Continuing the discussion from "Chopped" Spam in New User Profiles:
As mentioned in the linked topic, we started to get a lot of accounts with 250-character Spam profiles after we switched to SSO. Six days ago, the language of the Spam, and the associated e-mail addresses, changed to Polish, and since then we’ve had 30 Polish and only one English (with a Polish e-mail address) - 24 of them in the last three days.
In the last few days, we have also had a huge increase in other Spam profiles, all Polish, and all fitting such exact patterns that they look like bots to me. I understand the argument that bots can’t click the activation link in an e-mail, but the utter consistency of these looks bot-like to me. In my experience, humans creating multiple accounts invariably have occasional odd discrepancies - inconsistent capitalisation, typos, even clicking the odd post or the welcome message. These do not. Each matches its “type” exactly, and all have read 0 posts and spent less than 1 minute reading. None has a profile picture; all use default system letter. Unfortunately, we have no IP addresses recorded for these, but I would be most interested to know if anybody else recognises these patterns.
In addition to those mentioned above, in the space of three days we had 24 of this pattern:
- Username is a capitalised first name plus four random letters.
- E-mail name is a first name which does not match the username
- E-mail domains: subdomain.securemail.co.pl
- Name: “Proper” name, correctly capitalised. e.g. Kyle Guido, Raisa Seidensticker, Marcus Haefner. Does not match either username or e-mail.
- Profile text: URL plus single sentence. English, but has an air of “spun” about it.
(We have since blocked securemail.co.pl, and had no further sign-ups of that pattern, although we’re not sure if blocked e-mail domains work with SSO.)
In the same three days, 27 accounts of this pattern:
- Username is a capitalised first name plus two random letters.
- E-mail name is a name (surname?) which does not match the username, plus two digits
- E-mail domains: 4**.e90.biz
- Name: “Proper” name, correctly capitalised. e.g. Dennis Balle, Lenny Lyas, Todd Lleras. Does not match either username or e-mail.
- Profile text (all posted in “About Me”): URL which redirects. Fake “bio” which appears to be created from stock phrases. Last line is generally a proverb, or spun version thereof, with “new” replacing one word.
English, but has an air of “spun” about it.
A further 10 accounts for this pattern, over the same period:
- Username is 9 random lower-case characters plus two digits.
- E-mail name is short word or name followed by two digits, the first of which is 0. Repeating patterns: e,g. risk01@, risk02@, risk05@
- E-mail domains: Multiple; mostly lengthy German or Polish.
- Name: “Proper” name, correctly capitalised. e.g. Maksymilian Sikora, Adrian Wisniewski
- Profile text: 20 - 23 words, including URL; German nonsense text.
And the latecomer to the party - in the past two days, 17 of these:
- Username is 5 random lower-case characters plus two digits.
- E-mail name matches username.
- E-mail domains: wnmail.top, tpmail.top, xtmail.win
- Name: “Proper” name, correctly capitalised. e.g. Blandyn Kwoka
- Profile text: 250 characters, nonsense text with occasional “male sexual health” terms; mixed languages
So that’s over 100 Spam accounts in three days (not counting the handful of “normal” Spam accounts I’ve seen).
So far, thankfully, none of these has posted, but if these are automated or semi-automated accounts, that could get very messy.
As before, I’m interested in these specific patterns of sign-up, and whether anybody else has seen the same or something similar.