Human-driven copy-paste spam

Yep, I’ve tightened to 60 minutes. We’ll see what effect it has! If the spammers continue without paying much attention, we may wind up answering a lot of copy-pasted questions and just not getting the follow-up edits that add the links. It’s entirely possible for both the spammers and us to continue oblivious after the change. :smiley:

5 Likes

We are always interested in ways to better defeat spammers by default so keep us advised on the results!

5 Likes

So far we’ve run into one example (that we know of) where the 60-minute window restricted legitimate activity: A forum regular (TL3) wanted to edit their post at Compatibility testing of No Common Name - Issuance Tech - Let's Encrypt Community Support and was surprised to find they couldn’t. They followed up on our Lounge thread.

Is it true that lowering the edit window also restricts the ability to “Make Wiki?” If so, that makes sense, but it could be clearer. Maybe by keeping the “Make Wiki” option but providing an informative error?

A TL4 user later came along and made the post a wiki. I assume “make any post a wiki” is a TL4 privilege, but it doesn’t appear to be listed at Understanding Discourse Trust Levels. Might make a good edit to that post!

5 Likes

As an FYI, we just had our first instance (AFAIK) of a reply that was edited within the 60-minute window to add spam links: Plesk wildcard certificate renewal fails - Help - Let's Encrypt Community Support.

The reply was made at 2:25 am and the edit was made at 3:21 am. Which might be just a coincidence or might indicate intentional adaptation to the new limit.

4 Likes

No, I don’t think this is true. Have you found it to be the case? I’m unclear.

Your options at this point are to further tighten the time limit for editing, from 60 minutes to 30 minutes, 15 minutes, etc… or…

I believe a new release of Data Explorer should have the “show me recently edited posts” query bundled with it, but I am not sure when that will be released. What’s the planned date of release for that @rishabh?

That has already been merged last week with:

Sites that are up to date can see this on admin/plugins/explorer:

10 Likes

Yes, one of our forum users reported trying to self-wiki a post and failing, after I had changed the edit window. They were TL3 at the time. After I bumped them to TL4 they were able to wiki the post.

I can confirm that this is true, just tested on try. Both the “edit” and “make wiki” buttons disappear outside the post edit time limit.

I seem to recall it was intentional, not a bug. If a user is restricted from editing their post, they shouldn’t be able to make the post a wiki such that they can edit it. That bypasses the edit restriction. In this case staff interaction is required. We see this occur even here on Meta with some of our older #howto and #plugin topics that aren’t already wiki’d.

Reading more closely, it sounds like this is already the case so nothing else to do here then?

Yep, I think this was all “working as intended.” It was a bit confusing since the post edit time limit setting didn’t mention that it also affected wiki’ing, and when attempting to wiki, there was no notification that “you can’t wiki this post because it’s outside the time limit.” Those might be a couple minor doc improvements, though I also acknowledge this is a pretty niche area, so I don’t feel strongly if you want to leave it as is.

4 Likes

Let us know if you’re still seeing this today.

Yes, still seeing it.

For a while it died down, but then we recently increased the post edit time setting from 60 minutes to 24 hours, and within the first day we saw another instance of this edit spam.

5 Likes

We’ve been seeing this on our site, too — or at least the precursor to it. Our users and staff have thus far been pretty quick to notice the out-of-place plagiarized material and flagged the posts as suspicious before the spammer linked spam.

Is this something that could be automated for first posts, though? It’d be great to flag new threads that contain exact copies of existing posts.

1 Like

Not at the moment, checking one post against the text of literally every other post ever made is … quite expensive.

Any weird non-sequitur posts from new users should be looked at quite skeptically as a rule. This catches it for me most of the time.

1 Like

This works well for replies, but not as well for new threads. Since our forum offers support, most new users are asking questions that look fairly similar to other questions that have been asked (and sometimes the questions are copied from other sites, like reddit, though a lot are also copied from our own site).

3 Likes

Yeah those are viciously hard to pin down. Have seen a few of them myself on a different Discourse.

Are they exact copies, or modified in any way?

1 Like

In our case, the body has been near-exact copies. Frequently formatting is lost, but not always. Sometimes it’s just been a portion of the post. They’ve also always been new threads. The title, for some reason, has sometimes been the same and sometimes it’s inexplicably been the original title with the word “name” appended to the end. I agree that this seems human driven — I think someone is actually control-c, control-v’ing it in manually, and this process is lossy. So no, a simple hash check isn’t gonna work in nearly all cases.

We have yet to see this scheme actually come to fruition, whatever that is. In one case we missed a post for 14 days and it never got followed up on. I found it through a shared IP with another account doing the same thing. We also have our spam settings dialed way down because, even with these odd posts, we almost never have any actual spam. TL0s can post outbound links and images immediately. They can edit posts. So why the charade? It’s all very strange.

Edit: ah, the charade is because they not only dodge the automatic spam filter, but they also dodge eyeballs (and flags) from the active community since edits don’t bump the topic unless it’s also the most recent post. Thus to be effective, they not only need to look innocuous, they need to garner a reply.

2 Likes

Same as Matt, ours are mostly exact but commonly with some lost formatting or a subset of the post. We see this type of spam mostly on new threads, but also some off-topic replies on existing threads.

2 Likes

I can’t remember the details, but I believe they sometimes modified the links or URLs that were contained in the original posts, too. I assume it was to work around the new poster link limits, and because nobody wants to spam someone else’s website.

(They’d modify the original links even more when editing the spam in later.)

(Edit: Three Matts!)

3 Likes

Good news! We added a feature to help with this – lower trust levels have less time to edit posts. That should help mitigate the editing-related shenanigans.

As you can see, TL0 and TL1 users are limited to 1 day of edit time by default now @jsha @mnordhoff and @mbauman – you may want to ratchet that down that even further.

12 Likes