Spambot activity - How you can stop it

Rumanti

MCAnimator3D wrote:
So a spambot puts viruses on your computer?! People these days…

… do anything for money… You mean?

:wq

ProdigyZeta7

Rumanti wrote:
MCAnimator3D wrote:
So a spambot puts viruses on your computer?! People these days…
… do anything for money… You mean?

It's one of those English phrases. It indicates one's disbelief of what people do. It's really quite stupid how people are willing to do anything to ruin the lives of others, such as creating malicious spambots.

Now spambots themselves don't carry viruses. It's their job to give you a link to a webpage with dangerous code: the kind that causes an automated download of content without warning the user. This content almost always contains some kind of malware or virus that is never detected at first.

Last edited by ProdigyZeta7 (Dec. 1, 2013 07:36:24)

Rumanti

ProdigyZeta7 wrote:
Rumanti wrote:
MCAnimator3D wrote:
So a spambot puts viruses on your computer?! People these days…
… do anything for money… You mean?
It's one of those English phrases. It indicates one's disbelief of what people do. It's really quite stupid how people are willing to do anything to ruin the lives of others, such as creating malicious spambots.

Now spambots themselves don't carry viruses. It's their job to give you a link to a webpage with dangerous code: the kind that causes an automated download of content without warning the user. This content almost always contains some kind of malware or virus that is never detected at first.

Okay thanks

:wq

scimonster

MCAnimator3D wrote:
So a spambot puts viruses on your computer?! People these days…

It sounded like first a human spammer registers and posts, then the spambot copies what the human did.

Retired Community Moderator
BTW, i run Google Chrome 41.0.2272.101 on a Linux system - Ubuntu 14.04. NEW: iPad 4th gen. w/retina.

418 I'm a teapot (original - to be read by bored computer geeks)
THE GAME (you just lost)
; THE SEMICOLON LIVES ON IN OUR SIGS

Harakou

On filtering links out completely, it probably would help, though in my experience, for every filter mechanism you add, spammers find a way around it. It would certainly make it tougher for people to follow their links, but it would also make things more difficult for new users without doing much to reduce spam.

And we are looking at implementing honeypots, so good idea there.

When it comes to reporting spam, try to avoid replying to the topics. Chastising spammers or saying “spam” isn't going to make them stop, and just bumps their topic back to the top of the list. Most people here seem pretty good about not doing that, but it pops up occasionally, so I thought I'd mention it.

ScratchJahd2011

Harakou wrote:
When it comes to reporting spam, try to avoid replying to the topics. Chastising spammers or saying “spam” isn't going to make them stop, and just bumps their topic back to the top of the list. Most people here seem pretty good about not doing that, but it pops up occasionally, so I thought I'd mention it.

That would be my fault, unfortunately.

…..

Sonickyle

NoxSpooth wrote:
I think I've already reported 3 “hey bro whats up” topics…

Yes, something has to be done.

I think's we're talking about the “Watch movies online!” spam posts.

I've been reporting them as soon as I see them.

No I don't make projects anymore. I left some time ago.
I only check the forums every now and then, but other than that consider me retired.

jvvg

scratchisthebest wrote:
Maybe we could give this CAPTCHA a shot?
So the idea is you have markup something like this:
<form>
  <input type="text" name="TheRealUsername" placeholder="Username" />
  <input type="text" name="username" placeholder="Please leave this field blank" class="hide" />
</form>
and a style like this:
.hide {
  display: none !important;
}
and then simply block anybody who tries to enter anything in the field with the name=“username”. This works because spambots just read the flat html and don't evaluate the style. It would be trivial to write your own bot to get around this, but only script kiddies or people who suck at SEO use bots and they don't know how to write their own. {{citation needed}}

—–
Now here's the above part, just rewritten so it's easier to understand :P
So you make the signup form look like this:
             ┌──────────┐
   Username: │          │ <- name="RealUsername"
             └──────────┘

             ┌──────────┐
Leave blank: │          │ <- name="username"
             └──────────┘

             ┌──────────┐
   Password: │          │ <- name="password"
             └──────────┘
, and then you take the box that says “Leave blank” and hide it way off screen. However, spambots are stupid and they will still enter their username into the “Leave blank” field! This is because spambots are “blind” - they can only tell the fields apart by their name. Then it's easy to see of someone's a spammer - just check to see of anything's in the “leave blank” field.
—–

Obviously this method won't block human spammers. There's nothing better than a good old fashioned report button, however. Press it whenever you're even only suspicious of spam activity.

Unfortunately, most spambots have adapted to that. I tried it on a forum I own, but it stopped working after a few weeks. That's why I now use stopforumspam.com and a much more advanced CAPTCHA.

Professional web developer and lead engineer on the Scratch Wiki
Maybe the Scratch Team isn't so bad — Why the April Fools' Day forum didn't work last year

jontmy00

I hate stopforumspam.com.

I haven't really encountered many, and the current spammers aren't as spammy as the 1.4 ones; the most I've found is 1-2 topics by the same user.

Harakou

jontmy00 wrote:
I haven't really encountered many, and the current spammers aren't as spammy as the 1.4 ones; the most I've found is 1-2 topics by the same user.

That's because we remove the threads and ban them very quickly, thanks to our dedicated users that report them.

You might not notice many, especially if you don't often browse the forum sections which they favor. It's a daily occurrence.

PullJosh

My idea: The ST should design a custom captcha where there are three parts of the scratch cat that you have to drag around and place in the correct positions to complete the image. It would be easy for humans, hard for bots, and it would still be scratch-styled!

Convert your Scratch projects to JavaScript automatically with Leopard!

Deerleg

PullJosh wrote:
My idea: The ST should design a custom captcha where there are three parts of the scratch cat that you have to drag around and place in the correct positions to complete the image. It would be easy for humans, hard for bots, and it would still be scratch-styled!

However, what if a trustworthy person couldn't figure it out?

SuperNicky

scimonster wrote:
I can testify that it's actually likely to take up to a couple hours to deal with spammas. (My latest report was “Spamma.” )
I think a simple captcha would be better than none; even just something like this one.\

:l not really sure about that one the spambot could put in
First name: sfhjseksjhgsiejreuk
Last name: ejkjkserhlsajifseofijsd

AonymousGuy

SuperNicky wrote:
scimonster wrote:
I can testify that it's actually likely to take up to a couple hours to deal with spammas. (My latest report was “Spamma.” )
I think a simple captcha would be better than none; even just something like this one.\
:l not really sure about that one the spambot could put in
First name: sfhjseksjhgsiejreuk
Last name: ejkjkserhlsajifseofijsd

But the point is the bot would have to slide it, which it might not be able to do.

turkey3_test

I saw two spambots today with sporting events and links. Sports ones are common.

ProdigyZeta7

I think I have the solution.

I've researched OCR (Optical Character Recognition) which is what spambots use to “read” CAPTCHAs. The problem is that every CAPTCHA is composed of letters. What there needs to be is a CAPTCHA image of a simple object, such as a car, apple, dog, etc. Bots can read words, but can they read pictures? Checkmate.

I think we are about to revolutionize the fight against spam.

scratchisthebest

ProdigyZeta7 wrote:
I think we are about to revolutionize the fight against spam.

Winner!

Now the downside to this is that a dictionary attack can be used if we don't have enough pictures

Also, the language barrier.

I am a Lava Expert

ProdigyZeta7

scratchisthebest wrote:
Also, the language barrier.

Right. So just have a translator ready.

Options:

*picture of an apple*

What is this a picture of?
a) Cow
b) House
c) Apple
d) Earth

After 2 or so tries, you have to wait 30 minutes before trying again.

Last edited by ProdigyZeta7 (Dec. 8, 2013 02:57:58)

scratchisthebest

ProdigyZeta7 wrote:
scratchisthebest wrote:
Also, the language barrier.
Right. So just have a translator ready.

Still, that's 100+ little strings that need to be translated into 50+ languages before we can roll this out.

I like the idea (a lot) but it might take a while to get started.

I am a Lava Expert

ProdigyZeta7

Updated, and moving to Suggestions.

Discuss Scratch