Slashdot Mirror
One Man's Fight Against Forum Spam
JWSmythe writes "Free Internet Press has an interview with 'Random Digilante,' an anonymous hacker who has been taking over forum spammers' email accounts, and notifying forum operators to delete those accounts. It looks like his reasoning is sound, and his methods are safe, where he won't hurt any real users."
Forum spam is best solved with good forum software. A good karma system is probably the best solution. I've never seen spam on slashdot (unless I dig through the low rated posts).
He’s thought of that already, and seems to have his case made. RTFA.
RD: If I were taking over an account that was created by a human being who actually cared to contribute to my forums, yes that would be illegal.
FIP: Are you concerned about the possible legal consequences of your actions?
RD: Here is the reasoning I use, and I know that a lot of people argue it.
Especially now that I have a few dedicated forums whose only reason for existing is that they capture the login credentials of forum spammers, my feeling is that they're not people, they're robots. Xrumer [a forum spamming software] is a 100% automated process. The human has to set up the email address where the responses get sent for things like confirming your account by clicking on a link, but everything after that is done by the software. No human being is harmed by what I do, only a piece of software. If they cared, they would pay attention to the fact that these accounts are getting taken over very regularly by me. They don't. They just set up new accounts and start over.
It's hard to feel "bad" about taking these accounts over. All I can tell you is that I have never taken over any account that was not very obviously being solely used repeatedly to auto-register to forums. In fact by the time I get to them it's obvious that the spammer only set them up from 1 - 6 days prior to me taking it over. There are no human-written messages in any of these accounts. I certainly would not have gone so public with this activity if there had been. Only purely automated messaging has ever been present in any of these, and I have enough hard data to back that up.
Basically he claims that since a robot registered the e-mail accounts, you aren’t infringing on any person’s rights.
I doubt that it’d fly, actually, but who knows.
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
I created an account and was banned almost immediately.
They have extremely vigilant forum monitors who will bring the banhammer down for the slightest offense.
My offense? I insinuated that gays might be able to serve in the military just as well as straights.
If you do what you want based on what you feel is right, we might just not have any laws at all. There is a reason why the laws are created by the society as whole and not a single person or a group with single interest.
So, just as an analogy, if the police decided to stop enforcing laws against auto theft, you believe it would be wrong for others to do so. I don't think that holds water. What this guys is doing is indeed illegal, but not immoral; when our government is unwilling or unable to enforce or prosecute laws it becomes incumbent upon non-sanctioned individuals to protect society by doing so. The simple fact is that the government is not able to even begin to scratch the sheer volume of spam, nor is it interested in going after spammers unless it can wrench a large settlement and some headlines out of the deal. If we wish to preserve the Internet as a medium for the exchange of ideas, some of us must take action to protect it from those who exploit it at a very real, monetary cost to innocent people.
As someone who deals with forum spam on a daily basis, I'm rather surprised at how intelligent the spambots are becoming.
Of course there's always the blatant, obvious spam (99% of which are video encoding tools for iPad, iPhone, etc). But I've recognized two other types of very covert spambots.
First one will take fragments of sentences from previous posts in the topic and regurgitate them. At first glance it seems on topic, but closer inspection reveals the post doesn't make sense and is just portions of others' posts.
The second type uses a database of sentences harvested from other websites, and attempts to post a sentence that matches keywords in that topic. Usually I can spot those because they aren't exactly on topic to the thread. I've also seen these modify various throw-away words, like adjectives and articles, so the sentence isn't an exact copy of the original source.
Now the key thing with both of these kinds of spambots is that they do not include any links initially. A couple weeks after posting they come back and change their signature, which results in spam links appearing under all of their previous posts.
I've also noticed that the vast majority of spambots use yahoo.com email addresses, so yahoo's captcha must be weaker than gmail / hotmail.
Now on the topic of this story, I don't quite understand. The forums I moderate have a few spambot accounts created daily (using recaptcha and custom implemented captcha). So it's not like there's just a couple spambot accounts causing all the trouble. Over the course of a month it around a hundred different accounts. So I don't see how this hacker is helping anything going after accounts one at a time manually.
Better known as 318230.
Well, his other point was, who’s going to complain? the robot?
Chances are the human operator doesn’t even know what happened to the account, the robot just flags it as deactivated and asks the human to feed it more accounts. They probably don’t have any way of telling that somebody hacked the account and closed it vs. e-mailing the e-mail provider and having it shut down properly.
Of course the main question (in my mind, at least) is why spammers are registering forum accounts with the same password they used to register the junk e-mail account that they’re registering under...
Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
Here's a specific example of what I'm talking about. Here is a post made to my forums in July 2010:
You can choose ‘Micro-ATX’ size motherboard for your HP. That limits the possible range of motherboards deals you will find. My advise is to buy a case that fits full ‘ATX’ form factor motherboards and go from there, many choices. It is depending on money and what you want if your building a good rig for gaming multimedia etc and don't buy a case with power supply. Please choose a separate power supply.
Now here is a post from another website made in 2009:
Your HP case (the cheapest part of the pc!) takes a ‘Micro-ATX’ size motherboard.
That limits the possible range of motherboards\deals you will find. (look for a motherboard\processor package)
Now you are already buying ‘a whole new computer’ except the case, why stop there? (unless you want the small form factor)
My advise (thats why your here!) is to buy a case that fits full ‘ATX’ form factor motherboards and go from there, much more choice.
Depending on money and what you want if your building a good rig for gaming\multimedia etc DON’T buy a case with power supply, they are usually sh*t (cheap\unreliable). Choose a case, choose a separate power supply (after research!)
Better known as 318230.
What this guys is doing is indeed illegal, but not immoral; when our government is unwilling or unable to enforce or prosecute laws it becomes incumbent upon non-sanctioned individuals to protect society by doing so.
Bruce, we've been over the five stages of grief a million times: I keep telling you, you're stuck at Anger and you need to move on.
You can't take the sky from me...
Make a filter that detects his notifications and deletes the account automatically.
He is trying to help and he is fighting.
What are you doing about it? You're not helping anyone except of course protecting your advertising on your site.
Slashdot needs Geekcode | Can anyone recommend any good SCIFI? My tastes: Foundation, Startide Rising, CITY, Ringworld,