Always Thinking ... Re: The Spammers

[Darrius Gothly]

So once again the Spammer-Bots are attacking, and they've pushed the real threads waaaaaaay down the list (which is annoying). And I'm thinking, there's got to be a way to stop these scumbags from dumping their feces all over our Forums. So I pull up the profiles for the two "New Members" that are in actuality the spam-bots and something strikes me. Look at these two profiles and notice the section I've highlighted:

Notice how they have created their accounts and within seconds of creation they are creating new threads left and right? Why are NEW accounts allowed to create more than one thread on the same day the account is created? Isn't there some sort of knob that can be tweaked that throttles the number of new threads or the number of posts that new accounts can create?

Please Forum Managers .. find and adjust that knob. And if one doesn't exist, contact the Lithium people and have them BUILD one for you. Because the daily assault of the spammers is just ... well .. it's really embarassing that they can't be stopped. Honestly.

[Freya Mokusei]

There are no constraints placed upon new SL accounts, either here or in-world. So far as I'm aware, there never have been - the only thing that could come close would be the inclusion of Lithium's Rank system into the SLF.

Lithium has particularly advanced controls for user posts and content, as well as posting permissions (though how much of this was broken by LL in-order to accomplish instant registration and single-sign-in, I don't know). The only control that LL use is a HTML parser/regex system, auto-substitution for emoticons/URIs and a word-based filter for specific phrases.

In-world, this is a part of the way LL believes new/free/basic users should be treated. I don't know if the rationale for this extends to the forums.

[Tex Monday]

It's funny you say that.I was thinking that I was impressed they were now using 3 different accounts to create these mulitiple threads rather than just one. I guess they're thinking that it'll take LL a bit longer to delete them and they can have more time to create more.

It is kind of sad that the posters haven't figured out that they're wasting their time. I'm sure they get no responses from these threads and they get deleted (eventually)and banned by LL anyway.

I hope they at least get paid by the thread...:matte-motes-sunglasses-3:

EDITED TO ADD: It's actually not bad today...I've seen it go as far as 7 pages down. Right now (12:00 EST), It's only 3 pages

[Griffin Ceawlin]

It has been suggested before that new forum registrants should be somehow "throttled" from creating many new threads in a short period of time.

Besides LL not considering suggestions given here (or anywhere else), there are some forum users who see/saw it as "stifling creativity".

[Darrius Gothly]

Years ago .. in a galaxy etc. etc. ... I was one of the founding/managing people on an adult website that drew its income from credit card purchases of "Adult Services". What killed us was the cost of the chargebacks. Guys would book time, get their "service" then call the credit card company and dispute the charge. Since we'd already paid the "Service Providers", the entire chargeback fee came out of our portion of the proceeds. Of course the customer went on a blacklist and was never allowed to purchase a service again, but as the fee increased above and beyond what we made on each sale, we realized our business model was unworkable.

So maybe we need to get a Hacker Group (like Anonymous or someone similar) that has access to the tons of fraudulent credit cards floating around on pirate websites, to contact these people in the spam ads then make bookings using the stolen cards. The actual money makers will instead get bilked out of tons of money as the credit card companies charge back all those bogus transactions PLUS FEES .. and before long the spammers will realize their ads are COSTING them money not making them money.

It's just an idea. Like I said, I'm always thinking. (Except when the meds kick in .. and then it's just a delightfully placid shade of purple haze floating through the ... whatever .. you get the idea.)

[Darrius Gothly]

---

Griffin Ceawlin wrote:

It has been suggested before that new forum registrants should be somehow "throttled" from creating many new threads in a short period of time.

Besides LL not considering suggestions given here (or anywhere else), there are some forum users who see/saw it as "stifling creativity".

---

And this is the real sad part of the whole escapade. Suggestions such as mine, as well as many others that have far more experience/expertise/knowledge/skills, are discarded out of hand without so much as a moment's consideration. Really, if one were able to make a dime off each suggestion tossed aside by LL, that someone would be one RICH mother .... (I left off the rest because it would just be bleeped anyway).

[jujmental]

---

Freya Mokusei wrote:

how much of this was broken by LL in-order to accomplish instant registration and single-sign-in, I don't know

---

On the charge of mistakenly believing there is a single sign-in: GUILTY

Obiter Dicta: There are at least three different sets of verification databases; you sign in separately to the forums, the profile feeds and inworld. A considerable amount of the corruption that has been observed in the feeds is almost certainly because of poor maintenance of multiple identity databases which have got out of synch.

With regard to the principal topic, Lithium appear to be serving out the basic contract to which they are committed without making any attempt to enhance the basic facilities which LL has purchased, presumably because the latter don't want to pay any more - hence the absence of sophisticated spam protocols and the intermittent and inefficient moderator removal of spam.

The Judge

[Darrius Gothly]

---

jujmental wrote:

On the charge of mistakenly believing there is a single sign-in:

GUILTY

Obiter Dicta: There are at least

three different sets of verification databases

; you sign in separately to the forums, the profile feeds and inworld. A considerable amount of the corruption that has been observed in the feeds is almost certainly because of poor maintenance of multiple identity databases which have got out of synch.

With regard to the principal topic, Lithium appear to be serving out the basic contract to which they are committed without making any attempt to enhance the basic facilities which LL has purchased, presumably because the latter don't want to pay any more - hence the absence of sophisticated spam protocols and the intermittent and inefficient moderator removal of spam.

The Judge

---

(boldface highlight is mine) Slight detour, but it's my thread so I'm allowed:

Are you sure there are three separate databases? I realize there are three separate Cookies that are created by the various log in processes. But my perception is that they are all pulling account data from the same database. Not sure about the Feeds though as I seldom (if ever) look at them or the messages they generate.

Out of curiosity, what evidence are you using to arrive at the conclusion of "three different ... databases"?

[jujmental]

---

Darrius Gothly wrote:

Out of curiosity, what evidence are you using to arrive at the conclusion of "three different ... databases"?

---

Apart from the necessity to sign in separately for each of the three functions, even though you may be already signed in to the others, you mean?

Also, it's extremely unlikely that LL would allow Lithium direct access to their inworld database; if I were the LL data custodian I certainly wouldn't. The apparent inability of the moderators to remove spammers promptly nor to gang-delete their postings would imply that there is a data linkage problem as well, which tends to be supported by the historic failure of inworld muting being carried through to the feeds.

And speaking of the feeds, the repeated cross-corruption cockups there, where avatars have displaynames and postings from the feeds of other avatars attached to theirs, tends to support my view.

I suppose, however, the biggest contribution to my perception that I might be correct is LL's precipitate reaction to my stating that having three not-quite-synched identity verification databases was a serious security weakness - almost immediate deletion of several posts with no explanation. If this post disappears then it will add fuel to the fire of my suspicions.

Of course, these are all suspicions based on external observation. I would never hack into other organisations' servers.

Unless they asked me to.

And paid me.

The Judge

 

[Darrius Gothly]

Well, you may have to go to three different logins in order to sign in for the three different services .. but those "different" logins are actually the same web page. As evidence:

Here is the Address Bar from Google Chrome when I have to log back in to the Forums. Notice that it's the same https://id.secondlife.com as for the other two. That tells me that each of the logins is using the same database. However they ARE using three different Cookies. That's just sloppy .. or lazy .. or Lithium has put some really ridiculous barbed-wire on their wrists when it comes to user authentication processing. (In which case the lazy and/or sloppy monikers need to get hung on the Lithium folks instead.)