Spam bots tricking Discourse filter by editing


(Zsolt Ero) #1

Some new spam bots appeared, which are intelligent enough to optimise for Discourse’s built-in spam filters. They first make a comment without any links, and later on they’ll edit and add the link. Discourse doesn’t catch them this way. For example the following revision:


(Stephen) #2

I’ve experienced this too, the most insidious are burying links in punctuation with their edits. Instead of generating clicks from the victim site they seem mostly concerned with creating inlinks and are oblivious to the nofollow being applied to said links.

The other more worrying trend is wiki edits, unlike posts and post edits these don’t appear in the user activity, I can only tell that it has happened because they’ve received a wiki editor badge, without ever posting a wiki post.


(Sam Saffron) #3

Is this spam bot TL1 or TL0?


(Jeff Atwood) #4

I don’t see a link in that post. I just see text. Can you show raw?


(Zsolt Ero) #5

I deleted the user, and I don’t remember the TL.

The links were like the following:

 <a href="https://shareit.onl/">shareit</a>  <a href="https://mxplayer.pro/">MX player</a>

or

<a href="https://messenger.red/">https://messenger.red/</a>  <a href="https://kodi.software/download/">https://kodi.software/download/</a>

or

 <a href="https://viamichelin.onl/">viamichelin</a> <a href="https://putlocker.ooo/">putlocker</a>

(The end of three different posts from the same user)


(Sam Saffron) #6

TL is critical for diagnosis here, cause you can just disallow edits to TL0 which is fine, if the spam bot is smart enough to get to TL1 … well we have a diff problem.


(Zsolt Ero) #7

It was able to comment 3 posts + add 6 links without triggering the spam system, I think it must have been TL1, but I might check it in a backup.