I’m seeing voluminous spam posts popping up and am flagging as many as I can. I’ve sent a note to Floyd, who is probably getting out of bed about now.
Please mark any posts you see as spam. They are coming in fast enough that I’m probably not catching all of them. That will give Floyd and Dorota a starting point for clearing out the spam.
Meanwhile, keep reminding yourself: “I love Captcha, I love Captcha, I love Captcha…”
Paul
- Log in to post comments
I think there are about 15 pages worth ... and growing every few seconds
there are definitely too many to keep up with. I think I've flagged enough to give a good picture of which accounts Floyd should target. The spammers may create new accounts but this current set can be fliushed out.
Paul
Some posts are now returning a "not found" message.
Paul
It's only going to get worse. Every hacker kiddie can spin up as many as they want. No captcha will stop them.
The only preventative measures that can work is to require moderation of posts by new users.
Maybe machine learning could help? But then it is an arms race. On the other hand maybe it is like burglar alarms; their major benefit is making your neighbors unprotected house easier to rob than yours.
We're doomed! Doomed I tell's ya.
Just to amuse myself, I asked ChatGPT if one of the messages is spam. It replied "yes" with a lot of detailed reasons.
It does seem that a decent spam-catcher should be able to to catch these messages. I had hoped to write a little script that would report a post as spam given its message number or URL. But looking at the actual code of a post, to construct the right response would require knowing a security token of some kind and I don't know how to do that. Probably someone who knows Drupal pretty well would know but I've never worked with it.
TomP
Fishing, sales pitches, these types of Spam I understand. What I am seeing here seems to aim to be annoying with no other real goal?
I'm guessing the operator is an idiot.
However, we should be careful not to rile them up. Whoever it is seem vindictive! I am thinking maybe an arch enemy from Floyd's. Past! Lol 😅 😆 😅
But you're annoyed, nevertheless. Mission accomplished! 😂 lol jk
Phone numbers were all over the posts, I think the goal is to lure people into calling them, eventhough a lot weaker than "hello pervert!" spam emails
Kind of like calling 411 back in the day.
Me: "Yes, hello. Can you tell me if there are any Katz on E 79th st?" Operator: " One moment please... No, there are no Katz on E 79th st." Me: "Good, now I can walk my dog!"
Will F.
Maybe there is a way to add questions or criteria at the point of account creation that would reduce spam accounts?
For the moment the spam is cleaned up.
There are spam mitigation tools in place here -- at least half of the spam posts didn't get published -- but clearly they aren't strong enough for an onslaught like this. I'll see what else I can put in place today.
I've temporarily disabled new account registration because new spam accounts were getting created every 30 seconds to a minute. There are a few more slumbering accounts that may turn out to be spam accounts too, so don't be surprised if a few more such posts appear, but we'll keep new account registration locked down for a while and only open it when we're around to supervise.
Sorry about the mess.
Been there, done that, it is a pain.
I hallucinate that requiring moderation of a user's first few posts would go a long way.
You could spread the workload out by empowering a few moderators in different timezones.
The site is great and I salute you for all the work I know is required.
Gary
Thanks for your hard work, Floyd. Looking forward for another of your blog posts :)
Jay
We, the members will keep vigilant, in pointing out the bad guys.
The age-old question: what is wrong with people?
...for accounts to be approved. There shouldn't be an option for anyone to automatically sign up for an account. You or Dorit should approve anyone who wishes to sign up. Perhaps a small donation of $1 to prove they are genuine accounts which would also go for upkeep of the database. I'm happy for this to be applied retroactively.