wouldn't be surprised if 70000+ of them were fakes, as actually only 237 users wrote at least one post (according to the search engine). The state of the internet nowadays is really appaling...
I'll be clear : I couldn't care less about the number of accounts. I literally don't give a f**k. I gave a quick look, there are over 28k user accounts with at least 1 post (which is over 1/3), and I don't think any spam has been forgotten, so these accounts should belong to legitimate users.

Hope I answered your implicit question :).

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 10:43 am
by Koub
Freddie Chopin wrote:
Fri Feb 07, 2020 10:25 am
Please note that some of these SPAM accounts DO create posts, although they lack any meaningful content at all. Take a look at this user, who seems to be advertising some android application:
memberlist.php?mode=viewprofile&u=84829
1 post:
"Thanks alot bro."
Thanks a lot, bro ;) (post deleted, account banned)

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 10:50 am
by Freddie Chopin
Koub wrote:
Fri Feb 07, 2020 10:39 am
My job as a moderator is to keep these boards clean and a pleasant place to be. This includes make it so that there is no spam visible to all the members, and I think I, with my fellow moderators, do that job decently. I have no way to automate bot detection any further, so everything is done manually upon first post (post rejected or deleted, and account banned).
Don't get me wrong - I'm not saying that the forum is filled with SPAM and I'm pretty sure that "behind the scenes" you do a lot of work which is not very satisfying or engaging. Thanks for that! I know how it is, as I've been administering/moderating a few forums so I understand your point of view quite well.

All I'm saying is that the forum is filled with SPAM _accounts_ (;
Freddie Chopin wrote:
Fri Feb 07, 2020 9:54 am
I hope that you're not all about numbers, as for sure having 79960 users registered on the forum looks good, but I wouldn't be surprised if 70000+ of them were fakes, as actually only 237 users wrote at least one post (according to the search engine). The state of the internet nowadays is really appaling...
I'll be clear : I couldn't care less about the number of accounts. I literally don't give a f**k. I gave a quick look, there are over 28k user accounts with at least 1 post (which is over 1/3), and I don't think any spam has been forgotten, so these accounts should belong to legitimate users.

Hope I answered your implicit question :).
I've already edited my first message, must have clicked something wrong, as indeed there are 28k accounts with at least one post. However please see my message above - saying that all of them are legit is a very risky opinion, as some of them are SPAM accounts too.

Mods cannot do much, because there's no advanced search for users. However admins can mass-delete such accounts from time to time. Some criteria:
- name is "letters" + "numbers",
- 0 posts,
- website filled, ends with .ru or some other common domain, or contains some common terms ("viral", "hacker", "viagra", "buy", ...),

With a bit of tweaking you can safely delete everything returned by such search.

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 11:00 am
by Deadlock989
Total non-issue.

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 11:04 am
by BlueTemplar
Freddie Chopin wrote:
Fri Feb 07, 2020 10:25 am
add custom textbox for registration with requred input which needs very little thinking for a human but a lot of thinking for a bot, sth like "what is seven + two?" [accepts only "nine" or "9"]
Do the spambots still fall for that counting example ?
Something Factorio-related should work, however... (early recipe ingredients? with a link to the wiki?)

Any hope for forum anti-spambot measures without the use of Google's Captcha(s) ?
I would be sad to have to choose in the future between not being able to use this forum on new computers or violate my Google boycott !

(One tried and true way to fight spam is of course to require money to register (even a tiny sum works), but, for instance, only allowing certified Factorio owners would be too much...)

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 11:05 am
by Deadlock989
BlueTemplar wrote:
Fri Feb 07, 2020 11:04 am
require money to register
This is a literally incredible suggestion.

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 11:08 am
by steinio
We, the user of this forum, also can and do report spam and or unappropiate posts if any is slipped through.

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 11:14 am
by Freddie Chopin
BlueTemplar wrote:
Fri Feb 07, 2020 11:04 am
Do the spambots still fall for that counting example ?
No idea, just an example [;
Something Factorio-related should work, however... (early recipe ingredients? with a link to the wiki?)
Anything "easy" will be OK, but it should be "common knowledge". If it is factorio-specific you risk off-putting users who would like to join but haven't played the game yet. Or people who are only considering playing it in the future.
Any hope for forum anti-spambot measures without the use of Google's Captcha(s) ?
I would be sad to have to choose in the future between not being able to use this forum on new computers or violate my Google boycott !
The registration page already uses Google's reCaptcha, seems like the most recent v3.
We, the user of this forum, also can and do report spam and or unappropiate posts if any is slipped through.
Too much work. It's like saying you can dig a canal with a spoon. Sure, technically it's possible, but I think I would give-up soon. Just look at the scale. When I started this thread, not even 2 hours ago, last registered user was "oscarsjp" (a SPAM-account). Since then there are exactly 10 new accounts, and judging by their very elaborate and original user-names, most of them are SPAM-accounts too. If that's ~10 per 2 hours, it's like a hundred accounts per day... Sisyphean task...

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 11:35 am
by BlueTemplar
I'm not sure what you find incredible about it, as AI gets better and cheaper, it gets harder and harder to keep spam out.

Since people make spambots because they make them money, to beat them the simplest (though hopefully not the best) solution is just to directly raise this bar so that registering an account becomes unprofitable.

Captcha solves this issue in an indirect way by pretty much asking you to do a tiny bit of work for the captcha's owner, like reading books, or helping with an AI takeover by automated cars ( :D ). But it can only work as long as the problem to solve is harder to automate than automating the creation of the captchas (including the benefits from the amazon-turk-like-work results).

I've seen several game studios to simply give up, shut down any new registrations to their forums, or at best, manually approve them, and start exclusively using Steam "forums" for their communication.
Which is an even worse solution, since Steam is already a dangerous monopsony... and guess what condition it uses for vetting users ?
"You will need to spend at least $5.00 USD[-equivalent] within the Steam store."
And it would seem that the least intrusive way to do that is to buy a Steam Wallet Card from a physical store, or have someone else already Steam-vetted to buy you one from a digital store. Any other option seems to involve giving Valve your credit card number and/or address and/or phone number.
(However, it looks like Limited Steam accounts can still post, albeit unfrequently ? But I'm willing to bet that they can't post links !)

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 11:36 am
by BlueTemplar
Freddie Chopin wrote:
Fri Feb 07, 2020 11:14 am
Something Factorio-related should work, however... (early recipe ingredients? with a link to the wiki?)
Anything "easy" will be OK, but it should be "common knowledge". If it is factorio-specific you risk off-putting users who would like to join but haven't played the game yet. Or people who are only considering playing it in the future.
Yeah, that's why I mentioned a link to the wiki. But this might be still too much work for someone that never played (so even the wiki's crafting menu* is completely unfamiliar) and/or is not comfortable with wikis?
Freddie Chopin wrote:
Fri Feb 07, 2020 11:14 am
Any hope for forum anti-spambot measures without the use of Google's Captcha(s) ?
I would be sad to have to choose in the future between not being able to use this forum on new computers or violate my Google boycott !
The registration page already uses Google's reCaptcha, seems like the most recent v3.
Yes (and, without a cookie, the log-in one too?), that's why I'm curious as to what kind of alternatives might be available to Wube.

*How do you directly link to that sub-section ?
Neither
https://wiki.factorio.com/Main_Page#Ite ... %20Recipes
Nor
https://wiki.factorio.com/Main_Page#Inventory
Worked...

Re: SPAM accounts invading the forum

Posted: Fri Feb 07, 2020 2:40 pm
by Koub
Freddie Chopin wrote:
Fri Feb 07, 2020 11:14 am
Too much work. It's like saying you can dig a canal with a spoon. Sure, technically it's possible, but I think I would give-up soon. Just look at the scale. When I started this thread, not even 2 hours ago, last registered user was "oscarsjp" (a SPAM-account). Since then there are exactly 10 new accounts, and judging by their very elaborate and original user-names, most of them are SPAM-accounts too. If that's ~10 per 2 hours, it's like a hundred accounts per day... Sisyphean task...
The very vast majority of these accounts will :
- either never post, and those, I don't care
- or post, and be triggered as spambot accounts, first post rejected, and banned.

When I have a first post waiting for approval, if it seems void of true content ("me too", "thank you", ...), I check the account signature, website, ... to detect spambots. And if I see nothing suspiscious, I add a bookmark on that account, and come back every few days to see if hasn't been updated. I dare say very few spambots can get through, and for those, I find acceptable that any member of the community can signal it.

Re: SPAM accounts invading the forum

Posted: Sat Feb 08, 2020 9:50 pm
by Jap2.0
Going back to the original birthday case, I wonder how many legitimate users put in that sort of information - most of the bots/spam accounts appear to have birthday, occupation, interests, and all of those other fields, while I have almost none (just a signature).

Re: SPAM accounts invading the forum

Posted: Sat Feb 08, 2020 9:52 pm
by Bilka
Jap2.0 wrote:
Sat Feb 08, 2020 9:50 pm
Going back to the original birthday case, I wonder how many legitimate users put in that sort of information - most of the bots/spam accounts appear to have birthday, occupation, interests, and all of those other fields, while I have almost none (just a signature).
A few people use it. Here is an example: memberlist.php?mode=viewprofile&u=57

Re: SPAM accounts invading the forum

Posted: Sat Feb 08, 2020 9:56 pm
by Jap2.0
BlueTemplar wrote:
Fri Feb 07, 2020 11:36 am
*How do you directly link to that sub-section ?
Neither
https://wiki.factorio.com/Main_Page#Ite ... %20Recipes
Nor
https://wiki.factorio.com/Main_Page#Inventory
Worked...
Huh, the wiki's main page is set up in such a way that it's hard to link to. The only ways to link there that I can find is either the "The Game" section (https://wiki.factorio.com/Main_Page#The_Game) or to go through some weird transclusion stuff, which brings you to https://wiki.factorio.com/Template:Inventory.

E:
Bilka wrote:
Sat Feb 08, 2020 9:52 pm
Jap2.0 wrote:
Sat Feb 08, 2020 9:50 pm
Going back to the original birthday case, I wonder how many legitimate users put in that sort of information - most of the bots/spam accounts appear to have birthday, occupation, interests, and all of those other fields, while I have almost none (just a signature).
A few people use it. Here is an example: memberlist.php?mode=viewprofile&u=57
Yeah, I'd be surprised if nobody did so, I wonder the percentage though? (you don't, for example)

Re: SPAM accounts invading the forum

Posted: Wed Feb 19, 2020 4:04 pm
by _Shin_
the only possible reason i can imagine any dev would actually care about this is due to search engine rankings.

i've not dealt with SEO for years, but I think there is still some relationship between links into a domain and links out. So having spam accounts with websites linked helps them and hurts you. (in search engine rankings) Especially if Google has those sites blacklisted as spam sites, you linking to them could get you blacklisted as well.

Re: SPAM accounts invading the forum

Posted: Wed Feb 19, 2020 4:20 pm
by Squelch
There's a little game I also like play sometimes. At the board index, take a look at the birthday roll of honour and look at each user's profile.

Out of the 20 birthdays at the time of writing, 9 accounts appear to be spam for things ranging from holiday resorts, laptops, pharmaceuticals, to illicit drugs.

I guess whomever scripts the sign ups forgets about birthdays being on display?