weird spam on the messageboards


Website Feedback

101 to 129 of 129 << first < prev | 1 | 2 | 3 | next > last >>

2 people marked this as a favorite.
UnArcaneElection wrote:
Steve Geddes wrote:

They'll just make a few posts along the lines of "Where can I buy this game?", "What's the strongest class?", "Which books should a newbie buy first?" get approved and then start making spam posts a week later with their approved account.

Meanwhile we get more spam - a whole bunch of genuine-sounding questions where the asker doesn't really care about the answer and the moderators have to address not only their concerns but also the legitimate new users (who are now deterred to some degree from coming here to ask questions).

Posts (especially initial ones) with questions like that should be redirected to an already-posted FAQ rather than blanked approval.

Which begins to impact on genuine users, and the moderators will now need to check the 'FAQ referred' accounts additional times, plus it involves a 'line' as to what kind of post is 'good enough to count' which is extra work for the moderators and at the end of the day the spammers will still jump through the necessary hoops (because it's their job).

An automated response is better (even though there will be annoying times like this weekend) - paizo can never compete with the hourly rate in wherever these posters are.


1 person marked this as a favorite.

Er, how would you enforce such a redirection system?


^Make the existing Messageboards thing for new users more prominent (includingdirecting new accounts to it), and have it include example common questions like that, and instructions to go to places to find the answers to these frequently asked questions and to use the Search function first before making new posts on these. Users who ignore these instructions get their posts ignored by the moderators.


are paizians doing something about it?

when i posted before in my native language (spanish) paizians took like 5 minutes to bring that post down... why are they leaving this dudes to post in another language? kinda ofensive


2 people marked this as a favorite.
Juda de Kerioth wrote:

are paizians doing something about it?

when i posted before in my native language (spanish) paizians took like 5 minutes to bring that post down... why are they leaving this dudes to post in another language? kinda ofensive

They do if they're viewing the messageboards - they don't have 24 hour surveillance of it though, so sometimes they'll stay up for several hours.

Having said that, it seems to me the staff are really good about visiting overnights and on weekends. It can't be a pleasant part of the job and having to log in just to delete a bunch of nonsense posts would be tedious.


1 person marked this as a favorite.

Oops, flagged one wrong, sorry.


1 person marked this as a favorite.
Pathfinder Maps, Pathfinder Accessories, Starfinder Society Subscriber; Pathfinder Roleplaying Game Superscriber

There was a foray into the RPG Superstar General Discussion board, but it looks as if it was a limited incursion.


1 person marked this as a favorite.

Okay I tried the last year method of going to the spammers profile and flagging but getting a message each time that I tried to go I got a page with this message

You have made too many requests for the same page too quickly.

Please wait a minute before trying again.

I can go to anyone else profile. Is this paizo's doing or have the found a method to make us go into each individual thread.

Edit: trying to flag can't keep up!!

Liberty's Edge

1 person marked this as a favorite.
Pathfinder Adventure Path, Rulebook, Starfinder Roleplaying Game Subscriber

They've also gotten around the spider block--I just did a google search of Paizo's site for a term common to all the spam I've seen, and got a little under 18000 hits.


1 person marked this as a favorite.

Break out the Hoppies #9 and put some cordite in the air, it is spammer hunting season again.

::shines up Bessy, his +5 Barrette 50 cal. of Spammer Bane::

Chalk up another few hundred for Ol' Bessy, see Bessy, you get to get all dressed up and go out somewhere nice, shiny!


Pathfinder Adventure, Adventure Path, Lost Omens, PF Special Edition, Starfinder Adventure Path Subscriber

I'm not sure what defenses you are using, but consider making use of external services designed for combating spam, such as the free StopForumSpam service. Usage details are here, but basically you submit the IP address, username, and email address of the person and it tells you if they've been recorded as a spammer (and there are some extra fields you can pass in to get a confidence score, among other things). Doing this on every post would likely be slow, but it could be done at registration time to outright block the spammer from signing up if there are enough hits for them (or possibly allow the registration just in case they're legit and want to purchase something from the webstore, but flag the account that they can't post on the forums until they either buy something or Customer Service clears the flag).

Liberty's Edge

1 person marked this as a favorite.
Pathfinder Adventure Path, Rulebook, Starfinder Roleplaying Game Subscriber

Looks like the mods have arrived for the day.


1 person marked this as a favorite.

Back up is here yay!!!


1 person marked this as a favorite.
Pathfinder Adventure Path, Lost Omens, Rulebook, Starfinder Roleplaying Game Subscriber
skizzerz wrote:
I'm not sure what defenses you are using, but consider making use of external services designed for combating spam, such as the free StopForumSpam service. Usage details are here, but basically you submit the IP address, username, and email address of the person and it tells you if they've been recorded as a spammer (and there are some extra fields you can pass in to get a confidence score, among other things). Doing this on every post would likely be slow, but it could be done at registration time to outright block the spammer from signing up if there are enough hits for them (or possibly allow the registration just in case they're legit and want to purchase something from the webstore, but flag the account that they can't post on the forums until they either buy something or Customer Service clears the flag).

Problems being: IP spoofing, botnets, and disposable email addresses. These are real people using botnets to hide their location and identity. Paizo have said that they don't particularly want to ban legitimate users by locking out IP addresses, and it won't help anyway, since they're using someone else's IP address.

The tech guys at Paizo know their stuff, and are good at adapting (unfortunately, so are the spammers). I'd love to see a ratio of successful: unsuccessful attempts, but I think it's safe to say that the laser will be recalibrated against this latest successful method, and the war will begin anew.


1 person marked this as a favorite.

Our services can be a bit expensive depending, but Proofpoint Inc. (my employer) deals with email and Internet security, including spam protection services. May be something to consider.

Me, I am gonna get me a 12 point buck spammer, WHOOO BOY!

Which is of course not to say that the Paizo web team isn't kicking arse and taking names, cause, clearly they are.

Liberty's Edge

1 person marked this as a favorite.
Pathfinder Adventure Path, Rulebook, Starfinder Roleplaying Game Subscriber

More of them incoming. Persistent little beggars, aren't they?


1 person marked this as a favorite.

Very much so, one could almost say obnoxiously so.


Pathfinder Adventure, Adventure Path, Lost Omens, PF Special Edition, Starfinder Adventure Path Subscriber
Chemlak wrote:
skizzerz wrote:
I'm not sure what defenses you are using, but consider making use of external services designed for combating spam, such as the free StopForumSpam service. Usage details are here, but basically you submit the IP address, username, and email address of the person and it tells you if they've been recorded as a spammer (and there are some extra fields you can pass in to get a confidence score, among other things). Doing this on every post would likely be slow, but it could be done at registration time to outright block the spammer from signing up if there are enough hits for them (or possibly allow the registration just in case they're legit and want to purchase something from the webstore, but flag the account that they can't post on the forums until they either buy something or Customer Service clears the flag).

Problems being: IP spoofing, botnets, and disposable email addresses. These are real people using botnets to hide their location and identity. Paizo have said that they don't particularly want to ban legitimate users by locking out IP addresses, and it won't help anyway, since they're using someone else's IP address.

The tech guys at Paizo know their stuff, and are good at adapting (unfortunately, so are the spammers). I'd love to see a ratio of successful: unsuccessful attempts, but I think it's safe to say that the laser will be recalibrated against this latest successful method, and the war will begin anew.

IP spoofing is not possible with a TCP connection (which HTTP(S) is) unless you have the ability to MITM the route between the legitimate owner of that IP and the paizo servers; this is not a capability that the vast majority of spammers/botnets have.

As for botnets, that's the entire point of this service. Botnets aren't so cheap/disposable as to only post one message from any individual IP address on any individual site; the same botnet IP will be posting thousands of spam messages across thousands of sites. Forums that integrate with StopForumSpam then report these IPs to the central service, and after enough reports the IP is listed as blacklisted so that all other consumers of the service can benefit from knowing that information without necessarily having been hit by that particular IP themselves (yet).

If an IP is listed as having 20+ hits for spam across multiple sites on the service, the chance of it being a legitimate user is very low. Even then, there are solutions that don't completely lock them out of the site, as I mentioned in my post. The account could be flagged as unable to post on the forum until they either make a purchase on the storefront or contact Customer Service via phone or email to have the restriction lifted. They could be told this in clear terms, and it is very easy for a legitimate user to have the block lifted while at the same time providing more effort/expense than spammers would be willing to go through in order to unflag hundreds of accounts. Alternatively, if an IP/email/username combo is listed with enough hits, additional heuristical algorithms can be applied to the message that have a higher false-positive rate (and therefore couldn't be applied across-the-board) and block the post if those heuristics match.

The likelihood of these being real people actually posting the spam is exceedingly low. What is far more likely is that real people have figured out how to bypass the spam protection measures currently in place, and then applied that programatically to their own scripts or to commercial spamming software such as XRumer so that the bots can spam on their own.

While I'm sure the Tech Team knows their stuff, the war on spam is being fought everywhere. Attempting to fight it solo is always a losing proposition, while banding together with other sites (such as via this service) provides a larger net benefit for everyone.

Technology Manager

3 people marked this as a favorite.

I have the team in office today, so right at the top of our priority list is figuring out how they are bypassing the filters. Bear with us while we modulate the shields.


1 person marked this as a favorite.

Fracking borg spammers, quit adapting to Paizo's modulating, bad cyborg monsters, NO! Don't make me get the rolled up newspaper, I will use the Wall Street Journal, I mean it!

Liberty's Edge

3 people marked this as a favorite.
Pathfinder Adventure Path, Rulebook, Starfinder Roleplaying Game Subscriber
GM_Beernorg wrote:
Fracking borg spammers, quit adapting to Paizo's modulating, bad cyborg monsters, NO! Don't make me get the rolled up newspaper, I will use the Wall Street Journal, I mean it!

I have a better idea.


3 people marked this as a favorite.

I'm wondering which baby name site they're using to generate these real-seeming names.

I've stolen a few for evil NPCs.


1 person marked this as a favorite.
Pathfinder Pathfinder Accessories Subscriber; Pathfinder Roleplaying Game Superscriber
Cort Odekirk wrote:
I have the team in office today, so right at the top of our priority list is figuring out how they are bypassing the filters. Bear with us while we modulate the shields.

Switch all power to front deflector shields.

Liberty's Edge

Pathfinder Adventure Path, Rulebook, Starfinder Roleplaying Game Subscriber
skizzerz wrote:

<...>

If an IP is listed as having 20+ hits for spam across multiple sites on the service, the chance of it being a legitimate user is very low. Even then, there are solutions that don't completely lock them out of the site, as I mentioned in my post. The account could be flagged as unable to post on the forum until they either make a purchase on the storefront or contact Customer Service via phone or email to have the restriction lifted.

The other thing is that as a legitimate user, if I get a bounce notice from Paizo because of spam originating from my IP address I'm going to scrub every machine on the home network. I don't think any of them are compromised, but one never knows.

Technology Manager

1 person marked this as a favorite.
John Woodford wrote:
skizzerz wrote:

<...>

If an IP is listed as having 20+ hits for spam across multiple sites on the service, the chance of it being a legitimate user is very low. Even then, there are solutions that don't completely lock them out of the site, as I mentioned in my post. The account could be flagged as unable to post on the forum until they either make a purchase on the storefront or contact Customer Service via phone or email to have the restriction lifted.
The other thing is that as a legitimate user, if I get a bounce notice from Paizo because of spam originating from my IP address I'm going to scrub every machine on the home network. I don't think any of them are compromised, but one never knows.

One thing to keep in mind with blocking IPs is that numerous people can be focused through a single IP (many ISPs have many of their internal users broadcast externally from the same IP). So if we block an IP because a single user has been compromised into a botnet component, we are also blocking by proxy all the other users who may share that IP via their ISP.

I'm not saying we don't block IPs, we do when it's necessary, but it's not our first course of action as we want to avoid collateral damage.

Technology Manager

9 people marked this as a favorite.

Backlog of messages from the week end should be gone now and the message boards redolent with the scent of PineSol. We continue to tune the laser and are seeing some successes but I don't want to declare the battle won at this point. More when I have it.


3 people marked this as a favorite.

You, and the entire tech team have my appreciation for the job you're doing. :-)

Liberty's Edge

Hear hear!

Community & Digital Content Director

3 people marked this as a favorite.

Some answers to these questions:

  • We don't plan on eliminating special characters from avatar names.
  • We don't plan on implementing a feature that automatically hooks into any FAQ options.
  • We don't have plans to implement a third-party service into our forum software.
  • Moderating the first few posts of any new user in some sort of automatic queue would be unrealistic to add to our current workload, and is unlikely to happen.
  • Our heuristics for isolating these accounts are sophisticated enough that flagging their accounts isn't necessary. Don't feel like you must be on guard to flag their posts.
  • Please do not post references to their usernames, the URLs, or translations. This is exactly what the spammers want.
  • We won't be revealing specific tactics that Paizo implements for eliminating spammers publicly (that just gives them and other potential baddies a way in).
We had a significantly long thread detailing some of the finer points of the spammers from last year. For now, I'm closing this so the tech team can rally for solutions and respond when they're ready to.

101 to 129 of 129 << first < prev | 1 | 2 | 3 | next > last >>
Community / Forums / Paizo / Website Feedback / weird spam on the messageboards All Messageboards