I co-admin the popular BritCaster forums. Where appropriate, I have a general, active participation in the conversations there, but beyond that basic monitoring and interaction I have the lovely task of deleting spam registrants. Envy me if you must.
Most spammers are fairly easy to spot by their member info: anyone with a URL that has any number of typical blacklist words, such as pharmaceutical and sexual terms. Those are easy enough to weed out. There are plenty that even use genuine email addresses to complete the registration process- those typically get ‘wildcard’ added to our internal phpbb blacklist to prevent anything registering from that particular “@xyz.com” URL address.
Here’s where it gets more complicated: I’ve recently encountered a trickier bunch of spammers. These guys have either a genuine-ish looking URL listed in their member profiles or none at all, but they are completing the registration process ‘legitimately’ which requires an email verification. Now, when you scrutinise so many spammers, you get somewhat accustomed to the style of names they pick. Admittedly, sometimes I get it wrong on my initial assumptions and after a quick check (before deleting the user) I find that it’s a genuine registrant and call off my dogs.* So many spammers make it dead easy by to spot them by registering something like asdfghjk or a whole slew of names at once which are ridiculously similar in style, like: italy40, snow35, angel67, bicycle43. Those are clearly generated by people or a program with a word list or algorithm designed to create believable names.
Now, back to the trickier spammers of late. I’ve had a few come in where the name is just suspicious enough but the URL they reference (if at all) is without pharmaceutical or sex references. They go through the email verification/activation, so I know that the email must be valid. I look up the suffix by putting the xyz.com into a browser to see what site pops up. Most of these guys have fake sites that look real enough superficially**, but if you dig into another page within the site you will find typical spam. For instance, today I had a ‘German Recipes’ site (found through email, not a http address) that when you click on About Us, the link went to a computer generated text dump page with key search terms and live links in it. You’ll recognise this kind of thing easily since many of these sites have a ridiculous amount of About Us text without paragraph breaks or logical language. Spammer. But, if I want a recipe for Spaetzle, I’ve come to the right place. Sneaky. Hiding spam one click behind legitimate info.
That’s certainly not the first site like that I’ve investigated, but it’s today’s registrant example. I also recently had one cheeky spammer register his ‘Italian Art’ site twice, but it is clear it’s a spam site underneath its veneer. Though the site provides ‘click here’ links to dozens of Italian art masters, curiously, not a one of them is an active link. Yet the About Us page is full of the gibberish text and search term links… Uh-huh. Spam.
The joys of forums administration. Just thought I’d share. Now I’m back to putting on my virtual Wellies to wade though some more of it.
*One perfect example of a genuine user that looks suspicious is Adam Curry’s registered name on BritCaster: adamc1999. That nickname would raise an eyebrow, but is genuine. On the other hand, 7crewz is a spammer… it can be tricky and often can’t be determined without digging.
**Although, good lordie, the site design is typically really poor and nearly all links to additional pages are non-existant, even when they say “CLICK HERE!”