Have You Thought About Implementing Spam/Bot Countermeasures

The amount of spam posts on ATS has recently accelerated. It seemed like in the past, the spammers were just creating 1-2 accounts, making a handful of posts, and that was it.

Looking through the forum this morning (12/30/2021), I see about 24 posts in various threads, all from the account "COVIDTruth". All of these posts from this account have nearly identical time stamps. The spammers are using a bot or other software to automate these posts. Without going into too much detail, with the current construction of the site, if the spammers had a mind to really disrupt ATS, they could probably achieve it.

Fortunately there are tools and techniques that can be deployed to slow down, if not totally eliminate, this sort of thing.

CAPTCHA is one of the more widely used and well-known tools for blocking automated interaction, i.e. bots, from a site. An example of CAPTCHA are the collage of pictures that appear when you push a button on a site, requesting that you select all pictures in the group that meet certain criteria. Sometimes CAPTCHA takes the form of a series of letters/words that the user is asked to type into a text box to continue their interaction with the site.

Of course, there are also lower level techniques to block traffic via IP, although it's very easy now to circumvent that, which I'm sure you already know.

Cleaning up after the spammers has probably been a bit annoying for the mods, although 20 or so posts is not such a laborious task to clean up from. However, without more sophisticated measures to block bots/spammers, they could probably create several orders of magnitude more posts than that instantly, which might take a lot more effort to clean up, and even so, the mess in the threads would (with the "post removed" marker) be quite annoying.

Hopefully the new owners take the small amount of time and effort required to keep the site secure from bots spamming the forums (or worse).

For the love of God don't use god damned CAPTCHAs to solve problems. If automation and ease is more important than user experience, by all means, but I'm gone. I don't even use Google due to that nonsense (behind a VPN so it's always a problem).

Y9u have never seen the Geico Insurance commercial "do we really need another robot check ?" , have you ?

a reply to: Paschar0

I encounter CAPTCHA all the time for some sites, even without using a VPN.

There are other implementations/providers of anti-bot site protection. Probably most of the CDN providers offer this, e.g. Cloudflare

I think you have it backwards: anti-bot prevention is intended to reduce automated interactions, and improve user experience.

a reply to: SleeperHasAwakened

CAPTCHA not stopping that muppet [snipped] or the bot with the same name.

Pain in the arse really, cant see why the account has simply not just been permanently banned or deleted.

Save the mods having to clear up the mess put it that way.

originally posted by: Gothmog
Y9u have never seen the Geico Insurance commercial "do we really need another robot check ?" , have you ?

I watch very little TV, and when the annoying commercials like Geico or Liberty are on TV, I either change the channel, fast forward by it, or just mentally zone out.

originally posted by: andy06shake
a reply to: SleeperHasAwakened

[Snipped]

The spammers can, and have been, creating new accounts.

Account blocking is a reactive means of tackling the issue, and it's basically a "whack-a-mole" approach.

Any legal experts here that could chime in on what it would look like to press legal charges on this individual? I would be willing to throw in some money.

a reply to: SleeperHasAwakened

I know that SleeperHasAwakened i have reported a few myself when i come across the posts derailing threads.

I have to wonder also why they imagine pissed off people are apt to even ponder there spurious SPAM or click the links provided???!!! LOL

a reply to: Absinth3

If the spammers have more than a few functioning brain cells, they use a VPN service, and change up their connection source frequently.

If they are smarter than the average bear, they are using onion routing/traffic anonymizing services.

It could prove to be a tall task to track them down, and even then, I don't think there are any laws to prosecute spammers on a fun/entertainment site, most especially if the spammers don't reside in the US.

a reply to: SleeperHasAwakened

Site is no longer US owned.

Guy in the UK bought the place last year if memory serves.

Pretty much the same to similar legal problems over here i imagine with regards to prosecution all the same.

originally posted by: andy06shake
a reply to: SleeperHasAwakened

I know that SleeperHasAwakened i have reported a few myself when i come across the posts derailing threads.

I have to wonder also why they imagine pissed off people are apt to even ponder there spurious SPAM or click the links provided???!!! LOL

My hunch is that they're not interested in selling anything. They are banking on a few p1ssed off people clicking links out of anger/curiosity, which is a recipe for getting phished.

As I mentioned, though, spamming 20 or so threads is about as benign as this can get. There are more nefarious things that could be done to damage/cripple the site. That's why IMO this should be done straight away.

originally posted by: andy06shake
a reply to: SleeperHasAwakened

Site is no longer US owned.

Guy in the UK bought the place last year if memory serves.

Pretty much the same to similar legal problems over here i imagine with regards to prosecution all the same.

Thanks, did not know that



How did you come across that information, if I can ask? I was under the impression nobody knew the identity of ATS' purchaser.

ETA:

While the site may not be U.S. owned, the hosting service it uses is based in the U.S. (or at least that's where site is hosted)

~ $ dig abovetopsecret.com name | grep "ANSWER SECTION" -C 2
;abovetopsecret.com. IN A

;; ANSWER SECTION:
abovetopsecret.com. 179 IN A 198.15.108.202

~ $ whois 198.15.108.202 | grep -i address -C 4


OrgName: SECURED SERVERS LLC
OrgId: SSL-65
Address: 2353 W University Bldg A
City: Tempe
StateProv: AZ
PostalCode: 85281
Country: US
--
network:Network-Name

rivate
network:IP-Network:198.15.108.200/29
network:IP-Network-Block:198.15.108.200 - 198.15.108.207
network:Org-Name

rivate Customer
network:Street-Address:
network:City:
network:State:
network

ostal-Code:
network:Country-Code:

originally posted by: Paschar0
For the love of God don't use god damned CAPTCHAs to solve problems. If automation and ease is more important than user experience, by all means, but I'm gone. I don't even use Google due to that nonsense (behind a VPN so it's always a problem).

Actually, tough. A captcha option would definitely help nuke spammers in their tracks. Hence, it'd be worth it.

Onus is on VPN providers (I e built-in or a service) to buck up & find a more seemless solution.

a reply to: SleeperHasAwakened

I seem to recall the fellow mentioned he was from the UK in an introduction.

As to his actual identity i think that's still somewhat unknown.

a reply to: SleeperHasAwakened

Just a pain in the arse more than anything else.

Most peeps around these here parts are a touch paranoid at the best of times all the same.

Cant imagine them clicking on spurious links without first taking precautions if im honest.

But i suppose they would not do it if it did not yield some sort of result.

a reply to: SleeperHasAwakened
If I start getting CAPTCHAS for whatever reason even occasionally here, I'm gone. I'm not owning the problem or willing to be a part of the solution by jumping through hoops. If there's a better way then great, but you mentioned it specifically, so I'm speaking to that. Like you said, I'm sure there's another way that works for everyone.

a reply to: SleeperHasAwakened

Even with a VPN they have their link hosted on some type of static web hosting.