"Chopped" Spam in New User Profiles


(TechnoBear) #1

I’m wondering if anybody else has noticed these. We’ve had around 30 that I’m aware of in the last couple of weeks, and none at all before that, AFAIK. We changed our sign-on system about the same time, and I’ve no idea if there’s a connection, or it’s just coincidence. We have been having issues since the change with recording IP addresses, and none of these has an IP recorded.

They all follow the same pattern: the website link is left blank, and the profile text is curtailed at 250 characters. Most have no links, and where there are links they are invariably in the form of a bald URL - no anchor text used. I’ve even seen one where the 250-character cut-off came in mid-URL. Many of them have the distinctive tone of “spun” content.

All accounts have read 0 posts.

While I’m not suggesting this is bot activity, it’s horribly bot-like. Any suggestions for combating it would be welcome. (I would still like to see an option to block profile text for TL0 users.)


Bot-like accounts
(Rafael dos Santos Silva) #2

I do believe that accounts that fill the bio before posting/reading get on the /admin/users/list/suspect list already.


(TechnoBear) #3

Yes - they do. But that still requires somebody to go through the list and manually delete them.


(Jeff Atwood) #4

Yes, I periodically go through and check these about once a month on boing boing for example. They get about 1 per day like this. These users never post, so their spam is the profile, but remember that new users do not show (are not allowed) clickable links on their profiles. And we actually suppress the about me text to other users for TL0 new users. So the impact is low.

Compare:

The only proposed fix is to pass new user “about me” through Akismet but we have not gotten around to it.


(TechnoBear) #5

My point in posting here was not to discuss Spam profiles in general, but to see if anybody else has noticed this exact pattern of Spam.

As I say, it started on our instance around the same time we changed the log-in system. I would like to know if that’s just coincidence. Have other sites seen this particular pattern cropping up? Do other sites have any information (such as IP ranges) which could help block these, given that we seem to have an issue with recording the IP addresses.