Spam alert: sneaky spammers

hellekin · July 29, 2024, 2:52pm

Hear, hear!

Some spammers found a sneaky way to bypass Discourse security. But not for long. Here’s what community moderators need to watch for:

New users with proper profile, three legitimate but low quality posts (or AI-generated content) with autobiographer, first like, first emoji, first reply badges
Next post is longer, seemingly more elaborate, and contains at least two links: one of them is legitimate and one of them is SEO spam.
The SEO spam link has a short anchor that is hidden next to the legitimate link.

In other words, be watchful about seemingly enthusiastic new users who post short first contributions, and watch out for obfuscated links.

One of the trigger warnings is the discrepancy between email username (at usually some large provider) and the actual username; profile picture looks legit (and was probably stolen from an actual account.)

putty · July 29, 2024, 3:20pm

Have you tried using Akismet? It auto-flags almost all the spam on our site.

hellekin · July 29, 2024, 4:47pm

No, I didn’t. Discourse trust levels have been working very well so far, and I think it’s important not to rely on more code for most of the use-cases. Minimalism is an important feature for me, and for future life on our planet.

I would suggest harder regulation against spammers (and the advertising industry in general) but this is another topic.

Topic		Replies	Views
Difficulty interacting with Discourse as a new user via email support	8	1932	June 26, 2018
Auto-immune heavy-handedness: Anti-spam rules can appear to be overzealous community flagging, stymieing community ux	7	630	February 18, 2021
Spam bots tricking Discourse filter by editing support	28	2980	April 13, 2023
Problems with notifications emails for spam posts? support email	2	323	February 19, 2023
How to properly identify a spammer? community	6	898	May 26, 2022

Spam alert: sneaky spammers

Related Topics