We’ve had a persistent barrage of seemingly human spammers on http://forum.webflow.com that always post during daylight/working hours in Pakistan/India. It got so bad that we ended up writing a Selenium script to crawl through the recent users every 30 seconds, and auto-hide spammy-looking posts from new users who have suspicious account metrics.
We’ve had that script running for close to 2 weeks now, and it predictably finds (and now auto-bans) spammer accounts, using mostly the user’s ISP (found under the “Organization” heading in the “IP Lookup” popup).
Here’s an example of all the spam accounts our script identified last night: Cloudup
All of the spammers come from a small set of ISPs:
- AS45595 Pakistan Telecom Company Limited
- AS24560 Bharti Airtel Ltd., Telemedia Services
- AS35662 Redstation Limited
- AS7590 Commission on Science and Technology for
- AS55740 TATA TELESERVICES LTD - TATA INDICOM - CDMA DIVISION
- AS38547 WITRIBE PAKISTAN LIMITED
- AS12586 GHOSTnet GmbH
Is anyone else seeing these types of spammers in your forums?
It would be great if we were able to specify as setting like
suspect_spam_isps to e.g.
AS45595, AS24560, AS35662, AS7590 and have Discourse forbid links inside posts for a 24 hour period for users who register via these ISPs. That would help us prevent spam posts altogether, instead of having to run after-the-fact scripts to clean things up.