Forum adverts like this one are shown to any user who is not logged in. Join us by filling out a tiny 3 field form and you will get your own, free, dakka user account which gives a good range of benefits to you: No adverts like this in the forums anymore. Times and dates in your local timezone. Full tracking of what you have read so you can skip to your first unread post, easily see what has changed since you last logged in, and easily see what is new at a glance. Email notifications for threads you want to watch closely. Being a part of the oldest wargaming community on the net. If you are already a member then feel free to login now.

I've noticed in the last couple weeks that there has been a lot of commercial spammers flooding the forums in the wee hours of the night. These spammers post ads like "Burn CD software" yak yak yada yada, and it infuriates me every time I see it. I immediately flag it, but after the 5th or 6th one in as many weeks, I am getting a little perplexed. Is it possible to implement better security systems to prevent this? It has been a while since I myself have registered, so I don't remember the exact measures that have been taken to keep this exact thing from happening.

Just wanted to get the wheels turning...

Have to agree..

Just flagged another one tonight as a matter of fact.

Was it in the "Schedule a Game" forum? That is the one that got me mad. Usually they are in the tutorials section, but that one just didn't even make sense so it got me kind of riled.

Yup. It has since been removed.

So are these posters bots, or people paid to do it? How can we find out, and how can we stop this from happening?

9/10 times that ive seen this happen to online forums, its cause someone got pissed off at the site or someone on the site and dropped the forum addy into a spambox.

Once its out on the web, the automated bot messages tend to start flooding in.

Can't prove it, but im willing to bet that somebody was pissed off at the forums and started the whole thing.

So does this site use a Capchta (whatever) thing or does it not require it to register? I noticed the poster was brand new, but I had seen the exact same post before.

You have to register here, But I believe that you can macro up a program to auto fill in the blanks for registration. Thus makeing quick, easy, throw away accounts.

Lego would be able to explain this better then I could.

FoxPhoenix135 wrote: people paid to do it?

We believe this, with regards to the current crop anyway.

There are continuing and ongoing upgrades in the works to further try and prevent this from happening.

If one does post then please follow the example set by Mr. jp400 and report them, then we can kill them ASAP.

Oh, if people could also not actually post responses to their posts as well that'd be good.

Do people think it's worth making a sticky or an announcement about that ?

Remember Dakka is slashdotted, and ranks relatively highly on a lot of net forum registers and is by all standards a large site with a lot of traffic.

It makes good sense for a spammer, to pay workers in third world countries a few cents to find sites like Dakka and spam them, by hand. it only takes a few seconds.

This sort of behaviour will only increase, its a job to many people who due to the lobsided distribution of technology have net access but no recourse to real jobs and real wages.
The problem is not going away because its being proliferated at a high level for different reasons see 50 Cent Party.

Sweatshop spamming is just a commercial viral application of the same culture. All you can do is buckle up, and play whack-a-mole with the sites until the Mods tire of the task. This type of advertising is here to stay unfortunately.


There are countermeasures but none are very effective because the spamming is done by hand, in a very real way the spammers are indistinguishable from legit new posters. The spammer signs up, reads email, activates, comes to Dakka, copy pastes spam into a new post and leaves. All done in a couple of minutes, several sites will be open in the window at once to wait for the email account responses to cycle through. The outgoing spam is registered on the spammers computer and the spammer is paid by volumes of spam delivered. I doubt it is checked for longevity. So what to do:

1. Captchas stop the bots, but sweatshop spammers are not bots.

2. You can enforce a rule by which a poster cannot open a new post until a number of posts have been made. However the spammers answer is to cause more of a mess by arriving bumping the required minimum of threads than spamming and leaving. This takes only a fraction longer and is even more disruptive. The bumps are of course the same copy pasted spam.

3. You can delay activation emails. This does work but now we are seriously inconveniencing new posters, many of us signed up to make a comment to what we saw. stop that and you stop a good proportion of new foot traffic. Furthermore as stated above the spammer has several activations ongoing at once and is content to sit through the activation delay. While waiting 20 minutes for Dakka to send the activation email the spammer is spamming the sites activated half an hour ago. Always moving on, moving on.

4. You can log IP addresses and look for repeat suspect addresses. Now this does work and I know of a site which does this. Spammers work in offices and the offices have a limited number of IP addresses, after encountering a spammer company once and registering the spammer company IP address future attempts at account generation are automatically blocked. However many companies don't bother with this protection, so those that do remain spam free. If Dakka starts registering spammer company IP addresses (and there are databases of rogue IP addresses to block you can get) then we will be ahead of the curve.
You could pay for this, but I recommend talking to webmasters of other gaming sites, its the sort of issue where mutual cooperation is of benefit for everyone.
Spam companies are responding by having variable IP addresses, but this is marginally inconvenient to them, however its easier to target the unprotected, but that wont last long as protection methods proliferate.

One thing to remember is that the MOD's and Admin's run dakka for free, so there is only a limited amount they can do. But as mentioned above, we as users can do our part by highlighting spammers as quickly as possible and by not clicking any links they provide.

The MOD's and Admins do a great job cleaning up the site. And I'm sure they appriciate any suggestions given by users to help improve the way the security works

Thanks Orlanth for so eloquently describing the issue better than even I could.

We are obviously aware of the issue (since we have to deal with each and every one of them) and are working on making things a bit better but there isn't much you can do to really stop it.

Its just a price to pay for being a popular(ish) site!

Orlanth is 100% correct on what we face. The option 4 he has there is not really a viable option for us though as the spammers we see use proxies and hacked computers and almost never use the same IP. IP blocking has cut down on about 30% of spam, but has not made a huge difference.

There are still a few options left to us but they all cut down on useability so I dont really want to implement them until we get a continual, full on flood. They would include:
1. A small test to prove that the new user knows what warhammer is (simple questions that cant obviously be answered by a quick google).
2. Implement moblock filtering lists (these have a very wide reach and would take out a lot of innocent users who have ISPs with proxy servers though).
3. Keep all new posts hidden until approved by a moderator or trusted team of users (would significantly decrease the interactivity of the site).

Dakka is in the top 30000-70000 sites depending on how you measure it and gets visited by well into 6 figures of unique users each month so it is just a price of success alas.

Wow, those solutions do cut down on usability a lot! I think out of those 3, only option 1 of your list would have a greater positive than negative impact. You might need to have a separate 40k/fantasy question, though... and then really new users might not know anyway... hmmmm...

I'm not on often enough lately to notice the spam war going on, though, so this is more of an "interested observer" comment than anything else

Well, that definitely answered my questions. Thank you for all of your well-thought replies!

In response to reds8n, I do believe a sticky may be beneficial. At the least, it couldn't hurt, right?

HellsGuardian316 wrote:One thing to remember is that the MOD's and Admin's run dakka for free, so there is only a limited amount they can do. But as mentioned above, we as users can do our part by highlighting spammers as quickly as possible and by not clicking any links they provide.

The MOD's and Admins do a great job cleaning up the site. And I'm sure they appriciate any suggestions given by users to help improve the way the security works

This post... it brought a tear to me eye!

Thank you, HellsGuardian316!

And Merry Christmas to all!

reds8n wrote:Oh, if people could also not actually post responses to their posts as well that'd be good.

So I shouldn't post the heresy stamp when I report them?


Yeah, the mods do a way better job here than the other forums I've been on. Those ones are just silently hiding in the background, they wait for one little trip up then rush out of shadows with a knife yelling at you

legoburner wrote:Orlanth is 100% correct on what we face. The option 4 he has there is not really a viable option for us though as the spammers we see use proxies and hacked computers and almost never use the same IP. IP blocking has cut down on about 30% of spam, but has not made a huge difference.

There are still a few options left to us but they all cut down on useability so I dont really want to implement them until we get a continual, full on flood. They would include:
1. A small test to prove that the new user knows what warhammer is (simple questions that cant obviously be answered by a quick google).
2. Implement moblock filtering lists (these have a very wide reach and would take out a lot of innocent users who have ISPs with proxy servers though).
3. Keep all new posts hidden until approved by a moderator or trusted team of users (would significantly decrease the interactivity of the site).

Dakka is in the top 30000-70000 sites depending on how you measure it and gets visited by well into 6 figures of unique users each month so it is just a price of success alas.

This shall be our main defense!!

1. A small test to prove that the new user knows what warhammer is (simple questions that cant obviously be answered by a quick google).

How about asking for a few specific words or sentances in the BRB?

Like:
What is the 7th word on the 7th paragraph of page 77?
Etc.

Pick a handful and randomize it or something. Just a random suggestion for that.

The point is, that kind of solution would make us an elitist website that new players would not be able to access as a resource or a place to ask their questions. Many new players don't actually own a copy of the rules, and who is to say that all players of 40k also play WHFB? I don't, for one.

The mods do an excellent job, I'll agree to that. If anything, if it becomes more than the current mods can handle, then it is as simple as adding a few more mods to share the workload.

Sanctjud wrote:

1. A small test to prove that the new user knows what warhammer is (simple questions that cant obviously be answered by a quick google).

How about asking for a few specific words or sentances in the BRB?

Like:
What is the 7th word on the 7th paragraph of page 77?
Etc.

Pick a handful and randomize it or something. Just a random suggestion for that.

I love this idea very much, its simple and affective, but FoxPhoenix135 has hit it on the nose, we also cater for members who are seeking knowledge on the hobby and may not know some things that many of us find basic knowledge.


Perhaps rather than having this feature on the signup, have it appear everytime a user tries to post something that has a link/url in the message that is not a dakkadakka link (eg a link that doesn't link to another part of the dakka website) Its highly unlikely that a new user looking to gain knowledge would need to be posting links to other websites anyhow other than in the off topic forum. Links that contain dakkadakka in the url are ignored by the filter.

Maybe this feature could automatically disable after a user has posted 25 posts. As its unlikely a spammer would last that long anyhow looking up 25 different bits of info just to post there link. And people are highly unlikely to look at it if the spammer has had to write it like this www dot clickhere dot com.


Hoping this reads ok as found it hard to explain it any better, and if not a good idea, might spark another idea.

A simple question like.

"Who is Ghazkula Thraka?"

1. Pathetic Grot.
2. Ork Warlord.
3. Space Marine!

But it's true, a new player might not know even that... I certainly didn't when I started. I think I may have joined Dakka (the first time around... in like '99) before I knew that, too.

I like the idea of disabling links until post counts are of a certain number... is there such a technology available? Is that feasible to implement in our forum?

Lord-Loss wrote:A simple question like.

"Who is Ghazkula Thraka?"

1. Pathetic Grot.
2. Ork Warlord.
3. Space Marine!

Maybe the first question shold be "what army do you play" and then ask questions from there.

And if there person doesnt yet play any mainstream 40k and warhammer armies, but is entirely new to the game?

Perhaps he started with a specialist game, or ne of the other games mentioned on dakka. Some here joined for At-43 recently, and its possible some of them know very little about warhammer.

You ill end up with a huge questionaire which is more problematical than its worth.

For example the more games you have questionaires on the more likely a spammer will have encountered one. This might appear unlikely but is not bwecause parts of ther gamers hobby tough into the mainstream through compurter games, many of which are widely pirated and played by the same sort of person who works at a spammer sweatshop. As warhammer and 40k properties appear more and more online this will spread. someone might know enough to answer enough basic questions on 40K from playing Dawn of War.

Also a quick visit to Wikipedia would probably give them the answer to the questions as well.

n0t_u wrote:Also a quick visit to Wikipedia would probably give them the answer to the questions as well.

True, but spammers are less likely to use wikipedia to research stuff just to post spam. I enthasise the "less" part.
And the whole point, if using my idea is to make it harder to post non dakka links until they reach a posting level of eg.25 then they can post what they like in the forum as I find it hard to believe a spammer will seriously make 25posts just to get enough to post a non dakka list and not get caught out and banned.

my 2 cents anywho

HellsGuardian316 wrote:

n0t_u wrote:Also a quick visit to Wikipedia would probably give them the answer to the questions as well.

True, but spammers are less likely to use wikipedia to research stuff just to post spam. I enthasise the "less" part.
And the whole point, if using my idea is to make it harder to post non dakka links until they reach a posting level of eg.25 then they can post what they like in the forum as I find it hard to believe a spammer will seriously make 25posts just to get enough to post a non dakka list and not get caught out and banned.

my 2 cents anywho

No what you get is:

join
activate
bumb bump bump bump bump
bumb bump bump bump bump
bumb bump bump bump bump
bumb bump bump bump bump
bumb bump bump bump spam
leave

How long would it take you to bump a thread, only a few seconds as you copy paste the same message.

The bump might also be copy pasted: 'Get your fun at www.sexkitten.lots'
You dont need a url link, you can copy paste the url. it might have an urk link in the copy paste which then autoactivates for all messages after posting all 25.

All this dopesn is guarantee 25 times the profile for each spam incidence. Yes it would get quickly notices, but that will happen anyway.

My argument was based on the thought that posted url links automatically are clickable and thus could be filtered, but your post has proven how easily that can be gotten around whilst leaving thier message clear as day as spam. So will have a rethink and try again