It seems that every year, the spammers change up their tactics to see how they can get past our content filters or automated spam system.
This year, the trend has been to copy a legitimate post from another user and repost it but then the spammer will:
- Embed spam links where legit links were once used
- Hide spam links / terms in the HTML
- Hide spam links / terms by changing the color to match the background
These tactics are nothing new, but the frequency at which is occurring is new for us. Unfortunately, these types of posts are often missed by the automated spam system as they appear to be legitimate. We are unable to "mark the post as spam" as then the system could start to learn incorrectly on legitimate words that we don't want "blacklisted". That results in a manual process to remove the spam.
We also see that other users do not recognize when these posts are spam and they interact with the spammer or even click the links in the posts. This could result in malicious or inappropriate content being presented to the user.
Ideally, the spam system would take other variables into account such as account creation date, if the content is a duplicate of existing content, etc. But since we don't have that...
Any tips for other approaches to combat these particular spam tactics?
Content filters have always been our best bet, but with the spam URLs typically changing, it isn't a catch-all.
Hi @lilim I've seen similar: Copy legitimate posts and repost with spam links. I can't answer your question directly other than to tell you how I significantly reduce spam in our community, and it catches a lot of these types of spam. It's being proactive. It's takes about 15-20 minutes a day.
First of all, this is only a reasonable approach if your normal community users use corporate email addresses, not gmail, yahoo, outlook etc. Our users are enterprise business users so MOST of them do.
I go to User Reports in admin every morning and search for new registrations from the day before. It's usually about 2 pages long. I then go through and look at each of the email addresses from gmail, yahoo, etc. and stick them into the Stop Forum Spam site search (don't dare post the URL or it may be treated as spam! 😉 ) If I find a match, I ban the users, often before they post anything. If they have posted anything, I can quarantine it then ban them. Since I've been doing this, the spam in our site has gone down quite a bit..
I have seen the same kind of "repeat genuine content and then something" even here on the Khoros Atlas over the past months. It's probably fairly easy to automate for the spammers. I can't see any existing platform functionality that would help you catch these. Maybe it's worth creating an export of posts by newly registered members that contain links?
What's encouraging about your post, @kgroneman , is that you have a recipe to follow that allows for automation and ideally for such spam check functionality to be productized even.
One of our spam moderators does those type of daily check of newly registered accounts. I don't believe that we are specifically looking at new posts for the day as Claudius mentioned though. Typically, we're seeing this problem occur overnight when we don't have as many hands on deck -- and by that point, there are already users that have replied.
I'd love to see a new user check built into the system!
What I'd ideally like to see is for someone to create a StopForumSpam plugin that works with Khoros communities. They do for a lot of other platforms. https://www.stopforumspam.com/ then go to resources > mods & plugins. If that were linked, new users would automatically be checked against their database and automatically blocked if listed. It's not just Khoros specific.
I add to their database daily as do hundreds of other community managers.
Interesting! If only those spammers could put their intellect to good use! The idea of automating this Spam list check for newly registered users sounds like a good Product Idea. In fact - it looks like something similar was put on the Roadmap 6 years ago. Maybe there is a solution out there?https://community.khoros.com/t5/Khoros-Community-Ideas/Automatic-detection-of-spam-accounts/idi-p/83...
Totally dependent on the level of activity etc from your users, but maybe it would be helpful to deny the ability to post html for the first rank in the structure? Ultimately there's a trade off of course, but even if it were a time bound rank wherein a user needed to be registered for at least a day to add, might slow things down. Of course, the concern that legit new users wouldn't be able to post html is fair, but could be worth a review of how often new users actually need to add links to external sites. I see screen shots for sure, but a link to another site is a little more suspicious imo. Just something I've seen done by some 🙂
That is an interesting idea, @Kerri! We have a "new member" rank/role applied for the first 24 hours and it is lifted when the user logins in again. This has some restrictions already, but limiting HTML might work well for this issue. Thanks for the idea!
Denying the simple HTML permission removes the HTML option from the editor, but it also removes the media uploader. This isn't ideal as we are a support community, but if we had to go this route, I'm sure we could make it work. The user can still change font colors and insert hyperlinks (with fake titles) though.
A neat one we had - Is one of our blogs had allow guest comments enabled by mistake - When this is on, guest users can also have their username itself redirect to a third party domain of their choice - Talk about finding a wild issue that even stumped Support for a bit - I was uber concerned how a spammer was hijacking a username link that should go to a profile, I didn't even realize guest comments was a thing 🤣