Is Polycount under attack?
polycounter
So I noticed there's a spambot or maybe even a person posting more and more on these boards. I first noticed it in my P&P thread. As I'm notified by email of replies in that thread I get the full response there. Here's whats happening.
The post will be by a new member, very short and will say something like. "This looks great" or more recently "It blows my mind" which could be related to Art thread. but then it might not be in context with the subject. Anyhoo. In the replies there's a hidden web address but with img tags on it. So it doesn't show up in the reply but it appears as a link in the emailed report. Also if you quote the post it shows up there as well. I've noticed these types of spam are becoming more fequent on PC. Names I've seen this spam with are
George1, Dewitt1, EstherZS, and a few others.
The links i've seen so far.
AND I DON'T HAVE TO TELL YOU THAT YOU SHOULDN'T GO TO THESE SITES UNLESS YOU KNOW WHAT YOU'RE DOING! I'm certainly not about to check them out anyway.
cleaningcassette.com
hdmitodvid.com
Are these spambot attacks or is it more personnal and someone is actually posting as the replies seem at have at least a general idea of the forum and the kind of replies we get here?
Anyhoo. Watch out for short replies by new members. And never go to a dodgy link hidden in a post.
Here's an example of one of the recent posts
http://www.polycount.com/forum/showpost.php?p=1594621&postcount=24
The post will be by a new member, very short and will say something like. "This looks great" or more recently "It blows my mind" which could be related to Art thread. but then it might not be in context with the subject. Anyhoo. In the replies there's a hidden web address but with img tags on it. So it doesn't show up in the reply but it appears as a link in the emailed report. Also if you quote the post it shows up there as well. I've noticed these types of spam are becoming more fequent on PC. Names I've seen this spam with are
George1, Dewitt1, EstherZS, and a few others.
The links i've seen so far.
AND I DON'T HAVE TO TELL YOU THAT YOU SHOULDN'T GO TO THESE SITES UNLESS YOU KNOW WHAT YOU'RE DOING! I'm certainly not about to check them out anyway.
cleaningcassette.com
hdmitodvid.com
Are these spambot attacks or is it more personnal and someone is actually posting as the replies seem at have at least a general idea of the forum and the kind of replies we get here?
Anyhoo. Watch out for short replies by new members. And never go to a dodgy link hidden in a post.
Here's an example of one of the recent posts
http://www.polycount.com/forum/showpost.php?p=1594621&postcount=24
Replies
Also polycount was down for me yesterday, don't know if it is related.
A person would probably be bored of it already.
And it seems especially bad today, usually they stop at like 7-8 threads, but today the whole first page of P&P and probably more has been spammed.
But well, not much we can do about it, the mods are probably aware of it.
Anyhow, I'm not really knowledged on this subject and how to stop it, the only thing I know is that I'm gonna be happy when they are gone
Hopefully the staff can beat them back to where they belong.
Captcha code is totally useless, its so out dated and exploited that having it on your site just attracts scummy spam hackers like them.
Really, if you know what you're doing, you probably still shouldn't go! It'll register as referral traffic from polycount. And if they're getting a lot of hits from this forum I think they'll just spam even more
It seems the links they paste aren't actually clickable in the threads, I wonder if it's some way to trick their clients into thinking they've created many spam links while remaining undetected? I have no clue, it's probably more sophisticated than that.
That's a scary thought, that they are getting so smart that one day you might end up with friends who ar ar ar ar aren't real...oops..
Still though, it seems that every time we got a new user on PC they were completely unaware of the approval process despite being informed of it, and went "Where's my posts?!"
Anyway, I think the purpose of these particular bots is probably simply to enhance the SEO of their various sites. Some businesses are silly and/or stupid enough to pay for these kinds of "services".
EDIT:
Here's how Scirra (the Construct 2 guys) are handling spammers on their forum. There might be some good tips in there.
Pretty easy to implement.
Curiously, the cleaning casette website (which I opened via google, so there won't be any hits from here) doesn't actually contain any content. It links directly to a "medical insurance asistant .com" which is just a blank webpage. You can easily get into the index which also contains very little aside from a php that seems to generate fake email addresses.
are you sure they weren't just copying an earlier reply? I've actually seen a bot post words that I've previously posted
Aye, I completely agree on that point. Just saying that it's quite a bit of work for the mods though. So personally I would prefer that they approved the first two or so posts in order to make sure they're not bots, like they did previously.
I'm not sure how it is in the US btw (or wherever this server now is located) but at least in Sweden it could actually have legal implications of using the method where you approve posts as well. Approving a post is seen as agreeing with the content being distributed, so if someone posts something racist, illegal w/e, the owner of the forum will be held responsible.. It's a bit crap :x
/edit: Basically, what I'm trying to say is: I also hate the spam, but I understand why polycount chose to do this as well. Now that they got more mods though, they may want to look into bringing the approval process back, but then they got to make sure it's done properly for their own sake.
aside from that the only good method is approvals, since most other effective methods effect legit users too, such as asking questions on registration.
and i was getting loads of 502 too yesterday... "glad" to know i was not the only one, had a way long wall of text i was gonna post, and couldnt cos when i hit the post reply button got the 502 error...
What I found interesting is that one of those bots even had avatar. I'm all for approving few first posts. It is rather bullet proof.
One thing I had mentioned in one of my reports was - is there a way to simply ban the phrase or prevent posts containing the phrase "cleaningcassette", or what have you? I'm not talking simply filtering it like considering it a "swear" (as this would allow the post and simply change the phrase), but actually not allowing posts containing it, or something of the sort?
I have no idea what's possible with this sort of thing, I'm pretty sure this wouldn't exactly be a built in function. And I guess then they could just use a tiny url or something.
Definitely becoming a prevalent thing, though.
Actually it works well for the one I admin. Only 8% get through it. The rest never make the first log in so it makes it easy to clean up as I just delete anyone who has never logged in. That still ends up 2-4bots a day I have to seek where their ips come from.
BTW Invaluable.
http://www.stopforumspam.com/
I haven't cleaned my cassettes in weeks, just to boycott them.
God help us all.
we cant find it all so please spam the report button as much as you need to.
Everyone's help is really appreciated.
Just an idea though, might be better, automatical ways to handle it, but often there is bots against those as well.
I'm pretty sure that's how registering worked up until about a year ago. The mods got tired of sorting through all of the verification posts and decided it'd be easier to just remove the spammers.
You should really reduce the report time-limit then. 60 seconds is just too long, I was gonna report more than one, but just gave up when the second one told me to wait another 30 seconds before I could submit again...
30 seconds is a better option I think.
Maybe let people with 200+/500+ posts being able to report more aggressive.
the time limit is just to stop the feature from being spammed since it can take a lot of resources to update the db every few seconds with reports.
the idea of no time limit or a short one for regular polycounters, above maybe 500 or 1000 posts sounds like a good idea.
We're at war. No one wants to admit it but polycount is under attack.
I'm sorry, I'm having trouble hearing you- I'm getting a lot of bullshit on this line.
Oh- I should go.
omg, i laughed here hahahahahahah
.........and then the sysop upgraded the Debians, the image rotation bug is fixed and now I get my high volume of spambots again. :poly142:
Post in that thread presenting yourself, and you get access to the post as much as you see fit, don't post, and you can't post at all.
Easy way for Mod checkup I would say, since you're streamlining to one place the initial post if you're a human or not.