It is currently Tue Nov 13, 2018 10:53 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 24 posts ]  Go to page Previous  1, 2
Author Message
 
PostPosted: Sun Sep 02, 2018 6:36 pm 
Offline

Joined: Thu Nov 09, 2006 12:44 pm
Posts: 556
Location: Washington State
Ah. Thanks.


Top
 Profile  
Reply with quote  
 
PostPosted: Sun Sep 02, 2018 6:39 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 33459
Location: Minneapolis
I only just found out myself after a bit of Googling. Don't have all that much reason to use it yet. :)

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
 
PostPosted: Mon Sep 03, 2018 7:42 am 
Offline
User avatar

Joined: Wed Aug 23, 2017 6:49 pm
Posts: 383
Location: Wooster, Ohio
Since my wife and I just bought a house, we triggered the Spam Lords. Their documents correctly identify our bank and our loan amount.

Nanohedron wrote:
awildman wrote:
Maybe they are just casting a wide net and it was pure coincidence. Either way, I feel that this goes quite beyond 'normal' spam.

Some of these folks are a lot more hands-on and detail-oriented than your average spammer. Every now and then when vetting new C&F members, we find spammers who went to a lot of trouble to seem legitimate. Some of it's pretty impressive, but so far there's always some sort of dead giveaway in there somewhere. We don't see these more resourceful cases very often, though.

But as you say, it could just be a lucky catch from a wide net. I'd operate on the assumption it wasn't though, just to be on the safe side. Reporting it will go a long way in the States, as the FCC is keen to nab these people.


In regards to spam, I think it is easy to forget or not notice how much information is available on the internet. For example, my County Auditor publishes a lot of information about every housing sale and about every lot in the county (For example: here is a report for this week's sales for my county: http://waynecountyauditor.org/Reports.a ... eTab=Sales ; ). I don't how common posting this information is in other states, but it seems to be popular in Ohio. All that being said, it would be relatively easy to scrape this data or data like it from the internet and use it for mailings. (I've started getting "Welcome to buying a house in the neighborhood!" mail. My guess is that they probably scrape this data and are paid by local businesses to do create mailings and send them to the names and addresses that they scrape. (For example: https://www.ourtownamerica.com)

Other than that, a lot of companies do sell or share people's data. Credit Bureaus, charities, Facebook. And these are just the legal ways.


Top
 Profile  
Reply with quote  
 
PostPosted: Mon Sep 03, 2018 12:33 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 33459
Location: Minneapolis
That I'd expect, because they're using what is essentially public information. The bank and loan amount, though, is hitting a bit too uncomfortably close to home for my liking. You'd think these people would have the good grace to tone it down some. It seems too much on the rapacious side.

As to C&F spammers, most merely want to sell gold, insurance, real estate, designer goods, or offer dating services; that sort of boring, predictable thing. At least they're up front about it. But every now and then someone actually demonstrates a clue as to what this site is about, and they try to fool us that they're into whistles or Trad, and similar. I always have a grudging admiration for those because of the efforts they went to; not much pity, though.

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
 
PostPosted: Mon Sep 03, 2018 2:11 pm 
Offline
User avatar

Joined: Wed Aug 23, 2017 6:49 pm
Posts: 383
Location: Wooster, Ohio
Nanohedron wrote:
The bank and loan amount, though, is hitting a bit too uncomfortably close to home for my liking.

I hope that was an intentional pun.

Nanohedron wrote:
As to C&F spammers, the vast majority merely want to sell gold, insurance, real estate, designer goods, or offer dating services; that sort of boring, predictable thing. At least they're up front about it. But every now and then someone actually demonstrates a clue of what this site is about, and they try to fool us that they're into whistles or Trad, and similar. I always have a grudging admiration for those because of the efforts they went to; not much pity, though.


I remember finding a concertina and accordion forum in my youth; the first thing I did was post a question about a cheap $50 concertina and then I got blocked immediately for being a spammer. (I was able to make an appeal and was unblocked, but I really didn't hang around much longer.)

What types of things tip you off that they are spammers or inauthentic?


Top
 Profile  
Reply with quote  
 
PostPosted: Mon Sep 03, 2018 3:03 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 33459
Location: Minneapolis
AaronFW wrote:
Nanohedron wrote:
The bank and loan amount, though, is hitting a bit too uncomfortably close to home for my liking.

I hope that was an intentional pun.

I wish it had been. :oops:

AaronFW wrote:
I remember finding a concertina and accordion forum in my youth; the first thing I did was post a question about a cheap $50 concertina and then I got blocked immediately for being a spammer. (I was able to make an appeal and was unblocked, but I really didn't hang around much longer.)

That seems rather reactionary of them; not everyone will know that a $50 concertina is going to be pretty worthless. But maybe it could have been in how you posed the question. OTOH, from personal experience I can understand why admins might be skittish, especially if they don't have screening processes to help them. Until we finally settled on our present screening model, things were almost like the Wild West around here, with anyone being able to join and post right away with but a click and nothing more (seriously, I might never have been admitted otherwise; I was an even bigger putz then). Obviously, that made for a big gamble in Board quality, unless you consider p0rn and homophobic trolling on a family website to be laudable expressions of free speech. Back then, the mod could only chase down malicious newbies' offenses after the fact, and hope the cleanup was timely enough. And then one day the spam really started to fly, and it's been that way ever since. If anyone thinks we're doing all this management simply for the power trip, think again. It's a bloody adventure, folks.

AaronFW wrote:
What types of things tip you off that they are spammers or inauthentic?

Lots of things, and that's good. This is useful stuff for any admin to know, and maybe other people could also make use of at least some of it to good benefit, too. Much of it, I think, is common sense. But bear in mind too that the following examples are only within my particular filters and strengths; another mod might share them, but have others as well. Ben certainly has strengths that I do not, and vice versa, so that makes for a good team. Anyway, your vast majority of spammers won't profit by what follows in this post - trust me on that - and if there are any remaining few that are truly ahead of the game (whatever that means), I haven't seen them yet, so I think it's safe to lay bare our darkest secrets, here. :wink:

Certain IP and email addresses are on spammer lists. That's usually our first go-to when we're suspicious but unsure. Sometimes the username or email address gives it away: "Coinprofitgalore" or "Bestshoes" ought to tell you something. After that, location (but this is only from hard experience, I'm afraid); applicants from certain locations are going to have to do a really, really good job at convincing us of their sincerity, and that doesn't mean us simply taking their word for it; those had better show a clear, convincing interest in specific things our members are involved with, and be able to express this in so many words, as any other honest member would to the best of their ability and without thinking much about it. We have on occasion been pleasantly surprised, but the rest continue to live up to bad reputation. Another good tipoff would be usernames bearing a proper name (Sarah, say) but having an email address with a different one, of either gender or combinations thereof; I can't recall when that wasn't ever a dead giveaway. Proper names themselves are often worth looking at, because sometimes they or their combinations just seem weird, and a spammer is almost always behind it. If we see a throwaway email account, we don't even question hitting the nuke button. And there are ways that their tells don't quite come together well enough for credibility, too. "Tell" is our own admin shorthand for that part in your profile where you tell the reader a little something about yourself, hence the name; don't know what others call it, but suffice it to say that for me, the tell is highly important in my sleuthing, as in the third example above. There are a number of ways in which inconsistencies might show up, so you have to be able to read into the tell and what surrounds it; for example, from time to time someone identifies themself (jeez, I hate that word) as a teacher looking for students and will vaguely profess their love of Our Thing (being cryptic here, just in case :wink: ), yet their website only offers tutoring of the conventional type you'd find in any average school, and makes no mention anywhere of Our Thing in any way: that is not going to inspire our confidence at all. They're obviously here to promote a business that in the end really has nothing to do with what we're about, and we find it safe to assume that despite their education, they will in fact be unequipped to contribute meaningfully to our kind of conversations - we've seen it before - and likely they never intended to in the first place. Sure, maybe they really did mean to learn about Our Thing in the meantime, but they never say as much, so without that assurance I'm perfectly willing to err on the side of caution. Even with it I'd be skeptical, to be honest. Sometimes the tell is close to convincing, but is more or less obviously cobbled together from things picked up elsewhere, or even from here: we've had tells that were copy-and-pastes from already-existing C&F posts. Not a bad tactic, because it looks really good at first glance so long as it doesn't look artificial, which is pretty much...never. But you do have to check. Some just say things like, "I like for long walk on a beach and be post to this very excellent forum." Lotsa vague flattery attempts in bad English out there. Some epicures simply like beer and flowers; and then there are the more assertive Alpha types who confidently assure me that, due to their considerable experience, they have much to contribute - but they always neglect to say in what, and to what. 'Nuff said there. Some tells are total random gibberish and don't even merit a second look. Starting with "I am not a spammer" always raises suspicion, but legit users sometimes do that too, so there you have to be careful.

We should be around a campfire for this, don't you think?

I'm sure I've missed a few tipoffs on this generalized list. Of course not all of the examples I cited (especially among the tells) will necessarily be spammers per se, but neither do we want to sign up people who have no real interest in our purpose for being here. If their interests really coincide with ours, that will come out in the tell, recognizably and almost without fail. Of all factors that can be weighed, I personally find the tell to be very useful as a starting point for all. As you might be able to guess, sometimes it's all you need, but we usually verify all the same.

But of course you can't know all the time, and spammer sophistication does seem to be increasing somewhat, but not nearly enough for us to be alarmed. And on the other end, we've disapproved completely legit applicants because their tells looked truly spammy, so we mistook them; or we knew they were legit but they presented a bad "face", so we left them to cool their heels and, with luck, change their attitude. We've ironed those out when the applicant inquires, but sometimes the applicant seems not to care; in that case, neither do I. When we're unsure but have nothing concrete to hang our hat on, we let them in, and keep a close eye on them. IIRC, there was one case where we authorized an account and they started right in by reviving an old thread just to sell utilikilts. I can tell you that didn't last long, but at least they were on topic. Still, I'm pleased to be able to say that times like that are now few indeed. :)

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
 
PostPosted: Wed Sep 05, 2018 5:01 am 
Offline
User avatar

Joined: Wed Aug 23, 2017 6:49 pm
Posts: 383
Location: Wooster, Ohio
Fascinating. :o

I was always curious by the process not being more automated, so it is interesting to hear what you guys are doing with it and what you guys are doing to keep spammers out.


Top
 Profile  
Reply with quote  
 
PostPosted: Wed Sep 05, 2018 1:37 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 33459
Location: Minneapolis
I don't think we've ever discussed this at such length with the general readership before, but - and I hope Ben doesn't mind my presumption in saying so - it's our pleasure to show a little glimpse of how things work on the admin end. Of course prudence prevents us from divulging just any old thing, but this particular aspect poses no issues, and hopefully this knowledge permits members to feel all the more enfranchised, too; I see that as a good thing.

In case you thought that having a wealth of tipoff resources means we personally handle mountains of spam, the two don't equate, and in any event the latter is no longer true. When I said "it's been that way ever since", I only meant you can take it to the bank that spammers aren't going to dial it back on their own; no direct evidence is needed at all to make and back up that assumption. So if it made you think instead that we must be working without any automation, I apologize for the misunderstanding, and you can put that to rest as well. We've had automation for a while, now - and thank goodness for that. It's a CAPTCHA (a form of Turing test), and later Chiffers will have encountered it when signing up. I haven't had a look at ours, myself, but it'll be something on this general order:

Image

As you can see, it's designed to separate the humans from the bots, and it changes with every refresh or new viewing. No doubt you've already encountered these in some way, shape or form elsewhere, too. It's our first line of defense, and for filtering spam, I can highly recommend it without reservation. It does the lion's share of the work by far; without it, the sheer volume of spam would burn you out, and I know this firsthand. Before installing the CAPTCHA, we'd regularly have to handle an ever-increasing load that eventually reached from around three to over four and sometimes even up to five hundred entries per day, almost all of it spam - who knows how much more of it there'd be now - but because there might be just one or two legitimate entries in every fresh, steaming pile, we had no choice but to comb thru it all. We finally had to do something, and we're grateful for the considerable relief the CAPTCHA now provides. It's awesome. The CAPTCHA frees us from having to deal with bots, which make up nearly all of spam volume. Everything else that makes it past the CAPTCHA would do so by direct human agency, just as with legit accounts. That is when things are dealt with hands-on, and we use our noggins to determine what's good or bad. It's a necessary stage in the process. I wouldn't trust AI to do the fine work, and accountability matters, so I really don't foresee that changing any time soon. But at a rate now averaging only a handful of entries to be tackled per day, compared to the way it used to be, it's no big deal at all. Otherwise, with the rest of admin duties on top of it, I'd have neither the time nor the energy to blacken a page the way I do.

You take the good with the bad. :wink:

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
 
PostPosted: Sun Sep 09, 2018 3:47 pm 
Offline
Moderatorer
User avatar

Joined: Wed Dec 18, 2002 6:00 pm
Posts: 33459
Location: Minneapolis
Earlier, I wrote:
Another good tipoff would be usernames bearing a proper name (Sarah, say) but having an email address with a different one, of either gender or combinations thereof; I can't recall when that wasn't ever a dead giveaway. Proper names themselves are often worth looking at, because sometimes they or their combinations just seem weird, and a spammer is almost always behind it.

And what should turn up today but a perfectly classic textbook example of the above: The tell was about having musical interests and a desire to socialize (the first part in particular suggests a human did the application), but it was too conveniently vague, so I then compared the username and email address and found a mismatch, here of opposite gender, with one of the names in nonstandard spelling (a typo, perhaps, but c'mon: in what is supposedly one's own beloved name?), and a weird surname in addition to tie it all up. All the spammer flags of this type that could possibly be flying were present and accounted for. It was like Christmas on steroids. To confirm my suspicions, I then applied the following:

Earlier, I wrote:
Certain IP and email addresses are on spammer lists. That's usually our first go-to when we're suspicious but unsure.

Upon Googling the email address, sure enough I found four spammer list entries (one is usually enough for me), and those four made up the sole content of the entire page, which made my job even easier. In addition, the locations (plural, mind you) were from different countries, and each was on the suspect list as well, as if by then I needed any more convincing. Talk about having things handed to you on a silver platter; it left no question in my mind, and I can't say I was surprised.

On further searching after the disapproval, the surname proved, as I suspected, to not actually exist in reality; it just sounded "name"-ish, and this is generally true across the board: if it sounds maybe sort of plausible but somehow weird, that's usually because it's made up. All in a day's work...

_________________
"Time is the wisest counselor of all." - Pericles

"I remain not entirely convinced of it." - Nano


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 24 posts ]  Go to page Previous  1, 2

All times are UTC - 6 hours


Who is online

Users browsing this forum: Google and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group
[ Time : 0.116s | 12 Queries | GZIP : On ]
(dh)