It is about time that someone with adequate size go after not just spammers, but the fools that create and sell the tools used.
Hackers is a whole other ball of wax, but spammers at least have specific goal that can be tampered with. Money. The way to restrain these scammers is to make spamming and helping spammers "bad business".
As I spend a lot of time fighting among other spammers and building blocking tools, it seems close to insanity to merely keep spending engineering time on building more and more spam-blocking tools, rather than hitting the large and obvious ones where it really hurts them. Their pocket books.
Same goes for tools such as crawlers running around doing automated site registrations, automated "article changers" and "article submitters", and similar junk.
And yes, you are right.. As I am sitting here watching spam logs fly by in window, the rates have definitely increased as of late.
I have seen a lot of "Someone running bad info about you..."
There is lots of easy money can be created by spamming; that's the reason for increase in spam.
Here white hat people work hard to earn $1 when black hat people can earn $100 working same or less. Unfortunate, but true :(
Simplest solution is to sandbox new accounts / new tweets that post on trending topics.
Majority of spam seems to be trend following, where a new account starts spamming
Have you seen the new video of #ACelebwhoistrending (spam link)
Those appear instantly once a name is trending. If twitter held all new account / new posters tweets for two hours it would eliminate that type of spam. It's not rocket science.
I don't mean hold all posts on trending topics - only those from
a) accounts created within the last few minutes that post on #trendingtag
b) sleeper accounts created within the last few months that have no posts, no followers that wake and post on #trendingtag
Those are good advises, however how will you deal with those not using any hash tag technique, blocking the individual user seems to be the only alternative.
Their block / spam reporting tool is useless too.
Quite often I will watch trending topic spammers and instantly hit the report for spam button.
Three days later those same accounts are still spamming :(
Here's another tip for Twitter:
Take the advice of authoritive accounts that report spammers. Define an authoritive account as one that is either
a) Blue ticked
b) Has been online for X months / years and the ratio between followers and following is 10:1
If more than 10 authoritive accounts block a spammer then ban that spammer account instantly. It's not good letting that account run for 3+ days as too many accounts would have been infected by then.
Part of the problem is people who are desperate for followers, and don't consider who, (or in many cases "what" is following them).
When I get a notice that someone is following my account, I immediately check them out -- if the account is following 3,000 others or has 1000 followers -- but has only posted 120 times, it raises a flag and they get blocked. If they pass my "numbers" metrics, (e.g.- they have 1000 followers and have tweeted 3000 times), I check what it is they're tweeting about --- a lot of times it's the same tweet over and over every hour, or nothing more than automated "I'm at the dry cleaners", "I'm at the car wash" type of tweets -- again, blocked.
If they don't already, I hope twitter takes into account how many people have blocked a "twit" -- and maybe use it as a metric for shutting down the account.
Another part of the equation is alerting the email providers, (gmail, hotmail, yahoo especially), when email used to signup for a twitter account is used.
I still keep wondering why AKISMET type spam filtering isn't deployed to more platforms. WordPress (Automatic) does a great job of filtering 99% of the crap -- they do it by casting a wide net --- spammers rely on volume -- when AKISMET sees the same blog post, the same email account, the same IP, etc.. posting to hundreds or thousands of blogs, (especially the usual comments like: "I much appreciate how you write about this subject, I will visit this blog often")... it trips the filter and the millions of possible targets never see the comment spam or have to spend time cleaning up the mess.
I am saying it since a long time, be careful with your followers, review their "about".
Follow only accounts that could benefit you, number is worthless, look for quality in a similar mode you will look for getting or accepting links.
lexipixel mentions to check what they tweet about, this is a great advice; for example I often tweet about fresh added content that I know is in the alley of my followers, within 15 minutes I got many retweets.
Quality is again what maters!
|While spam is a small fraction of the incredible content you can find on Twitter |
While I get that twitter is extremely agile in getting the word out... I find it difficult to believe that any volume of 140 characters (really just an infinite loop of one liners) are really that incredible.
Abuse of any service is bad so I wish them luck.
@fathom, I am with you there.
While I do have Twitter accounts connected to sites, I consider it mostly a notification system, and I definitely have yet to find any "incredible content" contained in ANY Tweet.
Maybe I have a tendency to be long-winded at times, but even when being at a middle ground, my usual attitude would be that any "thought" you can contain in 140 characters or less is not really worth wasting time on, let alone following. :)
But to each their own.
If they start adding:
1. 140 pixel pics
2. 140 Mb slideshows
3. 140 Kb of audio
4. 140 seconds of video
5. 140 frames of stop motion animation
6. 140 level games
140 of whatever... that's something to tweet about!
Lets see if 140 chars is enough to post useful info...
LOL ... you gist!
It's a cool product to be sure and you can spin it and hype it as well... but incredible?
|I still keep wondering why AKISMET type spam filtering isn't deployed to more platforms. |
Because Askimet is amateur hour anti-spam and just does an OK job, but not great.
It works well enough, but not well enough to protect little blogs, but not sufficient to use for anything serious IMO.
|Because Askimet is amateur hour anti-spam |
Really surprised you'd say that. I've seen blogs hit by 30,000 individual comment spams in a matter of days, clean it up and install AKISMET and you might get one or two comment spam posts sneak through a month.
I'd like to know the background of your opinion of Akismet type systems?
I get a tedious amount of spam whenever I tweet with any one of a slew of potential "keywords". The typical spam is an @ from an unknown @ containing *only* a shortened URL. I scrupulously report these to @spam, but I doubt it affects the behind-the-scenes. The law? Hah! Spammers (advertisers) are far too creative to be stymied by just that...
|The law? Hah! Spammers (advertisers) are far too creative to be stymied by just that... |
More likely it will do no good out of ignorance. The vast majority of programmers (that invent spam tools) don't get out much... they rarely check out local news let alone national-based issues.
|I'd like to know the background of your opinion of Akismet type systems? |
Maybe it's improved since I last looked at it. Quick review of the source and it wasn't too hard to defeat at the time. If it's improved then good for them, people need solutions.
I assume it was their base plugin code you reviewed at some point in time?
Akismet is a service based spam blocker (meaning that the plugin code is a mere local interface calling a remote API). Plugin code itself is mostly a mgmt interface).
The actual "blocking" is done by calling their servers, so to defeat it, you would have to defeat Wordpress itself (preventing incoming spam from even going trough any checks).
Defeating Wordpress from filtering its own comment spam would seem a whole different ball of wax. I have yet to see a spammer bot try to do that. All the spam (not hacker) bots I see pretend to be users and merely spam into Wordpress, in which case the plugin will be called. So I am not quite sure what "defeat" means in this case, since I assume that you do not have access to Automattic's proprietary server spam-algorithms.
I myself do not use and have never used Akismet, So I am not trying to defend their systems. Merely curious about the "defeat" part.
Yup, I'm aware of how it works.
At the time I found a few loopholes, probably fixed by now.
I wonder if feedburner was/will be a spam target with the auto-posting to twitter capability.
Google did remove the socialize link from feedburner but the feature is still there if you navigate to /socialize, for now.
>Majority of spam seems to be trend following, where a new account starts spamming
As does the majority of all new accounts...
|Follow only accounts that could benefit you, number is worthless, |
My policy too. Until recently, I used to joke that I had less than 1000 followers, so it "proves" I didn't go to Fiverr. I get notified when someone unfollows me and it's obvious that a lot of people use tools to mass-follow just under the Twitter daily limit, check the next day and unfollow everyone who didn't follow back. Some of those accounts have zero tweets, yet have a large following. Bots following bots?
Most likely, with the exception being the occasional random naive human that also falls for phishing schemes and buys ED pills from spam.
And then it's bots spamming bots.
Works for me, I like it! :