cc licensed flickr photo shared by jamesjyu

We had a disturbing new phase on the NMC web site a few weeks back. Over a weekend, our office reported a flurry of about 200 accounts created. What we found was that real humans (because they got past a captcha) with real email addresses (because we send passwords to an email address) were logging into their NMC web site accounts, and editing their profiles to include links to the usual steaming pile of spam web sites, again seeking google page link. Some of them were using actual photos to make their account look more “real” (the links they put in profiles were dead give aways).

There were all kinds of emails used (a lot of gmail but many others) and the IP addresses I could trace were random.

Our spam heroine in the office began deleting the accounts as they were created, but that’s not scalable or sane. The first line of defense (not the best) was to edit the drupal access rules to not allow access based on the email patterns we were seeing. That put a dent in it, but did not wipe them out.

They only thing I can think this is happening, is that somewhere, there is a human spam factory, some poor suckers making rock bottom wage to log into web sites and find places to create accounts/insert desired links.

My new wall has been to add the drupal Path Access module (which requires Role Weights, do you think the module sites will ever list dependencies?) to prevent access to basic authenticated users to edit profiles (blocking path to user/*/edit); and lighter (higher) role weights to the roles that I do want to allow access.

But worrisome- if there are places where spammers are paying people to enter content, captchas lose their value. If I could regain all the time I spend dealing with spammers, I could retire next week.

PS- The photo above is from the Tillamook Cheese factory, a seriously fun place to visit! and they have no spam there (you have to go to Austin, Minnesota for that)

The post "Human Powered Spam Factories" was originally pulled charred and crispy from a smoky charred oven at CogDogBlog (http://cogdogblog.com/2009/11/human-spam-factories/) on November 24, 2009.

3 Comments

  • Hi, I’m both a real human and *not* spamming (or at least not intentionally).

    I have largely given up on blogging–not by choice, but just been a bit scattered. So I was surprised to see spam on my blog.

    See, I changed the code of my commenting feature in such a way that it is a sort of CAPTCHA entirely idiosyncratic to my site. Easy to program a spam-bot to defeat it, but it would only be for my own personal blog. At first, that’s what I figured it was, but now I’m pretty sure it’s RL humans.

    And I suspect that rather than a sweatshop, it’s mTurk, though there’s no way to know for sure. I guess, in some way, I’m happy people are at least getting paid (?).

  • Wish I have an answer…

    Thank you for the post…good to know what’s going on on the ground…

Leave a Comment

All fields are required. Your email address will not be published.