Forum Spammers

As you probably have noticed, we’ve had serious issues with massive amounts of spam, typically in the forums, since last week. We’re still working on this, but I wanted to provide a quick update so you at least know what’s happened.

First of all, there are no security issues. There is nothing wrong with your site, or your accounts. And as a reminder, we don’t have, and we have never had, access to your credit card information if you’re a Premium member.

The issue is that someone, or some entity, is creating hundreds of accounts and plastering our forums with spam. What’s weird about this is that it’s working: We literally have multiple layers of spam protection, and none are catching any of this despite how obvious it is.

The spam is mostly in the form of new forum threads, though I did see a few spam comments from these same accounts over the weekend.

Given the severity of the spam—literally thousands of forum threads created over two days last weekend—we removed the forum link and widget from the home page, and we implemented various new anti-spammer tools, including Stop Spammer, Google Captcha, Askismet.

This actually worked for a few days. But as of today, the spammers are back. And they’re bypassing all of our measures, including the ones noted above.

So now we’ve temporarily removed the ability to create a new forum thread until we can figure this out. We’re reaching out to experts at WordPress, CleanTalk, and elsewhere in the hopes that someone will stop passing the buck and actually help.

Users can now post new topics again as of 10/5/18. We may have to reverse this in some sort of emergency -Tim

Anyway, sorry for the disruptions here in the forums. We’re working on it. And I will provide a more detailed account of what happened whenever we do get past this.




A quick update from Tim (10/5/18 @ 12EST)

Conversation 21 comments

  • infloop

    Premium Member
    04 October, 2018 - 4:03 pm

    <p>Thanks for the update, Paul. I do hope that the team can get help from the various providers about this problem and get it resolved. I can only imagine what a headache it must be.</p><p><br></p><p>Looking forward to the next update.</p>

  • wolters

    Premium Member
    04 October, 2018 - 4:17 pm

    <p>Thanks for the update…glad I know I wasn't going crazy looking for the forums tab. </p>

  • hrlngrv

    Premium Member
    04 October, 2018 - 9:58 pm

    <p>Thanks for the update. FWIW, y'all might consider a banner on the top page just under the menu at the top which could mention when some usual web site features were disabled temporarily.</p><p>Now some cynicism. Is your Forum and comments system easier for spammers to abuse because BWW developed them in-house? I know you know what you're talking about with respect to Windows, but it's a lot less clear BWW knows what it's doing developing forum and commenting systems.</p><p>I've never noticed Disqus or comments on ZDNet, The Verge, or similar needing to go down due to spam attacks. I can accept that BWW is doing everything it can given usual constraints of having few people working on the problem, but perhaps problems like this can only be addressed effectively when the budget to do so is well into 6-figures in US dollars. That is, perhaps doesn't bring in enough revenue to be able to afford to respond to this sort of spam attack effectively.</p><p>Tangent: if you're using pattern matching to identify repeated posts, are you replacing all the HTML spaces (varying widths) and change of writing direction characters with plain spaces or nothing? E.g., the following are NOT the same: foobar <span style="color: rgb(34, 34, 34);">f‏oo‎b‏a‎r. Note: necessary to reverse the order of characters between &amp;rlm; and &amp;lrm;.</span></p>

    • Tim

      Premium Member
      04 October, 2018 - 10:50 pm

      <blockquote><em><a href="#348395">In reply to hrlngrv:</a></em></blockquote><p><br></p><p><strong><em>"Is your Forum and comments system easier for spammers to abuse because BWW developed them in-house?"</em></strong></p><p>We are using the same systems that are available to all available forum platforms at the moment. So…I'm not so sure.</p><p><br></p><p><strong><em>"I've never noticed Disqus"</em></strong></p><p>This is just literally not true, on this site specifically we had an enormous SPAM problem with Disqus.</p><p><br></p><p>We are leveraging 3 major anti-spam platforms congruently and this "attack" continues to beat all three (perhaps most notable is Google..). We are in talks with all of these platforms…who's business is beating SPAM and have large 6+ figure budgets. </p><p><br></p><p>I think your generally theory is reasonable given the context but the reality is that SPAM is generally not an issue on In fact, it's significantly less of an issue than when we were on Disqus. It's significantly less of an issue on these forums than on the Petri forums which are VBulletin (god I hate that software).</p><p><br></p><p>The commenting system isn't perfect (yet?) but a single incident like this over the course of 3 years with a team as small and budget-limited as we are…I dunno, I think the track record is more good than bad.</p>

  • maethorechannen

    Premium Member
    05 October, 2018 - 9:23 am

    <p>Maybe the forums should be made premium only. That would either block the spam or make you more money.</p>

  • lordbaal1

    05 October, 2018 - 10:19 am

    <p>Just put some lettuce, tomatoes, and bacon on it.</p>

    • Daekar

      10 October, 2018 - 4:12 pm

      <blockquote><em><a href="#349712">In reply to lordbaal1:</a></em></blockquote><p>Don't forget SPAM sausages, they go great with SPAM.</p>

  • Tim

    Premium Member
    05 October, 2018 - 11:59 am

    <p>I launched an update last night after collaborating with one of our anti-spam services. At their request, we loosened some of the measures that were causing many false-positives and keeping some of you unable to log into the site.</p><p><br></p><p>I added some tools for our admin team to report/remove spam a little easier. Part of this is meant to send more data to the anti-spam tool, the theory is that it will continue to learn the nature of this particular SPAM attack and get better at preventing it.</p><p><br></p><p><strong>One thing to keep in mind is that this means we will likely see some batches of SPAM come through, but this is meant to decline over time.</strong></p><p><br></p><p>I would also like to speak a little to the nature of our systems in place.</p><p><br></p><p><strong>Google reCAPTCHA</strong></p><p>This is sort of the first line of defense. It is arguably the best captcha system available, leveraging the insane powers of Google's machine learning capabilities. This is in front of all account registrations and as of this week is also a part of submitting a new thread to the forums. We have not implemented this for comment replies as it is a little more cumbersome then I think we'd prefer for this interaction but…never say never.</p><p><br></p><p>It's worth noting that even this is not fullproof: <a href="; target="_blank"></a></p><p><br></p><p><strong>IP and Email Address Known SPAM Databases</strong></p><p>We leverage a service that has access to several of the largest databases of known/reported SPAM email addresses, top level domains, and IP addresses. Every user registration, comment, and forum post passes through this filter, and many are blocked every day. We have had nearly 10,000 positive hits in the last week alone.</p><p><br></p><p><span style="color: rgb(0, 0, 0);">We are able to see global reports on every individual email and IP address. </span>I would like to point out that in manually investigating many of the SPAM addresses from the incident this week, almost every one I spot checked had zero incidents of SPAM until the last 2-3 weeks at which point reported incidents skyrocketed. This indicates to me that this is a new attack that is being launched across various corners of the internet. </p><p><br></p><p><br></p><p><strong>Content Analysis</strong></p><p>We pass content over to a service that also analyses the author information (IP, username, email address) but also examines the actual content of what's being posted in an attempt to flag SPAM as SPAM. All of our comments pass through this system but new forum posts had not been getting through this system. <strong>This is the biggest change that has been made in the last 48 hours. </strong>Now every piece of content posted by a user is passed through this filter. It was short-sighted that forum posts weren't put through this system but this has been addressed. </p><p><br></p><p><strong>Moving Forward</strong></p><p>Brad has been begging, as well as many of you, for some simple SPAM reporting features from users. This was meant to roll-out in the next major release we have been working on for the last several months (which we'll likely be sharing information about soon) but I am accelerating this feature and hope to have it out sometime early next week. </p><p><br></p><p><br></p><p>These things are an ongoing arms race, we will ultimately win this battle but the war will go on…IE, SPAM will always be an issue. No website is SPAM free, it's just not feasible in today's world. I actually really believe the SPAM on our site is relatively minimal and fairly well managed internally (I know this because I work on and have worked on dozens of other websites across many topics)– we currently lack hugely in giving our user's the ability to help us manage it; we're working on that (as mentioned above). You will likely continue to see some junk posted over the next few days…bare with us. </p>

    • infloop

      Premium Member
      05 October, 2018 - 1:57 pm

      <blockquote><em><a href="#349822">In reply to Tim:</a></em></blockquote><p><br></p><p>Thanks for the detailed report, Tim. The info you provided on how this site fares compared to others was interesting to read.</p>

    • wright_is

      Premium Member
      08 October, 2018 - 5:45 am

      <blockquote><em><a href="#349822">In reply to Tim:</a></em></blockquote><p>It doesn't seem to have worked. 🙁 </p><p>The first 6 pages are all spam again.</p>

      • Tim

        Premium Member
        08 October, 2018 - 10:55 am

        <blockquote><em><a href="#351002">In reply to wright_is:</a></em></blockquote><p><br></p><p>As crazy as it probably seems, it is working to a certain extent. Things are still getting through but it's much less than it was last week. I am continually working with our partners on this though.</p>

        • wright_is

          Premium Member
          08 October, 2018 - 1:28 pm

          <blockquote><em><a href="#351092">In reply to Tim:</a></em></blockquote><p>And we appreciate it. </p>

  • skborders

    08 October, 2018 - 10:23 am

    <p>You guys are really getting hammered. Thanks for your hard work. </p>

  • Daekar

    10 October, 2018 - 4:10 pm

    <p>Good grief, who the heck has so little to do that they work to bypass comprehensive spam filters? Definitely looking forward to hearing all about it when you get them put in their place!</p>

    • gardner

      Premium Member
      11 October, 2018 - 11:31 am

      <blockquote><em><a href="#352080">In reply to Daekar:</a></em></blockquote><p>Apparently the ability to communicate with the smart people that frequent this forum is worth the extensive effort it takes to overcome these obstacles. Unless this is some sort of personal attack, and not motivated by "spam economics".</p>

  • disco_larry

    11 October, 2018 - 11:38 am

    <p>I'm surprised it's financially worthwhile for spammers. I can't imagine many people click on those links.</p>

    • wunderbar

      Premium Member
      11 October, 2018 - 12:29 pm

      <blockquote><a href="#352336"><em>In reply to disco_larry:</em></a></blockquote><p><br></p><p>All it takes is a very tiny percentage. Same reason spam callers work.</p>

      • hrlngrv

        Premium Member
        11 October, 2018 - 5:59 pm

        <p><a href="; target="_blank"><em>In reply to wunderbar:</em></a></p><p>A tiny fraction of, say, Disqus users reading all sorts of blogs and web sites would be one thing, but would those of us following tech sites click on obvious spam links? Selling pyramid schemes to high schoolers, patients in rehab, residents at senior centers is one thing, selling them in police bunko squad rooms is quite another.</p><p>OTOH, maybe was a convenient testing ground for all sorts of nasty hacking tools.</p>

  • faustxd9

    Premium Member
    11 October, 2018 - 1:17 pm

    <p>Wow, that is a huge amount of additional investment to exist on the internet these days! I hope they haven't hijacked a admin account and are using that to generate accounts. Thanks for the post and all the hard work!</p>

    • Tim

      Premium Member
      11 October, 2018 - 2:20 pm

      <blockquote><a href="#352380"><em>In reply to FaustXD9:</em></a></blockquote><p><br></p><p>They absolutely have not highjacked anything. </p>

  • bharris

    11 October, 2018 - 10:06 pm

    <p>Phony phone calls, junk e-mails &amp; now fake forum posts. It's amazing how much time &amp; effort we have to invest just to use technology without being harassed….and at least with the phone calls, I see no real solution. It's ridiculous…</p>


Stay up to date with the latest tech news from!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2023 BWW Media Group