Addressing the Spam Plague
**UPDATE** 10:38 PM
Al has responded to your queries here.
Also, I've spent the last few hours reviewing all TPM abuse emails for the month of May - double-checking ones I've already been over - just to make sure. You may be pleased to know that I was able to ban 11 IP addresses of seriously-repeat offenders!
Again, thanks for keeping us on our toes, and keep reporting spam as abuse. We'll stay on top of it.
----
Hi all,
I originally posted the comment below here on barefooted's blog in response to the issue of spam on TPM and TPMCafe. I thought it might be useful or of interest to some while I work on getting the ever-busy Al and Andrew to post something more detailed of their own!
--
I'm Versha, the Cafe intern. I don't have quite the coding or web
knowledge that Al or Andrew do but I can tell you that one of my daily
tasks is to kill all the spam I find - or Al finds, or Andrew finds,
etc. Unfortunately, it pops up almost as quickly as I delete it.
The other problem is that we can only ban IP addresses when the
user/spammer leaves a comment. With the current system we have, we
cannot track or ban IP address via blog posts. Please do trust me when
I say we're working to come up with something!
And yes, staff is low on the weekends, I'm sorry to say!
---
Thanks everyone. Keep keeping us on our toes. :)
Thanks for the update Versha. Is it best for us to keep emailing whenever it pops up?
June 3, 2009 8:22 PM | Reply | Permalink
No problem, thank you! And yes, as Al states here, while the TPM web geniuses work on a fix, please keep emailing whenever it pops up.
June 3, 2009 10:45 PM | Reply | Permalink
Second that. I know that you and other staff are likely quite busy. There is not a straightforward way to report abuses such creation of spam blogs. I have sent info to the general "comments and info" address. Is that the appropriate thing to do?
I would recommend that the staff contact either the sixapart support folks, or the six apart professional network http://www.sixapart.com/pronet/
What we are dealing with is spam blog creation more than spam comments. That is a challenging spam block and I don't think that most spam systems address that problem.
June 3, 2009 8:35 PM | Reply | Permalink
Perhaps there could be a "Report Spam" button added at the bottom of each post, like the "Report Abuse" button at the bottom of each comment?
June 3, 2009 8:54 PM | Reply | Permalink
Hi Rowan, thanks very much for your suggestions. Sending it to the general tipline as well as reporting it as abuse are both effective ways to notify us of the problem.
Also, I'd recommend you read Al's response here.
June 3, 2009 10:47 PM | Reply | Permalink
On a community site, spam is always an issue. A significant number of TPM members seem to think it is a problem here. Effectively controlling spam on a large website, that allows third-parties to post content must be a community effort to be effective. Users need to ride the fence-lines, constantly looking for breeches in it, and then contact TPM Admin.
It's not that hard or time-consuming. Whenever you believe you've encountered spam at TPM:
1: Copy the page address from the address bar in your browser;
2: Go to the very last link on every TPM page at the bottom left: "Report Abuse", and double-click it;
3: This will open up an email window on your computer, with the proper email recipient and email subject content already properly entered;
4: Simply type "SPAM" hit enter twice; then paste the URL to the spam page, that you copied in step 1.
5: Send email.
It takes less than 1 minute to do this.
June 3, 2009 9:03 PM | Reply | Permalink
Thanks for this solution PCA!
June 3, 2009 9:29 PM | Reply | Permalink
I've only recently noticed the blanket spam; 12 or 13 posts in a row. Sometimes more. I clicked on "all reader blogs" at the end, and it took me to a pharmacy site selling all kinds of pills.
So perhaps it's only my perception that it's gotten worse. But it does seem like a massive onslaught of spam, one spam post after the next is occurring.
Will take your advice.
June 3, 2009 10:18 PM | Reply | Permalink
When one TPM user blanket spams the site; Goto to the User's profile page, and then follow my Report Abuse advice above. That way, you let TPM Admin know that the user is a multiple spammer.
June 3, 2009 10:20 PM | Reply | Permalink
I tried that with the Viagra dude. The profile page barely began to load before I was re-directed to the pharmacy site. That's what bothers me the most. Suppose the site I was thrown to contained a virus?
June 3, 2009 10:38 PM | Reply | Permalink
The "virus" threat is a legit concern. Also NSFW pages could get someone in trouble with their boss, etc.
If the page redirects before you can capture the URL from your address bar, just get the URL from the link which took you to the page in the first place. I found that I could Stop the page loading just before the redirect. So that made it easy to check the page source code etc.
The Report Abuse link is just an email link to the regular tips/comments email address.
talk(at)talkingpointsmemo(dot)com
is a suitable address, with Subjet line: Abuse Report ... or similar.
June 4, 2009 12:41 AM | Reply | Permalink
Whack-a-mole is a hard job. Here's hoping the automation works out well for you.
June 4, 2009 7:43 PM | Reply | Permalink
Thanks!
June 3, 2009 10:48 PM | Reply | Permalink
You're welcome Versha. There is a problem that needs to be discussed with TPM's geeks though. Maybe you can relay it.
They need to come up with a method that will strip away any javascript content that a member posts in their blog entries. This is why some spam posts get redirected. I've seen several other site hacks enabled through javascript published in blog posts too.
As always, TP has a valid email pointer for contacting me, and I am more than willing to elaborate on this or anything else if messaged by TPM staff.
June 4, 2009 1:47 AM | Reply | Permalink
Thank you for responding, Versha, and for your efforts to get Al and/or Andrew involved with us as well. I am sorry that my post was in the process of having consumed it's 24 hours when you made your comment.
> The other problem is that we can only ban IP addresses when the
user/spammer leaves a comment. With the current system we have, we
cannot track or ban IP address via blog posts. Please do trust me when
I say we're working to come up with something!
There were several suggestions mentioned by folks far brighter in these areas than I'll ever hope to be - have any of them been considered by the system administrators? It frankly seems odd to me that a site such as TPM has not developed or implimented a process by which to effectively deal with spam blogs.
If I may suggest, please consider keeping us appraised of the progress regarding this problem. As was also mentioned - there is a possibility that with the re-direct capabilities of this new version of spam member computers could be compromised.
Again, thank you for taking the time to follow up on this to the best of your ability. It's appreciated.
June 3, 2009 10:34 PM | Reply | Permalink
Hi barefooted, in response to your comment above, if you're being redirected when you go to a person's userpage, I would recommend avoiding it. Simply 'report abuse' on their post or comment, and we'll be sure to keep a close watch.
Al has now commented on your post as well, which you may or may not have seen yet!
Thanks for bringing the seriousness of the problem to our attention - we need to be called on whenever we're not interacting with the loyal reader community enough - so you're appreciated as well. :)
June 3, 2009 10:51 PM | Reply | Permalink
;) I'd recommend avoiding it, too.
June 4, 2009 12:59 AM | Reply | Permalink
I think FireFox warns you if you are being redirected. Rule of Thumb : if you're being redirect unexpectedly and you don't know why ... back out ... you may not want to got there.
June 4, 2009 12:06 PM | Reply | Permalink
I don't run an OS that is vulnerable to these cross-site attacks; but I'm pretty sure modern browsers running on the vulnerable OS can be configured to not expose your computer to these attacks.
June 4, 2009 7:49 PM | Reply | Permalink
thanks for staying on top of it, Versha.
June 3, 2009 11:29 PM | Reply | Permalink
Is it possible to have a place to just one click "spam" like the report abuse link that will just automatically let you know about a spam post?
June 4, 2009 1:41 AM | Reply | Permalink
That might actually make things a bit easier on you, Versha. I can only imagine that at least within the Cafe, most serious abuse reports are regarding spam. If separated from the other posts and comments that are considered abusive by members, would it not be easier to deal with them?
June 4, 2009 3:04 AM | Reply | Permalink
Is there a way to monitor the new "members". It would seem possible to get them as they come because they have to make a profile first and then blog. If you delete the spammers, they have to start over. Are there that many new members that this would be difficult.
PS - I know nothing about computers, so please do not be offended if this is painfully obvious. I'm really just trying to help.
June 4, 2009 3:37 AM | Reply | Permalink
Hi Gregor, we have actually disabled new registrations temporarily until we can get a firmer handle on the spammers' techniques. This should keep us in the clear for the time being. Of course, we'll try to open registration up again as soon as we can. -Al
June 4, 2009 8:52 AM | Reply | Permalink
Al, some sort of PHP html cleaner routine that just stripped everything out between
<script and </script>
inclusive, would probably knock out the majority of problems in spam blog posts.
June 4, 2009 9:26 AM | Reply | Permalink
There's this niffy little thing called "proxy". You can use proxy to mask your location with a server in the area you wish to be. For instance, US military overseas can use a proxy IP address in their local home town and by all practical purposes, it looks as if they really are in the town. It works great if you want to view current television that is restricted to the continental US. In other words it could be quite difficult to nail down who is where and where is who. Perfect for a spammer to hide in plain sight.
June 4, 2009 12:02 PM | Reply | Permalink
They want to sell something, right? Everybody should respond to them, endlessly. Unless their entire system is computerized, I would think somebody at their work sites will have to use human time to process any responses. Just respond and respond, but don't buy anything.
June 4, 2009 8:11 AM | Reply | Permalink
If you respond be sure to make an alias handle for that specific purpose. Otherwise, you'll find yourself on the receiving end of more spam than you could ever dream of. You'd be surprised how fast that alias handle will get passed around to other spammers and how quick your mailbox will fill up.
June 4, 2009 11:56 AM | Reply | Permalink
Maybe one of TPM's computer wizzards could set up a computer to send them billions of responses. Send a few thousand a second 24 hours a day.
These peoples basic personality is similar to the grade school bully. You have to hit a bully back.
June 4, 2009 8:28 AM | Reply | Permalink
Versha, what a gorgeous woman you are. I hope you won’t mind me saying that whenever I read your posts, I first have to get pass appreciating your stunning beauty and then appreciate how incredibly smart you are to boot! Always nice to read your posts!
June 4, 2009 9:49 AM | Reply | Permalink
Cut it out! I can hear you panting and my speakers aren't hooked up!
June 4, 2009 11:33 AM | Reply | Permalink
My apologies...But the girl is a knockout!
June 4, 2009 1:46 PM | Reply | Permalink
LOL. Thank you. I'm equally amused and flattered! :)
June 4, 2009 9:01 PM | Reply | Permalink
You look exactly like a young girl friend of my son. She is a great girl, but trouble, trouble, trouble.
June 4, 2009 9:37 PM | Reply | Permalink
Well the internet is definitely not a superhighway. It's called the web simply because there isn't any coherent pattern to its makeup - just like a spider's web. A person can hide very easily inside the web. That's why those people who bring us those nifty viruses and trojans are rarely, if ever, caught - it's nearly impossible to track them down unless "they" make a mistake that points directly at them. Spammers are in the same category. The problem with them is they have legitimate access which they can change their handles to suit their purposes. Unfortunately, the rest of us are tied to our handles which become the dumping grounds for all their spam. For instance, I have old handles that are no longer in use. If I were to activate one, the spam would flow like water flowing down a river even if I hadn't used that handle in a couple of years. So the real problem is not so much the spammer, but ourselves. Too bad Norton and the rest of those ill-conceived anti-virus businesses hadn't thought how to block spam by backtracking to the source. Just think how much bandwidth would be saved if the spam sources were identified and re-directed to honey pots that serve no useful purpose other than to receive and discard spam so the rest of us can enjoy ourselves on the net without the annoyance.
June 4, 2009 11:52 AM | Reply | Permalink
Thank you Versha for blogging about this issue. One of the best things about TPM is the active response from administration that happens around here. I hope you are able to resolve the problem quickly.
June 4, 2009 2:22 PM | Reply | Permalink
Would it help if there were a *report abuse* link on blogs? As it is possible to post a complaint only on comments.
June 4, 2009 4:27 PM | Reply | Permalink
Versha is cool.
June 4, 2009 5:57 PM | Reply | Permalink
I detest captcha. There aren't any of them that are easy to use, especially if you don't have 20/20 vision.
It seems to me that the effective solution to the problem described is to institute a 24-hour waiting period, coupled with an automated signup reply system. You have to answer the email to get an account and you have to wait 24 hours before posting. This system is annoying, also, but only once, not every time you use the site.
Spammers do not want to give out actual email addresses during signup, because then you can trace back to them. They also do not want to give you 24 hours in which to track them down.
Thanks.
mp
June 4, 2009 6:25 PM | Reply | Permalink