LQ Suggestions & FeedbackDo you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
In a two month period, one user made 15 posts. Almost all of them consisted of a plagiarized post body followed by a spam sig. He was not detected until now. This post is about how it happened.
Background
Our Culture
Our forum's culture has two aspects that facilitated this abuse of our facilities:
As you all know, we are a vibrant international community that gets many new users every day. We are used to seeing new users who do not have a perfect grasp of either English or of forum usage. The regulars have (appropriately) adopted a tolerant attitude towards posts that may not be in perfect English, or which may contain other mistakes.
While the rules do prohibit advertising, the forum has taken measures to make ads in sigs ineffective. Specifically, sigs are not crawlable. As well, they are not seen by users who are not logged in, and can be turned off by users who are. Confident in these measures, the forum moderators have started to largely tolerate ads that a) only appear in sigs, b) aren't for material that violates forum rules, and c) aren't visually obnoxious.
Spammer Culture
During the past week, I got 3-4 spammers banned. (Not including the spammer in question). Their post bodies have consisted of text plagiarized from other websites. Not just any text: the text always contained enough keywords to look like a legitimate part of the thread. In all cases, they changed certain words in the plagiarized text into their synonyms, to make the plagiarism harder to detect with search engines. The effect, usually, is that they looked like new users who were participating in earnest, had problems with their English, and just happened to have ads in their sig. The posts usually appeared to be on-topic.
Here is an example. It should show you just how difficult this activity can be to detect.
What Happened
What The Spammer Did
Between Jan 27 and March 15, the user moremendas01 made 15 posts. Most were plagiarized. All of them contained a sig with three spam links. A couple of these posts were generated by plagiarizing text from other websites (those are gone now). One was plagiarized from elsewhere on this site. Most, however, were simply plagiarized from earlier posts in the same thread. In all cases, he changed a few words of the plagiarized text to avoid detection.
No-one, apparently, noticed that he was plagiarizing. If the thread's participants noticed that he had plagiarized them, they kept their knowledge to themselves.
He had a low post count. His English was less than perfect, including odd word choices caused by his substitutions. His posts contained the right keywords for the thread and appeared to be on topic. Therefore, he looked like a new user who was struggling with English but nevertheless trying to participate.
Our Initial Response
Initially, this forum's response was to edit the spam sig out of the posts that specifically got reported. Sometimes, the editing was accompanied by a note to contact LQ about advertising opportunities.
He appeared to be participating, and why would we want to lose a participating user over something as trivial as a signature? When he continued to make more posts with the same spam sig, nothing was done to stop him.
Escalation
On March 15, he edited the posts that the mods removed the spam sig from. He reversed the mod edits and put the spam sig back. I reported him for this, and he was suspended. Here is one of the posts in question.
I also reported his other posts for containing advertising in their sigs, in violation of LQ's rules. In reply, I received a PM from Tinkster pointing out that LQ has taken measures to protect itself against sig spammers and that therefore sig spamming, by itself, is not grounds for a report.
Further Discoveries
When moremendas01 was suspended, Archtoad googled one of his posts and discovered that it was plagiarized from another forum. I went to that forum and found another post that was identical to a different moremendas01 post. I reported my findings. By now, we were aware that two of moremendas's posts were plagiarized. The two posts were removed. However, the temporary ban was not made permanent.
And The Kicker
This morning, moremendas01's suspension expired. I looked through his history and was able to prove that almost every one of his posts were plagiarized. I reported them, and provided links to the sources that he plagiarized from.
So What Happened?
As of this writing, the spammer, who has only ever pretended to participate, and who has posted almost nothing but plagiarism, has not been banned. His sig remains in his profile, and 13 of his posts remain in the forum, most still containing the spam links.
I did receive this follow-up from Onebuck. I read it as "we're not going to take this seriously because he hasn't logged in for ten days."
Why I Am Telling You This
In my opinion, this spammer has proven that we need a tougher spam policy. Although he made 15 plagiarized spam posts in two months, no-one noticed that he was plagiarizing. Because no-one noticed that he was plagiarizing, we tolerated his spam sig. And when presented with proof of how he'd deceived and exploited us in almost every single one of his posts, we told ourselves that he had finished with us and we decided to let him go.
What We Should Do
What we need to realize is that people who post spam are probably here to spam. This is true whether the spam payload is in their post body or their sig.
Under The Current Policies
Therefore, if you see a post containng a spam sig, here's what you should do.
First, if it's a follow-up, check if it's a legitimate follow-up based on was was previously said in the thread! If it's a non-sequitur in context, then the user is not here to participate but to spam.
Whether or not it appears to be a legitimate follow-up, do a text search on parts of the post. Remember that spambots usually paste in text from other sources and then change certain keywords to cover their tracks. You might be able to prove that the post was plagiarized.
Then, do the same with every post in that user's history. The longer you allow the spammer to continue, the more difficult this will be.
If, after being investigated, the user still appears to be legitimately participating, you can conclude that he's a legitimate user who just happens to have ads in his sig. But only then.
How I Recommend Changing The Policies
Personally, I recommend disallowing ads in sigs altogether and then being vigilant about enforcing that policy. If we had this policy in place, then moremendas01 wouldn't have been here in the first place.
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,597
Rep:
First, thanks for both the feedback and in-depth analysis. We do have slightly looser rules for .sigs than we do for the content of posts, for a variety of reasons including the ones you note. I would agree that the behavior you have outlined above is absolutely not acceptable and will not be tolerated here at LQ. The member has been permanently banned. While we do not have plans to make the rules for .sigs stricter at this time do note that the pattern of behavior above *is* something you should report. Unfortunately, your conclusion that "disallowing ads" is .sigs would cut down on this behavior has proven untrue and would have a negative impact on legitimate members while having nearly no impact on spammers.
To elaborate: the spammer was already banned on 15/03/2011, rendering the "As of this writing, the spammer, (..), has not been banned. (..) This morning, moremendas01's suspension expired." statements incorrect.
Quote:
Originally Posted by dugan
we need a tougher spam policy.
I think we don't. Those of us who've been here quite a while have developed a good sense for sniffing out spam. That's not the problem IMO. The problem is a lack of eyeballs. So I'd urge everyone who thinks a post is spam to report it, preferably accompanied by any findings of your own. The "extra" work isn't the problem as it comes with the territory: I'd rather dismiss tens of posts than let a spammer through. I'd also urge you not to judge the status quo of LQ spam handling by one incident though a heightened sense of vigilance among more LQ members would definitely help enforce the current policy more efficiently.
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,195
Rep:
Quote:
Originally Posted by TobiSGD
Sorry, but I don't understand that. Please be so kind and explain to me why stricter rules regarding spam in sigs would affect legitimate members.
+1
Rules for sigs regarding advertising could be a lot stricter without harming legit users.
Can someone give some background on this spamming? Is this a bot? 15 messages is not much on a forum like this, I think there are several hundreds of posts a day. And this forum is highly specialized, what yield would a spammer expect? Why it is worth it? Sending out 1 million mails a day I can imagine, but this...
Something else amazing. I know there is some kind of correlation about who answers to which topic. I find myself often in the same threads as say, Jefro, AnishaKaul, Archtoad6, Corp796, T0kira, etc. But I am puzzeled that I posted in 5 (could be as well 4) of the 15 threads moremendas01 did that as well. I know this because every time Dugan posted in such a thread to complain about the spammer's behaviour I received a notification. I think that is quite coincidental, given the total amount of daily posts, my number of posts being nothing exceptional, really. (I was always extremely bad in statistics at school!)
Sorry, but I don't understand that. Please be so kind and explain to me why stricter rules regarding spam in sigs would affect legitimate members.
e.g. Dugan's sig. which contains a pointer towards his own website. That's also an advertisement, but we are not frowning on him since that website is very helpful and he is a legitimate member so we don't doubt his intentions. Now if you totally disallow links in sig.s we'll be deprived of the useful links in the sigs. of various members, IMO
Last edited by Aquarius_Girl; 03-26-2011 at 10:02 PM.
Reason: added missing words
e.g. Dugan's sig. which contains a pointer towards his own website. That's also an advertisement, but we are not frowning on him since that website is very helpful and he is a legitimate member so we don't doubt his intentions. Now if you totally disallow sig.s we'll be deprived of the useful links in the sigs. of various members, IMO
I wouldn't consider those links spam (the same applies to the links in my sig), because they don't link to a commercial side. He don't want to sell me anything. Therefore I also wouldn't consider that as advertisement. I don't want to get rid of sigs or links in sigs generally, but to handle (real) spam in sigs stricter.
I would do it simple as that:
1. A member reports spam in a sig to a moderator.
2. The moderator checks the sig. If it is not spam, nothing is to be done. If it is spam go along with 3.
3. The moderator informs the spamming member to remove the spam and disables his account from further posting.
4. If the spammer removes the spam and informs the moderator about it, the restriction will be removed.
5. If the spammer changes his sig back to spam the member should be warned and/or banned.
6. Repeated abuse should end in a perma-ban.
This way a legitimate member will not be affected at all.
1. A member reports spam in a sig to a moderator.
2. The moderator checks the sig. If it is not spam, nothing is to be done. If it is spam go along with 3.
3. The moderator informs the spamming member to remove the spam and disables his account from further posting.
4. If the spammer removes the spam and informs the moderator about it, the restriction will be removed.
5. If the spammer changes his sig back to spam the member should be warned and/or banned.
6. Repeated abuse should end in a perma-ban.
But that's what is exactly happening, I have reported several such members,
and found mods themselves removing their sigs totally, and also many times
banning the person in the first time it self. Othertimes the mods say that sigs
are not visible in you don't login, and many members have disabled can disable visibility of other's sigs too, so ads in sigs. are not too harmful.
Of course there can be some rare cases which mods have missed but
usually I have found them on dot.
Last edited by Aquarius_Girl; 03-26-2011 at 10:50 PM.
Reason: correction pointed by Tobi
If that is what exactly is happening, this thread wouldn't exist. It doesn't help to remove the spam from one post, as it seems actually to be done, when the spammer doesn't remove the spam from his sig.
Quote:
many members have disabled visibility of other's sigs
Are there any statistics about that? Most members with a somewhat higher post-count have a sig, so why should they disable other's sigs?
Quote:
sigs are not visible in you don't login
Doesn't make sense to me to not log in when I visit LQ, since I have to login when I want to answer to a post. Therefore I have auto-login enabled.
Of course it is up to us members to report spam when we see it, but I stand to the position that it should be handled stricter.
That was a WRONG statement from my side, I should have said, that members have the option to disable the visibility of other's sigs. I will correct my above post.
Quote:
Originally Posted by TobiSGD
Doesn't make sense to me to not log in when I visit LQ, since I have to login when I want to answer to a post. Therefore I have auto-login enabled.
I was talking about the actual guests, they can't see the sigs.
Quote:
Originally Posted by TobiSGD
If that is what exactly is happening, this thread wouldn't exist. It doesn't help to remove the spam from one post, as it seems actually to be done, when the spammer doesn't remove the spam from his sig.
I know that and have discussed the same with XavierP, he told me all about the guests can't see sigs and members can disable them etc.
Last edited by Aquarius_Girl; 03-26-2011 at 10:50 PM.
I wouldn't consider those links spam ......, because they don't link to a commercial side.
The LQ rules say that advertisement is not permitted. so irrespective of the fact that Dugan doesn't want to sell anything, he is still advertising his own site in his sig.
The LQ rules say that advertisement is not permitted. so irrespective of the fact that Dugan doesn't want to sell anything, he is still advertising his own site in his sig.
OK, then I have to remove the links to Slackware and XFCE from my sig to comply with the rules.
OK, then I have to remove the links to Slackware and XFCE from my sig to comply with the rules.
Don't do that, we need those links That's the reason I think the root said that if he forces the strict rules, the legitimate members would be effected. I am not very sure if that is the reason, I am just guessing.
To elaborate: the spammer was already banned on 15/03/2011, rendering the "As of this writing, the spammer, (..), has not been banned. (..) This morning, moremendas01's suspension expired." statements incorrect.
That's not what his "last activity" box said! It was blank at the time that I made the OP. On March 23rd, which was one day after I reported him for having edited his posts to reverse mod edits, the box said "banned until March 24, 8am. Do not reverse mod edits of your posts." It was also blank when I reported him for that.
It's clear to me that when his status was to changed to "banned forever", the date next to it was not changed with it. March 15 was not the date he was banned. It was the date that he last logged in and edited his signature back into the posts they were edited out of.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.