Some new spam bots appeared, which are intelligent enough to optimise for Discourse’s built-in spam filters. They first make a comment without any links, and later on they’ll edit and add the link. Discourse doesn’t catch them this way. For example the following revision:
I’ve experienced this too, the most insidious are burying links in punctuation with their edits. Instead of generating clicks from the victim site they seem mostly concerned with creating inlinks and are oblivious to the nofollow being applied to said links.
The other more worrying trend is wiki edits, unlike posts and post edits these don’t appear in the user activity, I can only tell that it has happened because they’ve received a wiki editor badge, without ever posting a wiki post.
Is this spam bot TL1 or TL0?
I don’t see a link in that post. I just see text. Can you show raw?
I deleted the user, and I don’t remember the TL.
The links were like the following:
<a href="https://shareit.onl/">shareit</a> <a href="https://mxplayer.pro/">MX player</a>
or
<a href="https://messenger.red/">https://messenger.red/</a> <a href="https://kodi.software/download/">https://kodi.software/download/</a>
or
<a href="https://viamichelin.onl/">viamichelin</a> <a href="https://putlocker.ooo/">putlocker</a>
(The end of three different posts from the same user)
TL is critical for diagnosis here, cause you can just disallow edits to TL0 which is fine, if the spam bot is smart enough to get to TL1 … well we have a diff problem.
It was able to comment 3 posts + add 6 links without triggering the spam system, I think it must have been TL1, but I might check it in a backup.
Honestly, these bots are really smart. They post a “thanks for your post” reply first. There is absolutely nothing suspicious about it, even their email address is similar to their user name. Only googling the email gives results on spam list, nothing else really.
They wait for you to approve the post. Only then they later activate their spam posting bits.
These are not bots, they are humans. There has been a vast increase in human spammers in the last 8 years.
That’s been my impression too. It’s borne out in a variant of the technique described in the OP that we’ve seen. In this case the spammer “replies” to a comment and uses the Discourse quote feature to copy some of the other person’s text into their message. Then they insert their link into the copied block, thus making it look like the other user did it. Not sure if this is supposed to spoof the system into thinking the link is from someone of a higher T level or what. Kinda stupid, really, but definitely seems like something that had to be done manually, not by a bot. In particular, they don’t just drop the URL into the quoted text either; they highlight some text and use the link tool, adding a further layer of disguise. We’ve seen a few of these over the last couple of months.
我刚刚注意到,垃圾信息发送者会发布看似正常的帖子,然后在几周后返回插入指向类似[免费 Netflix]和[科技新闻]等内容的链接。
有没有办法防止低于 TL3 的用户在编辑中插入链接?甚至禁止低于 TL4 的用户在编辑中插入 URL 也可以。
或者有人找到其他方法来阻止这种情况吗?
是否可以让非管理员/非版主的所有编辑都触发帖子更新?我认为这样能让我们看到每一次编辑。人类垃圾信息发送者变得越来越狡猾了。
编辑:我正在查看一个垃圾信息发送者的帖子,它看起来完全正常且符合主题。除了被注入的链接外,没有任何迹象表明它是垃圾信息。
第一步是在“帖子编辑时间限制”中将允许的编辑间隔从默认值收紧至例如一天。除非您的用户经常需要编辑几周前的帖子,否则您可以在站点设置中用大约 15 秒关闭该选项。
我今晚要更改设置,但我希望还有其他方式,因为这可能会惹恼一些用户。如果人们知道无法回头修改内容,他们往往会更谨慎地自由发言。(在那些锁定编辑功能的论坛里,我发帖的频率较低,通常也感到不太自在。)
理想情况下,我喜欢无限制的编辑窗口,并且每次编辑都会将话题置顶。
这有点棘手,因为在包含 40 个帖子的主题中,第 12 号帖子可能被编辑。如果我们因此顶起主题,用户会感到非常意外,因为他们需要滚动浏览每个帖子才能看到。
我认为这里的一个替代方案是使用管理工具,列出超过特定阈值的编辑记录。但这会引入大量的额外开销。
另一个替代方案可能是为 TL2 及以上等级的用户提供更长的编辑时限。
为什么?“几周后”回来编辑某件事是非常反常的。如果你希望表明某些内容特别易于编辑,可以将其设为维基模式。你可以先测试“几天”这个不错的折中方案。
实际上,我现在会将此设置的默认值从 60 天调低至 30 天,因为“时隔这么久”再回来编辑的使用场景在我看来越来越荒谬了。
这或许会有所帮助。
目前,我已调整了添加链接和编辑帖子所需的信任等级,并略微提高了达到 TL1 的门槛。
我最近看到的最后一条垃圾帖子并非来自那种显而易见的垃圾信息发送者——而是一位完全融入网站、像普通用户一样发布深思熟虑问题的用户。
我将尝试通过查询所有由 TL0 用户进行的编辑来查找旧的垃圾信息。
如果标记某篇帖子为未读,难道不会只是在帖子旁边添加一个蓝点,并在用户访问该主题时自动滚动到该帖子吗?
有时人们可能会觉得自己说了些不想说的话,并希望将其删除。我们生活在一个人们所说的每一句话都可能伴随其余生的世界里,这可能会引发问题。人并非一成不变,他们可能不希望自己的过去(或仅仅是一时的愤怒)永远留在网上。在编辑受限的地方,我往往不会那么自由地在网上发言。
我突然想起来,有一个针对“新回复、编辑、删除或恢复”的帖子 Webhook。我还没确认,但如果能从请求头中获取操作类型(如“已编辑”),我就能编写一个脚本,将这些事件发布到外部仪表板进行人工审核。这样就能解决我网站上的问题了。
如果超过了 30 天(或 1 天,具体取决于您的设置)的期限,他们可以标记该消息请求删除。
如果您尚未关注,可能会发现姊妹主题 Human-driven copy-paste spam 很有参考价值。
这种垃圾邮件形式之所以能奏效,仅仅是因为它对版主和活跃社区都是不可见的。这就是它发生的唯一原因。或许所有编辑操作都能让主题在最新活动视图中置顶——如果主题已被阅读,则会直接链接到该编辑后的帖子。这样就能一举解决两个问题(垃圾邮件和无价值的初始复制粘贴内容)。
更简单的方案(虽然效果稍逊)是,我知道我和我的版主同僚都乐意监控一个专门视图,该视图仅显示被编辑过的帖子,并按编辑时间排序(或许还可以按信任等级进行可选限制)。
我觉得你说得对,@sam。我们这里需要两个站点设置:一个针对 TL0 和 TL1,另一个针对更高的信任等级。你能下周安排一下吗?应该很简单。
我建议的允许编辑时间窗口设置如下:
- TL0 和 TL1 — 1 天
- 其他所有 TL2 及以上用户 — 30 天(当前默认值)