How to spot spam bot posts

I’m not very good at making “How To” articles but I will give it a try. This is just a quick write up so there might be some splling errors and grammar mistakes. I will update this first post with any new information or correction if necessary.

How to spot a spam bot post.

I won’t go into detail on how or why spam bots work but I will give you some tips on how to spot them. It’s pretty easy to spot spam bot posts because they are all similar in how the message and profile is formed. To make a post a bot must be able to successfully register and then make the actual post. To do this it must select every available option when registering because some sites have “required” fields. That usually means selecting the very first or very last options on the registration form. If there is a text box to fill in the bot will usually put something in generic. Once the registration is complete the bot can now make its first post. The bot will still fill in every option available to make sure its post gets successfully submitted. These two things are the key on spotting a bot post.

Here is what you need to look for.

In the profile…

You can’t tell from the username alone because that is one this these bots do pretty well but sometimes the username can really stand out and be obvious.

The “My Car” will almost always be the last available option or the newest model year. For the current model Prius it will be “2008 Prius".

The “Package” will always be the last available package. Currently the last package is “Package: #9”

The “From” option can be different things. I have mostly seen bots use either USA, US, and UK. This field can be other things if the spammer has taken the time to set the bot up.


In the message…

The message will almost always be posted the same day the bot registers but this does not mean that it’s a bot. Some new members post the same day they register so don’t rely on the dates to determine that it’s a bot. Some bots will wait a day or two to post if configured correctly.

The topic will %99 of the time will be posted in the first or generic posting area of the forum. For priuschat.com that would be the “Prius main forum”. Some bots if configured correctly can post in off topic forums to help hide their spam.

Since the bot always make use of every option you will always see a smiley face like this next to the topic title. It will look just like my topic title for this topic.

The topic title will %99 of the time be WAY off topic or can be something like “Hello everyone” or “Hi how are you” or “I’m new here”. Sometimes the topic can be about needing help for an unrelated matter like “I need help finding free scanning software”.

The body of the message will not always include a spam link to an unrelated website. But the body of the message will sometimes be generic like the title.


To see if the message is in fact a spam bot post you should do some google searching on the username and or the posted message. Chances are that this spam bot has posted before in other forums using the same username, topic, and message. All you have to do is copy some of the message from the post and paste it in the google search box. I recommend putting quotes around the texts so you get a more accurate search. If you find the exact same message multiple times you have a spam bot.


This should help anyone to recognize a spam bot. Just don’t go accusing a new member of being a bot until you at least check with google searches because you never know if someone was just a little click happy and filled in everything.


Please feel free to add anything I may have missed and I will add it to this first post.

 

Those are some good questions.

I remember reading or hearing about posts like this a while ago and remember something along the lines that the spamer would want to see how many listings they could get on google and they are able to get better ranks somehow.

One thing I haven’t checked is to see if the spammer put a URL in the home page area of the profile. If this is the case they could get their spam site ranked higher when they put in a home page in the profile. When this is done, posting a simple message will bring out the account to google when it does it normal sweeps of the forum. Google sees the username link and follows it to the profile information and keeps following any links.

I don’t know of anything for the IPB forum software because I’m not that familiar with the options available. I use PHPnuke for one of my sites with phpbb as the forum. I know there are solutions on keeping bots out of those. I would check around to see if there are any mods to deliver a better random image validation when registering or an option to answer custom questions when registering.

I think a better image validation would be a better choice because the current one can be decoded by any OCR program out there and I think that’s how spam bots are getting through.

Just seen where Evan moved the spam bot and not deleted it. Looks like there was no home page listed so I dont know what the motive was for that.

[edit] It could be that maybe the spammer is testing out some new spamming software and did not care about spamming links this round.

 

I think the security code confirmation desperately needs to be updated because they are just plain text images. If they could be replaced with better harder to read images it should make it harder for spam bots to register unless of course there is a back door hack around the image. If that’s the case then IPB needs updated.