We have encountered many types of spam here, some easy to identify, some difficult to spot. Not everything can be seen daily.
So I thought it should be written down what we've seen and tactics to recognize spam, as a help for new moderators and maybe also for the normal users. So, I'd also like to post this in SF, if nobody has any objections.
So, the spam:
The obvious
"Buy new Apple iPhone", yeah. Obvious spam is not hard to identify, especially when it's posted as a new thread. Not much to say here, but still 2 examples below:
The unobvious
Spam doesn't come in a single form, but in multipe forms, and you should pay attention to different things.
Beware of new users!
Bots are in nearly all cases new users with a low post count.
So everyone who does not clearly post anything ontopic should be watched with suspicion. Same counts for newly created threads, which might not clearly belong here.
At this point you should also remember that CFC is primary a Civilization side, and secondary a gaming site. Everyone who registeres and heads straight to one of the other areas is highly suspicious.
Beware of generic text!
Bots do not have to be dumb. They can have a low intelligence, they might even post ontopic. These ontopic posts can stem from different sources. They can be
Examples for generic text:
Examples for an internal forum copy:
Copy from wikipedia:
Generated text:
Why is this a bot? The post was from this thread, and like pointed out the Ziggurat is more or less an invalid option. The user had additionally a spam link set as homepage in his profile.
Beware of links!
Yes, spam should in most cases contain a link.
Links can be
Example for a fake signature:
Example for youtube spam:
Example for external smileys:
Note: It seems the spammers took the side down, so you cannot really see a smiley here. Else you would see one at the front of the second message.
More explanation:
That smiley was a simple , and not some fancy smiley which we don't have.
The bots basically post generic text in various places, and all the posts have a from an external site.
Like explained in the wiki article, this is meant to track users. Since every user who loads a page from CFC, loads in such cases also content from that external site (the smiley), it allows that external site to track the users within the forum, and if the spam occures also on other sites, the tracking is also possible across different sites.
Now you might say "Once a smiley from another site...the user didn't find our smileys". Not the case. The users were sure bots, with copy text, and the first site appears 24 times in the PB thread, the second 18 times, and er...there was a third, I think.
Example for spam in the location field:
Visitor message spam:
Private message spam:
Spam in a quote:
The original poster had the correct link. The spammer changed it in the quote.
Beware of...er....users, even if they don't post links
Spam should have links. But it does not have too.
We have seen bots who edit their posts later to embedd a link, and we have seen political spam without any sorts of links. So basically everything is suspicious.
The unusual
This section is not really meant for serious spam detection, but rather what other types of spam we've seen. We have encountered different things, including
A pirate:
Malware:
Porn:
PM Hatemail:
Note: That user name seems to be known in every forum in the web, but the intention...
A hacked account:
Note: The hack was independend from CFC, and due to other info we're sure that nobody else is in danger.
failbots:
That's why HTML is not allowed.
If a user has been registered, and has not yet confirmed his email, then most possible actions like responding to posts or visitor messages will result in a report. At least that sort of failed spam is easy to detect.
You can see, this PM was reported by a mod. The bot could apparently reply to the PM, which is send automatically with every infraction, with a spam PM. Didn't really work like intended, I guess.
What to do?
The most important thing is that you keep on open eye on who else is posting, and that you report suspicious things. In case of doubt we'd rather like to have more reports than less. This is especially important for PMs, VMs and posts within a thread, because they are not easy to spot, just due to the mass.
You can report a post via the button (or in the black CFC style), which is to the left of each post and to the top right of each private message. For visitor messages there is a link named "report". In case you see that a bot has created more than one thread, then please report only one. We normally remove all their posts, no matter how many different are reported.
Please also don't reply or even quote the bots. It's not very helpful when the moderator has finally removed the bot, but the offending material is still visible because you quoted it.
And since you have seen that not every bot is dumb: Use your brain! Did somebody who you don't know and who's not a known member here send you a suspicious PM? A friendship request? A visitor message? Keep an eye on that stuff. Bots can do that, and they will do it. There does not have to be a person at the other end.
Was this post necessary?
If you look through the images, you see that only a minority of the posts was reported.
Means the users did not recognize them as spam, or didn't bother to report, which is both bad. It might help with the former part.
I also hope that we could maybe collect other unusual occurences here. Because e.g. the smiley spam has not happened for quite some time, and if we see it again, it might be necessary that everyone knows about it and recognizes it. And new moderators might need an overview, because they just have not see what sort of stuff can happen here.
I hope this post was useful .
So I thought it should be written down what we've seen and tactics to recognize spam, as a help for new moderators and maybe also for the normal users. So, I'd also like to post this in SF, if nobody has any objections.
So, the spam:
The obvious
"Buy new Apple iPhone", yeah. Obvious spam is not hard to identify, especially when it's posted as a new thread. Not much to say here, but still 2 examples below:
Spoiler :
The unobvious
Spam doesn't come in a single form, but in multipe forms, and you should pay attention to different things.
Beware of new users!
Bots are in nearly all cases new users with a low post count.
So everyone who does not clearly post anything ontopic should be watched with suspicion. Same counts for newly created threads, which might not clearly belong here.
At this point you should also remember that CFC is primary a Civilization side, and secondary a gaming site. Everyone who registeres and heads straight to one of the other areas is highly suspicious.
Beware of generic text!
Bots do not have to be dumb. They can have a low intelligence, they might even post ontopic. These ontopic posts can stem from different sources. They can be
- Generic text. Probably every forum on the internet has a rants thread, a raves thread, a youtube thread, a welcome new members thread. It's easy to hack some generic phrases into a bot which might fit into one of these threads. A simple "Hello I'm new" in the "welcome new members" thread is suspicious.
- Copies from within the thread or forum. The easiest thing to make an ontopic post is to copy another post from within the thread, or to create a copy from an older thread. This can be hard to spot, so here you might want to look at the post count. Easier to spot when the bots make epic fails, like e.g. copying the text from the post before, or copying a thread which is totally out of line, e.g. one copied the OP of the "welcome new members" thread.
- Copies from elsewhere. We have seen that bots copied text from a thread in the 2K Civ5 forum, or one posted text from the Apolyton wikipedia article.
- Generated text based on already present text. There were bots who exchanged parts of a post, like e.g. they transformed "Hi, I'm George from Arizona" into "Hi, I'm Catherine from Flordia", or they answered the poll "What is your favourite building?" with "My favourite building is [last poll option]".
Examples for generic text:
Spoiler :
Examples for an internal forum copy:
Spoiler :
Copy from wikipedia:
Spoiler :
Generated text:
Spoiler :
Why is this a bot? The post was from this thread, and like pointed out the Ziggurat is more or less an invalid option. The user had additionally a spam link set as homepage in his profile.
Beware of links!
Yes, spam should in most cases contain a link.
Links can be
- Simply within the text.
- As a fake signature. Remember: New users cannot use signatures. If they seem to have a sig, then it's a fake and likely a bot.
- As "homepage" entry in their profile
- Related to above: There are bots which do NOT post! They just put a link as their homepage, and set a date as their birthday. So they will appear at some point at the main page, and random users might click into their profiles or google might index them (could be that other measures at the moment prevent this)
- As "location" in their profile
- In visitor messages
- In private messages
- In or as social groups. Yes, we had bots which created social groups for their spam.
- They can quote posts with some generic text, and modify the quotes to have links
- Youtube #1: We've seen bots which spammed youtube links to promotion videos
- Youtube #2: Most people know that youtube links look like youtube.com/watch?v=ABCDEF. Now there were bots which posted youtube.com/watch?v=ABCDEFXYZ. You would not notice it, but they didn't post a youtube link, but attached a new link to it. If you quote it, it would look like
[URL="youtube.com/watch?v=ABCDEF"]youtube.com/watch?v=ABCDEF[/URL][URL="evilspamsite.com"]XYZ[/URL] - As smileys. Using external smiles from other sites is fine. But we've seen the tactic to embed a from external sources. Makes no sense, you'd think? It does. These types of smiley are used as web bugs to track users and are therefore spam too (wiki: web bugs).
Example for a fake signature:
Spoiler :
Example for youtube spam:
Spoiler :
Example for external smileys:
Spoiler :
Note: It seems the spammers took the side down, so you cannot really see a smiley here. Else you would see one at the front of the second message.
More explanation:
That smiley was a simple , and not some fancy smiley which we don't have.
The bots basically post generic text in various places, and all the posts have a from an external site.
Like explained in the wiki article, this is meant to track users. Since every user who loads a page from CFC, loads in such cases also content from that external site (the smiley), it allows that external site to track the users within the forum, and if the spam occures also on other sites, the tracking is also possible across different sites.
Now you might say "Once a smiley from another site...the user didn't find our smileys". Not the case. The users were sure bots, with copy text, and the first site appears 24 times in the PB thread, the second 18 times, and er...there was a third, I think.
Example for spam in the location field:
Spoiler :
Visitor message spam:
Spoiler :
Private message spam:
Spoiler :
Spam in a quote:
Spoiler :
The original poster had the correct link. The spammer changed it in the quote.
Beware of...er....users, even if they don't post links
Spam should have links. But it does not have too.
We have seen bots who edit their posts later to embedd a link, and we have seen political spam without any sorts of links. So basically everything is suspicious.
The unusual
This section is not really meant for serious spam detection, but rather what other types of spam we've seen. We have encountered different things, including
- Pirates, who tried to advocate their cracks
- Malware
- Porn
- Hatemail
- Spam via hacked accounts
- Bots failing to spam
A pirate:
Spoiler :
Malware:
Spoiler :
Porn:
Spoiler :
PM Hatemail:
Spoiler :
Note: That user name seems to be known in every forum in the web, but the intention...
A hacked account:
Spoiler :
Note: The hack was independend from CFC, and due to other info we're sure that nobody else is in danger.
failbots:
Spoiler :
That's why HTML is not allowed.
If a user has been registered, and has not yet confirmed his email, then most possible actions like responding to posts or visitor messages will result in a report. At least that sort of failed spam is easy to detect.
You can see, this PM was reported by a mod. The bot could apparently reply to the PM, which is send automatically with every infraction, with a spam PM. Didn't really work like intended, I guess.
What to do?
The most important thing is that you keep on open eye on who else is posting, and that you report suspicious things. In case of doubt we'd rather like to have more reports than less. This is especially important for PMs, VMs and posts within a thread, because they are not easy to spot, just due to the mass.
You can report a post via the button (or in the black CFC style), which is to the left of each post and to the top right of each private message. For visitor messages there is a link named "report". In case you see that a bot has created more than one thread, then please report only one. We normally remove all their posts, no matter how many different are reported.
Please also don't reply or even quote the bots. It's not very helpful when the moderator has finally removed the bot, but the offending material is still visible because you quoted it.
And since you have seen that not every bot is dumb: Use your brain! Did somebody who you don't know and who's not a known member here send you a suspicious PM? A friendship request? A visitor message? Keep an eye on that stuff. Bots can do that, and they will do it. There does not have to be a person at the other end.
Was this post necessary?
If you look through the images, you see that only a minority of the posts was reported.
Means the users did not recognize them as spam, or didn't bother to report, which is both bad. It might help with the former part.
I also hope that we could maybe collect other unusual occurences here. Because e.g. the smiley spam has not happened for quite some time, and if we see it again, it might be necessary that everyone knows about it and recognizes it. And new moderators might need an overview, because they just have not see what sort of stuff can happen here.
I hope this post was useful .
Attachments
-
iPhone.jpg88.7 KB · Views: 477
-
livestreams.jpg62.7 KB · Views: 480
-
generic-text-1.jpg27 KB · Views: 428
-
generic-text-2.jpg22.6 KB · Views: 437
-
copycat-1.jpg42.6 KB · Views: 438
-
copycat-2.jpg69.9 KB · Views: 440
-
wikipedia-copy.jpg51.4 KB · Views: 449
-
FakeSig.jpg42.6 KB · Views: 482
-
youtube-1.jpg32.8 KB · Views: 441
-
external-smiley.jpg55.3 KB · Views: 513