Log In  

Looks like a spambot again:


UserID: Stepehnhawking

P#47813 2018-01-02 02:29 ( Edited 2018-07-26 13:44)

:: DR4IG

@Felice: It's both that account AND mariadenial with malware links. Both are obviously spambots.

Bet you dollars to dongles they share a common IP backbone.

P#47815 2018-01-02 05:05 ( Edited 2018-01-02 10:05)

@zep: There are also LOTS of spam posts/account at the end of this (otherwise normal) thread!

P#47958 2018-01-08 08:13 ( Edited 2018-01-08 13:14)
:: Felice



You need moderators...

If you're not gonna read the forum daily, you need moderators.

Even if they can't do anything except quarantine posts.

P#47961 2018-01-08 09:14 ( Edited 2018-01-08 14:14)

Well, that's ironic. 🙄 DON'T CLICK THE ABOVE. IT'S SPAM.

P#47986 2018-01-09 11:46 ( Edited 2018-01-09 16:46)


P#47990 2018-01-09 12:20 ( Edited 2018-01-09 17:20)
:: bekey

That... that's gotta be a joke, hahahahaha.

P#47992 2018-01-09 12:41 ( Edited 2018-01-09 17:41)

Nope. He hit 3 other threads as well. :)

P#47996 2018-01-09 14:57 ( Edited 2018-01-09 19:57)
:: zep

Thanks all -- I cleaned up the ones I could find. Please add to this thread if I missed any. The spambots in the Pico Dragon thread were a particularly nasty bunch, with ip addresses all over the place :(

The next BBS update includes spam flagging and improved spammer prevention at sign-up : play a small PICO-8 game to prove that you're not only human, but also human with a minute to spare.

P#48001 2018-01-09 16:20 ( Edited 2018-01-09 21:20)

Haha, love it.

I dunno, though... machine learning is getting preeetty good these days... I've seen those AI-controlled Mario games. ;) Haha

P#48003 2018-01-09 17:05 ( Edited 2018-01-09 22:05)
:: Felice

Pretty sure AI can only get good at Mario because the level is static and its own AI runs deterministically.

That being said, a pico-8 game runs client-side. If zep just uses the current web player, it would be incredibly easy to circumvent it by swapping in different code that just insta-wins.

P#48007 2018-01-09 23:46 ( Edited 2018-01-10 04:47)
:: Felice

More of the same. Recent spam users and their posts:






Those are all of today's additions. However, as I've been writing this list, there were more being added, and I'm sure there will be more after I submit.


I know having people who moderate other people's posts can be tricky. Too many interpersonal issues, judgment calls being made badly, stuff like that.

I assume that's why you responded to requests for moderators with a yet-to-arrive flagging system. I don't think that's enough, though. You seem to be a busy guy, and I suspect you won't be able to review flagged posts frequently enough.

You don't need to make anyone a full moderator. No one needs a title or a badge. Just quietly pick a few of us who you think have the best interests of the community at heart, and give them just one single ability: to move a post to another hidden "quarantine" board. Then you can periodically check quarantined posts to be sure we did our job right.

I'm not sure if I'm someone you'd trust that way, but if so, I'm happy to volunteer a little of my time and energy to doing something like that for the community. I can think of a few other people, but I won't presume to volunteer their time.

We've got your back, dude, if you'll just let us...

P#48222 2018-01-15 09:03 ( Edited 2018-01-15 14:03)
:: bekey

If the only concern is moderators removing posts based on their own merits, which might not align with yours... Then I think the solution is simple:

Moderators are only allowed to remove/quarantine spam posts.

Once they break this rule, even if you would have done it yourself... they're out.

So they're less moderators, and more spam cleaners.

I'm sure there's people here, who are respectable/well-adjusted enough to play by those rules.

P#48226 2018-01-15 10:57 ( Edited 2018-01-15 15:57)
:: Felice


Isn't that what I said? :D

P#48227 2018-01-15 11:53 ( Edited 2018-01-15 16:53)
:: bekey

Probably, I just wanted to further stress that "moderator" doesn't necessarily have to mean someone moderating content that's in a potential gray area.

Spam is pretty black and white.

Other content might not be. And ultimately its up to zep to decide in such cases.

And making that delineage between a "moderator" and "janitor" clear, might be enough for zep to feel comfortable picking a few people for that position.

P#48229 2018-01-15 18:32 ( Edited 2018-01-15 23:33)
:: Felice

Yeah, I was imagining people not even being marked as the cleaning crew. No egos, just a job to do quietly.

P#48230 2018-01-15 20:02 ( Edited 2018-01-16 01:02)
:: Felice



You deleted "her" previous spam, but didn't delete the user?

y u do dis

P#48260 2018-01-17 03:02 ( Edited 2018-01-17 08:03)
:: zep

Heh, that was me thumb-typing to delete spam, as I'm traveling right now and don't have my usual tools. But! I did add some admin functionality:

@MBoffin and @Felice -- check out a user's posts page for a 'mark as spam' button. It's a temporary solution and a little dangerous, but reverseable if you mess up. And thanks so much for the rigorous spam marking so far.

If any other regular forum members are keen to hunt spam in this way until I get a better system in place, please reply here and I'll add you.

I'm also working on improving sign-up screening and at-post tripwires, so hopefully there won't be much spam to catch in the future. The lexaloffle BBS has the defensive advantage of being completely hand-rolled, but it seems there are at least a couple of spammers out there monitoring it and manually working around changes I make to the way posts work. I don't think it will be too hard to add enough friction to that process to shake them off -- it just hasn't been a high priority until now.

The BBS signups will soon require a google captcha, but later on I'd also like to add a weaker but more entertaining layer:

The task will be to collect coins in some order, or avoid some obstacles, so that it can't be defeated by stuffing simple keypresses in.

If a spammer works around that one too (not really that hard), then at the very least they'll have to get to know PICO-8 and feel slightly bad about messing up the forum.

P#48268 2018-01-17 09:35 ( Edited 2018-01-17 14:35)

Awesome. Thanks, zep! That should help quite a bit until the other changes eventually go through. It's never any fun having to play whack-a-mole with spammers and their wily ways, but having a better captcha will certainly help. (And I love the captcha cart idea.) :D

P#48272 2018-01-17 11:47 ( Edited 2018-01-17 16:47)
:: Felice

Oh wow, thanks, zep!

Yeah, BBS protection suffers the same fate as DRM... sooner or later someone with too much time on their hands will eventually break through your fences.

What gets me is that it's really not a high-traffic BBS. I'm not sure how it's worth it to post spam here anyway.

Maybe it's someone who sells lists of compromised sites and methods and, whether it's useful or not, it's a +1 for their "number of sites" selling point.

P#48310 2018-01-18 09:25 ( Edited 2018-01-18 14:25)
:: bekey

could it be that they're trying to get their sites linked among other reputable links? Isn't that how to cheat SEO nowadays?

P#48321 2018-01-18 12:49 ( Edited 2018-01-18 17:49)
:: Felice

kaizen said:

The information you share is very useful. It is closely related to my work and has helped me grow. Thank you!
flip diving

Well, if that's not the most winning comment on this thread, I just don't know what is. On four other threads as well. :)

Lexaloffe BBS said:

marking user as spammer: 27436
marking post as spam: 48333
marking post as spam: 48334
marking post as spam: 48335
marking post as spam: 48337
marking post as spam: 48338

Thanks, zep! :D

P#48342 2018-01-19 01:39 ( Edited 2018-01-19 06:39)
:: Felice

PS: Heads up to anyone else volunteering for watch duty:

Another user, ellascott, also kinda looks like a spammer, because lots of posts all of a sudden, and all brief with links at the end. But on closer inspection, I think she just appears to be linking to her own games.

So right off the bat, that was a good reminder to me: don't jump to conclusions.

P#48343 2018-01-19 01:53 ( Edited 2018-01-19 06:56)
:: Felice

PPS: On closer closer inspection, that actually IS spam. I found the same user being more obvious on other websites.

Before ban:


Second lesson for the day: cross-reference questionable spam.

I can already tell this is going to be a challenge. :)

P#48344 2018-01-19 02:01 ( Edited 2018-01-19 07:07)

Another one got through:

P#50694 2018-03-22 07:35 ( Edited 2018-03-22 11:35)
:: Felice


Imagine the sound of a bug zapper. ;)

P#50697 2018-03-22 08:35 ( Edited 2018-03-22 12:35)

Oh, that's just taking the p*ss now! :D

P#50721 2018-03-23 05:02 ( Edited 2018-03-23 09:02)

The "aweosem" post over is present on other threads. Looks like they're copying posts from random threads.

@zep A trick that works rather well to tell apart spambots and humans, is just adding a field that is NOT of type=hidden, but a real input with appealing attributes, like <input type="text" class="important" name="email" placeholder="Enter e-mail here">. Then hide it to human eyes with a display:none, or placed behind another element, or with negative position, etc. The most complicated, the better, so that a bot can't easily tell if the input is used or not (a display:none straight on the input is easy to catch).
Then your form validation checks if this input is empty as intended. If it's not, it's been filled by a bot.

Maybe checking with JS whether the submit button has really been pressed could work too.

That is: first, solutions that are transparent for real users. Then, using a captcha.

P#50727 2018-03-23 06:33 ( Edited 2018-03-23 10:33)
:: Felice

I zapped the one that just posted on this thread.

A lot of these aren't bots. They actually respond to the specific subject matter intelligently and on-point, not just regurgitating previous text with markov chains or saying vague things that could apply to any subject, and then tack on a link, probably to malware. Pretty sure there's an actual human creating the account, so anti-bot tactics won't help.

My theory is they're putting in this effort in hopes of getting a keylogger onto some dev's machine, where the machine has remote privs on some big corpnet, e.g. MS or google, so they can steal credentials, trade secrets, etc. I think it's targeted specifically at developer forums. I've found the same links on similar forums.

P#50744 2018-03-23 15:44 ( Edited 2018-03-23 19:47)
:: Stompy

There's a few more. (Is this the best way of reporting??)


P#50893 2018-03-27 04:53 ( Edited 2018-03-27 08:53)
:: Felice

It works. :)

There were three more, by the way. They really came out of the woodwork tonight.

P#50896 2018-03-27 06:48 ( Edited 2018-03-27 10:48)
P#52049 2018-04-26 09:39 ( Edited 2018-04-26 13:39)
:: zep

Marked, thanks

I almost have community spam-flagging tools ready, but for now reporting in this thread is still appreciated. Cheers!

P#52055 2018-04-26 17:00 ( Edited 2018-04-26 21:00)
P#52260 2018-05-02 03:25 ( Edited 2018-05-02 07:25)
:: Felice

It was. :)

P#52262 2018-05-02 07:07 ( Edited 2018-05-02 11:07)
P#52311 2018-05-03 05:13 ( Edited 2018-05-03 09:13)
P#52526 2018-05-08 03:53 ( Edited 2018-05-08 07:53)
P#52677 2018-05-13 00:49 ( Edited 2018-05-13 04:49)
:: Davbo

Cheeky link spam here:
... Not very subtle.

P#52709 2018-05-14 07:31 ( Edited 2018-05-14 11:31)
:: Felice

You think that's bad. Yesterday I found something like half a dozen of them talking to each other across about twenty pages of an unrelated thread.

"Hangin's too good for 'em. Burnin's too good for 'em. They should be torn up into little bitsy pieces, and buried aliiive!"
--Hanover Fiste (sorta)

P#52716 2018-05-14 12:37 ( Edited 2018-05-14 16:37)
:: Davbo
P#52808 2018-05-16 03:51 ( Edited 2018-05-16 07:51)
P#52809 2018-05-16 03:53 ( Edited 2018-05-16 07:53)
P#52841 2018-05-18 04:34 ( Edited 2018-05-18 08:34)
:: Davbo


I don't trust the super mechs

P#52895 2018-05-21 05:47 ( Edited 2018-05-21 09:47)


Pretty obviously a Spambot^^.

P#53069 2018-05-28 07:05 ( Edited 2018-05-28 11:05)
:: Davbo

My spades more like my spam amiwrite


P#53071 2018-05-28 09:51 ( Edited 2018-05-28 13:51)
:: Scathe

Been getting a lot of spam on my site as well via the contact form. Most likely because the bots have invaded this forum, since the site isn't posted anywhere else online (that I know of), so they're following links and trickling down as well into sub-communities. I get probably 8-10 emails a day through the contact form from bots offering web development and SEO services (I work a full-time job as a web developer, morons) and Viagra (at 36 I would hope it's not quite time for that yet). Going to implement reCAPTCHA on there as well. Fortunately it's pretty easy to do once you know how ( @zep if you need help lemme know, I've already written a PHP class for it!)

P#53107 2018-05-29 20:25 ( Edited 2018-05-30 00:32)
:: Felice

Sorry, been under the weather or I would have marked them sooner.

P#53115 2018-05-30 08:08 ( Edited 2018-05-30 12:08)
:: Davbo

No problem Felice, it's a pretty endless task.

Link comment here

P#53165 2018-06-01 07:20 ( Edited 2018-06-01 11:24)

[Please log in to post a comment]

Follow Lexaloffle:        
Generated 2020-07-06 03:03 | 0.070s | 2097k | Q:121