Bullshit temu everywhere

At the risk of jinxing us, good job mods. Didn't wake up to 20 ads. Thank you. Maybe you can help me unclog my inbox from all these penis enlargement ads. I only subscribed to 2 of them, now I'm getting hosed from every direction 

Jeremy L wrote:

At the risk of jinxing us, good job mods. Didn't wake up to 20 ads. Thank you. Maybe you can help me unclog my inbox from all these penis enlargement ads. I only subscribed to 2 of them, now I'm getting hosed from every direction 

Definitely don’t respond to those “singles in your area want to fuck” ads then. Had to walk away from an email account from one of those bad boys..

never met any of the single ladies either 

Yes, thanks Admins! 

The new algorithm failed completely this morning.  Maybe it's time for a new approach?

Get this spam out of here MP admins. You’re completely failing. Worry less about policing conversations about politics or the number of replies per day and more about the bots rampaging all over this site. Seriously. Have a limit on first time posters, to maybe one post on the first day, and then you’d be good. Get your shit together. 

I asked Gemini: "how can i prevent robots from spamming an on line discussion forum?"

It produced 30 answers...

Here are several methods to prevent robots from spamming an online discussion forum:

1. CAPTCHAs:

    How it works: CAPTCHAs present a challenge that is easy for humans to solve but difficult for bots. This can involve distorted text, image recognition, or simple math problems.   

Pros: Relatively effective at stopping basic bots.  

Cons: Can be annoying for users, and more sophisticated bots can sometimes bypass them.  

2. Honeypots:

    How it works: Hidden form fields that are invisible to human users but are filled out by bots. If these fields are filled, it's a sign of a bot.   

    Pros: Simple to implement and effective at catching many bots.

    Cons: Bots can evolve to ignore these fields.

3. Email Verification:

    How it works: Require new users to verify their email address before they can post.

    Pros: Helps ensure that users are real and have a valid email address.   

    Cons: Can be slightly inconvenient for users.

4. Akismet or similar anti-spam services:

    How it works: These services use algorithms to detect and filter out spam.   

Pros: Can be very effective at catching a wide range of spam.

Cons: May require a subscription fee.  

5. Moderation:

    How it works: Human moderators review posts and remove spam.   

Pros: Can be very effective at catching spam that other methods miss.

Cons: Can be time-consuming and requires dedicated moderators.  

6. IP Address Blocking:

    How it works: Block IP addresses that are known to be used by spammers.   

Pros: Can be effective at stopping some spam.  

Cons: Spammers can easily change IP addresses.  

7. Limiting Links:

    How it works: Restrict the ability to post links, especially for new users.

    Pros: Can reduce the incentive for spammers who are trying to promote websites.

    Cons: Can limit the ability of users to share useful resources.

8. Community Involvement:

    How it works: Encourage users to report spam.

    Pros: Can help moderators identify spam quickly.

    Cons: Relies on users being vigilant and willing to report spam.

9. Forum Software Settings:

    How it works: Many forum platforms have built-in anti-spam features that can be configured.   

    Pros: Easy to use and can be effective.

    Cons: May not be as comprehensive as other methods.

10. "Nofollow" links:

    How it works: Add the "nofollow" attribute to links in forum posts.

    Pros: Tells search engines not to give credit to the links, making it less attractive for spammers.   

    Cons: May not deter all spammers.

11. Question-based challenges:

    How it works: Ask a simple question that is easy for humans to answer but difficult for bots.

    Pros: Can be effective at stopping some bots.

    Cons: Can be annoying for users.

12. Rate Limiting:

    How it works: Limit the number of posts that can be made from a single IP address within a certain time frame.

    Pros: Can help prevent bots from flooding the forum with spam.

    Cons: May also affect legitimate users who are posting frequently.

13. Disallowing editing of posts after a short time:

    How it works: Prevent users from editing their posts after a short period of time.

    Pros: Can prevent spammers from editing old posts to add spam links.

    Cons: Can be inconvenient for users who need to make legitimate edits.

14. Require a certain number of posts before allowing links:

    How it works: New users must make a certain number of posts before they are allowed to post links.

    Pros: Can help prevent spammers from immediately posting spam links.

    Cons: May be inconvenient for new users who want to share legitimate links.

15. Don't allow posts as the first request in a session:

    How it works: Require users to perform some other action on the forum before they can make their first post.

    Pros: Can help prevent bots from immediately posting spam.

    Cons: May be inconvenient for new users who just want to make a quick post.

16. Require a valid HTTP Referrer:

    How it works: Check that the HTTP Referrer header is valid when a user makes a post.

    Pros: Can help prevent bots from posting spam from other websites.

    Cons: Can be easily faked by sophisticated bots.

17. Hidden form field with a name that sounds like something a spammer would want to fill out:

    How it works: Include a hidden form field with a name like "website" or "homepage". If this field is filled out, it's a sign of a bot.

    Pros: Can be effective at catching some bots.

    Cons: Bots can evolve to ignore these fields.   

18. "Enter the following word backwards" challenge:

    How it works: Ask users to enter a word backwards.

    Pros: Simple for humans to do, but difficult for bots.

    Cons: Can be annoying for users.

19. Time-specific hidden field in the form:

    How it works: Include a hidden field in the form that is valid for a limited time.

    Pros: Can help prevent bots from repeatedly submitting the same form.   

    Cons: May be complex to implement.

20. Manual moderation of every post:

    How it works: Human moderators review every post before it is published.   

    Pros: Can be very effective at catching spam.

    Cons: Very time-consuming and requires dedicated moderators.

21. Charge a nominal fee for new registrations:

    How it works: Require new users to pay a small fee to register.

    Pros: Can deter spammers who are not willing to pay.

    Cons: May discourage legitimate users from registering.

22. Use a different forum platform:

    How it works: Some forum platforms have better built-in anti-spam features than others.   

    Pros: Can be an effective way to reduce spam.

    Cons: May require switching to a different platform, which can be time-consuming.

23. Block known spam bot IP addresses:

    How it works: Block IP addresses that are known to be used by spam bots.

    Pros: Can be effective at stopping some spam.

    Cons: Spammers can easily change IP addresses.   

24. Use a firewall to block suspicious traffic:

    How it works: Configure a firewall to block traffic from known bot IP addresses and to detect suspicious traffic patterns.

    Pros: Can be very effective at stopping spam.

    Cons: May require technical expertise to set up and configure.

25. Use a combination of methods:

    How it works: Combine several of the above methods to create a layered defense against spam.

    Pros: More effective than using a single method.

    Cons: May require more effort to implement and maintain.

26. Stay up-to-date on the latest spam techniques:

    How it works: Keep informed about the latest methods that spammers are using and update your anti-spam measures accordingly.

    Pros: Helps ensure that your forum is protected against the latest threats.

    Cons: Requires ongoing effort.

27. Be ruthless in deleting spam and banning spammers:

    How it works: Take swift action to remove spam and ban spammers from the forum.

    Pros: Sends a message that spam is not tolerated.

    Cons: Can be time-consuming.

28. Make it clear in your community guidelines what is and is not acceptable promotion:

    How it works: Clearly state your forum's rules regarding advertising and promotion.

    Pros: Can help prevent accidental spammers.

    Cons: May not deter intentional spammers.

29. Get the whole community involved in fighting spam:

    How it works: Encourage users to flag spam and participate in discussions about how to improve the forum's anti-spam measures.

    Pros: Can help moderators identify and remove spam more quickly.

    Cons: Relies on users being active and engaged.

30. Don't allow editing of comments after a few minutes have passed:

    How it works: Prevent users from editing their comments after a short period of time.

    Pros: Can prevent spammers from editing old comments to add spam links.

    Cons: Can be inconvenient for users who need to make legitimate edits.

Marc801 C wrote:

How long before that list expands to hundreds/thousands of words?

Not that long, apparently, seeing as Bitget is the new Temu! Still seems faster to add a new word to the list when needed than to rely solely upon manual review and flagging. I know if I were an admin/mod, I’d rather add “Bitget” to the line of code containing “forbidden” words from new accounts than review the dozens or hundreds of nearly identical spam posts.

Limiting the number of posts per day seems likely to be reasonable and effective, particularly for new accounts. I know you said the limit on the number of new threads would be annoying, but have you ever actually started three new threads in a single day? Even when real people do this, it seems like it’s often either duplicate posts in different subforums or low quality posts. Would having to wait an extra day to post your third idea for a new thread be that much worse than the wall of spam we have now? Would you be ok with it if it only applied to new accounts? Maybe once someone makes a couple posts or comments and a week goes by without complaint, the rule loosens up or goes away.

It could ultimately end up just as bad if the bots make dozens of fake accounts per day rather than doing dozens of spam posts from a few accounts, but for now it would make the problem less bad. Immediately hiding flagged posts from new accounts seems likely to help a lot, and I know they have the code for this, because it was the old norm. Flagged accounts from new users can be temporarily silenced until a review either results in their ban or removes the restrictions if the flagging wasn’t justified. I think if a brand new account has a post flagged, all of their posts should be hidden until review, not just the single offending post, that way people won’t have to flag 15 duplicate posts one by one.

These seem much less annoying/restrictive than some of the other suggestions from Gemini in your most recent comment, like implementing a fee to make an account, restricting edits, or requiring all posts to be reviewed by moderators (this latter idea could work well if it is only applied to new accounts). Some of the other ideas are good, seems like there are many potential ways to mitigate this problem (until the bots get more subtle).

MP Moderators wrote:

We are aware of the uptick in spam activity and aim to quickly put a solution in place to prevent this.

Is this solely an uptick in spam activity, or was there a recent change that allows flagged comments to remain up? I’m seeing spam posts more than an hour old during peak hours, and posts I flag remain up. Spam posts during the day used to disappear almost instantaneously, presumably because they were removed immediately after being flagged (at least when the posts came from brand new accounts).

Edit: Spam posts just disappeared again, thank you mods.

Collin H wrote:

Not that long, apparently, seeing as Bitget is the new Temu! Still seems faster to add a new word to the list when needed than to rely solely upon manual review and flagging. I know if I were an admin/mod, I’d rather add “Bitget” to the line of code containing “forbidden” words from new accounts than review the dozens or hundreds of nearly identical spam posts.

We don't know exactly what techniques are being used by the sysadmins - automated, semi-automated, or manual or some combination thereof.

Limiting the number of posts per day seems likely to be reasonable and effective, particularly for new accounts. I know you said the limit on the number of new threads would be annoying, but have you ever actually started three new threads in a single day?

Actually, yes, on totally different subjects.

 Even when real people do this, it seems like it’s often either duplicate posts in different subforums or low quality posts. Would having to wait an extra day to post your third idea for a new thread be that much worse than the wall of spam we have now? Would you be ok with it if it only applied to new accounts? Maybe once someone makes a couple posts or comments and a week goes by without complaint, the rule loosens up or goes away.

Some combination of the techniques suggested by Gemini is likely the best approach. But you don't want to make those code changes lightly due to the risk of breaking other things  (eg: flagged posts not disappearing immediately perhaps?).

It could ultimately end up just as bad if the bots make dozens of fake accounts per day rather than doing dozens of spam posts from a few accounts, but for now it would make the problem less bad. Immediately hiding flagged posts from new accounts seems likely to help a lot, and I know they have the code for this, because it was the old norm. Flagged accounts from new users can be temporarily silenced until a review either results in their ban or removes the restrictions if the flagging wasn’t justified. I think if a brand new account has a post flagged, all of their posts should be hidden until review, not just the single offending post, that way people won’t have to flag 15 duplicate posts one by one.

These seem much less annoying/restrictive than some of the other suggestions from Gemini in your most recent comment, like implementing a fee to make an account, restricting edits, or requiring all posts to be reviewed by moderators (this latter idea could work well if it is only applied to new accounts). Some of the other ideas are good, seems like there are many potential ways to mitigate this problem (until the bots get more subtle).

And the bots are using AI now to improve themselves.

look what’s back

This site is becoming unusable

Easy fix. Block duplicate post titles. Make it so that each post has to have a unique title.

Climbing Weasel wrote:

Easy fix. Block duplicate post titles. Make it so that each post has to have a unique title.

That would be super easy for a bot to work around.  Code is dumb.  Changing one character from lowercase to upper defeats an attempt to block duplicate titles.  As does adding a random space in the title.  This is also why a list of disallowed words is problematic.  To code, Temu, tEmu, te mu, t.emu, etc are all different and would have to be listed individually.  The bots will just keep trying new configurations that aren't on the list.

The simple solution is limit the number of threads a user can start in a time period.  The code for this is like 2 lines and doesn't require the coder to try and come up with every possible variant of a word or phrase.  No one NEEDS to start 10 threads in a day.  Or even 3 for that matter.  Your 4th question can wait 24hrs.  This plus, a modern captcha wall (ASIRRA) for each thread started is such a simple fix I don't understand why it hasn't been done.  A middle school level coder could have done this weeks ago.

Query: By varying from uppercase to lower case and adding a max of one space and one period, how many permutations of "temu" can be made?

Response: 16 (case variations)×1 (no space/period)+16×5 (space only)+16×5 (period only)+16×25 (both space and period) Let's calculate this:

16×1+16×5+16×5+16×25=16+80+80+400=576

So, there are 576 possible permutations of the word "temu" considering the case changes and the possible additions of space and period.

That doesn't account for use of , instead of . or the countless other variations the spammers would try.  Just limit the number of threads that be can started and add a human access restriction.

Andy Shoemaker wrote:

That would be super easy for a bot to work around.  Code is dumb.  Changing one character from lowercase to upper defeats an attempt to block duplicate titles.  As does adding a random space in the title.  This is also why a list of disallowed words is problematic.  To code, Temu, tEmu, te mu, t.emu, etc are all different and would have to be listed individually.  The bots will just keep trying new configurations that aren't on the list.

The simple solution is limit the number of threads a user can start in a time period.  The code for this is like 2 lines and doesn't require the coder to try and come up with every possible variant of a word or phrase.  No one NEEDS to start 10 threads in a day.  Or even 3 for that matter.  Your 4th question can wait 24hrs.  This plus, a modern captcha wall (ASIRRA) for each thread started is such a simple fix I don't understand why it hasn't been done.  A middle school level coder could have done this weeks ago.

That doesn't account for use of , instead of . or the countless other variations the spammers would try.  Just limit the number of threads be can started and add a human access restriction.

Smart.

edit, since I’ve come up on the post limit…

If there are no more of these ads for a week I will PayPal one of the developers or mods 50$. 

Agree with Andy.

And it is much like us collectively wanting free milk from a cow. Someone has to pay the software developer.

A thread start per day limit could be strengthened by requiring both a waiting period after account creation before access to authoring threads, in conjunction with requiring a minimum number of posts on existing threads prior to being able to author new threads. This would allow real users to flag potential spam accounts as those new accounts post easily recognizable nonsense to existing threads meet the thread author requirement. Again, like 3 lines of code, and allows all real users to aid in identifying spam accounts. 

Yeah. “Tell Fell” just started 11 threads in about as many minutes.

Part of the algorithm could be tied to current forum activity. Always allow some minimum rate that is relatively easy to vet soon enough. Above that, throttle everyone to a new-topic rate of say 1% of the currently active threads. At least that way one might only need to skip over one or two out of scores.

And bring back the flag = hidden until vetted?

Tier 1 - New Account. Create one thread per day.

Tier 2 - Account age > 30 days AND total post count > 10. Create two threads per day. 

Tier 3 - Account age > 100 days AND total post count > 50. Create three threads per day.

That any user needs the ability to create 5 or 10 threads every 24 hours is super dumb. The system already restricts posting, so why not thread creation?

Y'all are assuming that the posts are coming from one user - you're ignoring how easy it is to create multiple accounts. That needs to be addressed as well.

My bet is that in whole or in part, the forum software is old and full of cobwebs. The people who wrote it are long gone -- it was written before REI bought this place. No one wants to touch it all that much because they'll just break it further. 

onX core business isn't in providing an online community through a forum, it's providing mapping data. It's not buried or a secret agenda: https://www.onxmaps.com/about

None of the other *project sister sites have a forum.