The URL was blocked but they're still at it: http://www.flyertalk.com/forum/membe...yhunzelma.html

He's back again and no, the URL hasn't been blocked, as far as I can tell.

Same link and domain, still happening.

http://www.flyertalk.com/forum/membe...ctprysyby.html

Yes, his daily routine on FT. I was surprised that this spammer took a little break over the weekend though. :p

He seems to be a bit less techie than the other one for the now blocked (un)healthy jpg link since his $ domain/link hasn't changed if admin did successfully blacklist said site.

Where is the URL showing up? I don't see it in the profile, which is where it was shown to me before adding it to the blacklist.

They append it to the end of their posts.

Their modus operandi is to reply to 2 threads in the Information Desk, 2 in TravelBuzz, 2 in Mileage Run. They copy about 10 words from a previous post in the thread and adding the URL in IMG tags.

So it appears as if it is a legitimate post as the 1x1 pixel image does not show up and the text is relevant to the thread (albeit copied from a few posts above).

The first post is edited I presume to add their URL, perhaps as FT blocks a user from posting a URL in their first post?

See my bolding
 

It's always attached to the very end of each one-liner post this spammer produced, such as "....I like the deal.http://............" (without space between the period and "http.....")

I can always see it when performing search by "Find all/more posts by <user>" and the jpg line is captured in the overview. It's very easy to spot since this line of spammers doesn't do long posts and the search results do have enough space to reveal spammers' intent/content.

He just got back. Again. I don't think jpg spammers ever had the links in profile. This is what he did in this thread:

He steals one line from a previous post, then inserting the same low-tech jpg link at the end of post. (I'll edit the hyperlink quote once admin takes care of it)

If the site is blacklisted, how come he's able to do it on a daily basis for about 15 days so far? It didn't take as long to successfully blacklist the spammer for life health us. com back in September.

The site is not blacklisted. We can't do that. We can pick a keyword, in this case f i n a n c e d e (without the spaces), and blacklist that. But if he's editing his post to insert it, it might not block it.

A while back the mods were compiling a *list* of spammer usernames. If you can start doing that again -- right here in this thread -- I can try to find patterns to block them with, such as IP ranges.

Also if he changes URLs now, let me know what the new one is.

Problem is, this is not a spambot. This is an actual human wasting our time. Very, very difficult to deal with.

That's what I've been doing for weeks in this very thread, hoping our able IT team to spot a pattern or two and come up with a more effective way to nip this line of jpg spammers from the bud since we know what specific site/s they are promoting. I can only report whenever I see one. I am sure the collaboration between admin and mod team does have more data points to deliver efficacy and efficiency.

What I was questioning was that $ site has been up for weeks and surprised why it took this long to block it since I've been seeing this human spammer use the same link over and over for more than 2 weeks. Nevertheless, thanks to finally take down this $ jpg link.

Quieter today?

I'll take that as a hell yes, lol.

One of the best things you can do to help is send me (via PM or email) the full text of the link(s) the spammer is placing in his edited posts. Then I can add the unique terms from them to the censored words list and they cannot be posted to FT any longer.

There's another spam attack happening now in Info Desk: "love problems" with phne numbers.

Is there an easy way to see whether there are any senior mods on FT, given that the forum mods aren't around now?

Alternatively, does FT have the technology--not commenting on whether this policy would be desirable--to block a new member from making more than a few posts in a short period of time? Or would it be possible--again, I'm not commenting on the desirability of such a policy--to allow a new member perhaps three posts during the first day and then send all additional posts by that person to a moderation queue even if they don't have links, etc.?

The mod team and FT admins have been collaborating closely on the recent spam increases over the past few months, and speaking as a moderator of one of the most heavily targeted forums, I think those efforts have been hugely successful. In fact, we've achieved such a dramatic reduction in the number and frequency of the attacks, I personally don't think FT even has a significant spam problem any longer. At least not for the timebeing ;)

There are a lot of needs and impacts that have to be considered in managing the problem, many of which can have negative consequences for legitimate users and moderators. I won't elaborate on those issues, but suffice it to say, it's more complex than it might appear, and preventing all spam is probably not a realistic goal.

So, while the spam posts that do get through are incredibly annoying, they generally present no immediate threat to FTers as far as I know. The best course of action is to report the posts and then be patient. We usually become aware of them relatively quickly… the info desk mods, for example, typically receive at least two or three alerts for any one spam post, and the large-scale attacks can generate as many as 10-15 reports. Rest assured, there may be a delay due to time zone and travel issues, but those posts WILL get cleaned up!

...plus, all moderators have the ability to permanently suspend the posting privileges of “spammers” who attack any forum on FlyerTalk.

I was the one who spotted that attack this morning and quashed it as soon as possible; but only Senior Moderators, the Community Director, and certain administrative staff of Internet Brands can delete content in forums which are assigned to specific moderators — as it should be.

Although there were at least a dozen threads launched by that “spammer”, I am confident that FlyerTalk members would not patronize what was being advertised. As aBroadAbroad correctly posted — the content posted generally presented no immediate threat to FlyerTalk members; and she cleaned up the mess dumped in that forum within a couple of hours at most.

Lastly, the best way to see who is on FlyerTalk — as well as options on how to contact them — is to access View Forum Leaders. To access this, hover your cursor over the FORUM menu option at the top of virtually every “page” on FlyerTalk; then click on the first option called Forum Home. Then, scroll down to near the bottom to find View Forum Leaders as one of the two options in the dark blue bar.

I hope that all of this helps...

You can always post or PM to me the handles *and any links* that a spammer is posting and I will do my best to block IP addresses and add unique keywords to a block list.

Paul

Die Harder than Bruce Willis...
 

After a week, he's back today, unfortunately.

The $ spammer's new tactic is a mockup link, http://.....com/......, this time.

I now don't understand the point of this spam. It's not spamdexing (unless they now want to spamdex the URL shortening site).

Perhaps the plan is to change the image file from a 1x1 pixel image to an advert or other image, but the previous iteration with a health__.com image is still a 1x1 pixel file..

In this case, it didn't seem to be a link.

However, I've noticed a bunch of other suspicious posts by some brand new members that seem to quote without attribution a line or so from another post above them in the thread and then show evidence that the post was edited by its author. I wonder whether the original post contained a link or picture which they then removed themselves. Maybe I'm naive here, but it's hard to see any motivation for doing this unless it's some bot trying to build a post count.

I agree that FT members are unlikely to call the phone numbers or otherwise be immediately harmed (unless they want to risk this--maybe there are FT members who want to pay for phone sex or something similar and if so, that's their business), but by this criterion (immediate harm to individual FT members, or at least those who don't want to be harmed in this way), much of the spam could just be ignored and stay on FT.

Just so there's no misunderstanding, I'm not advocating or suggesting in any way that the spam be left intact on FT. I recognize that dealing with it is an important and especially time consuming task that must seem terribly unrewarding at times. I also realize that FT can never be "100% spam free", nor would that be a reasonable goal (because, for instance, it would be too time consuming, too frustrating, and too likely to divert attention from more important issues).

My concern when I see a spam attack focuses more on the impression that it could give to someone visiting FT for the first time. People say that you never get a second chance to make a first impression. If a (potential) newbie glances at a forum list of threads where close to half of the titles consist of this garbage, I suspect that the person would be much less likely to join or in fact ever return to FT. So in the long run I think it matters for FT, perhaps especially in the Info Desk forum which tends (by design) to attract newbies when they first land on FT.

BTW, I never before explored the View Forum Leaders link. In the past, whenever I wanted to check the list of current moderators, etc., I always tried to search for a couple threads that I know contained the magic link to the list: IIRC there was an old post by Randy in ORP and then a more recent one (here? in Community Buzz? TBT?) responding to the request for this.

Also BTW, it would be convenient if Ambassadors were added to the list.

It is likely the same one I described in post #46: http://www.flyertalk.com/forum/23748117-post46.html

At the end of the post is a 1x1 pixel image. Due to my proxy it always pops up as a broken img link, but otherwise you would not spot it. If you press the 'Quote' button on their post you will see it.

They always post 6 times (unless they're stopped), so they're not just building post count. The first post is edited to add the [-IMG] tags with the image URL. I would guess perhaps FT (or one of the other boards they also spam) does not allow posting images in their first post.

Perhaps if possible FT should not allow new users to post an image for 24 hours from joining.

I don't know what their motive is either.

EDIT: They're back again with the same link.
http://www.flyertalk.com/forum/members/bsqnellsxde.html

I guess they won't give up until they exhaust all the URL shortening services online. How many url shortening service sites are there? :(

Today they tried a different url shortening site (http://tw.gs/) but the "end destination" (financed e.com/ images/61.gif) remains the same. So, my question for the programmers, is it technically possible to "decode" the 2-layer mockup hyperlinks so our system can outsmart the spammers and block whatever links they make up?

So spammers do have weekends as well. He's back from his weekend break: http://www.flyertalk.com/forum/members/bxqlsigelsq.html :rolleyes:

(I don't know what site/link he's using this time since I just spot him before his jpg edit but pretty sure it's him since he simply used "borrowed" lines from previous posts, such as this one & this one about Travelex.)

Just a reminder that discussing a spammer in this thread (in an unmoderated forum, even) alone is insufficient - it doesn't bring the spammer to the attention of the moderators; someone still should use the "Alert a moderator to this post" radio button so the spammer and product can be evicted.

JDiver
Senior Moderator

Don't know about others but both nux and I did and do:

I can tell you that the two things MOST helpful for what I can do on my end are:

1. List the usernames of the spam accounts
2. List the links that the spam accounts are posting/editing into their posts

1. http://www.flyertalk.com/forum/membe...fovicksvk.html
2. http://...........

Sigh. So today he's using a Korean url shortening service site, http://2u.lc/, for his daily "attack" routine.

If IB is only blacklisting one link at a time, I guess his 2-layer spam strategy can go on and on and on and on for quite sometime.

Back again, using a different url shortening site, http://is.gd/. I noticed him when he first registered yesterday but he waited for about a day before he made his "official"spam attack :

1. profile link: http://www.flyertalk.com/forum/members/gjfmvallan.html
2. jpg link: http://.............
3. http://elifeinsurance web.com/11f.jpg (this is the link identified via is.gd spam report)

I also noticed their spam policy on is.gd:
I don't know how successful they are doing this, but if they can implement this "redirection prevention measure" on spam abuse, can FT achieve something similar?

He's back AGAIN!
 

Profile link: http://www.flyertalk.com/forum/members/grdxribeiro.html

jpg link: http://goo.gl/...... (mockup link for http://financed e.com/images/61.gif). He's abusing Google this time around. Sigh!

The clown is a regular "Five O'Clock Charlie", as persistent as a hungry tsetse fly. I wish there was a way to swat him, but it's hard to see how. My motto for these things is "Illegitimi non carborundum." :D

Back in another name:

http://www.flyertalk.com/forum/membe...lemariecj.html

Same google link: http://goo.gl/...... (I guess admin hasn't found time to blacklist that google link from the weekend yet. I also reported this spam to Google. We'll see how Google handles this.)

Is that a M*A*S*H reference? ;)

Banned the new url and 2 IP addresses.

Back again: http://www.flyertalk.com/forum/members/jscgillissw.html
URL is: http://...............

Got em.

One more comeback of this never-ending cat & mouse game:

Profile link: http://www.flyertalk.com/forum/members/benhengga.html
jpg link using a Chinese URL shorterner this time: http://............

Sigh!

And another: http://www.flyertalk.com/forum/members/tetomatyeop.html
Same URL as above.

Please report such posts immediately to alert a moderator. Posting in this un-monitored thread will not help anyone... @:-)

Exactly!

There are four of us spread across ten time zones or so, but Admin only can be here workday office hours US Pacific PST / PDT.

Documenting is good for Admin, but using the "Alert a moderator to this post" is likely to garner more rapid actions to quell the spam.