The recent Temu stranglehold

[MikeGE]

I’ve always wondered what the actual end game benefit is for spammers posting on a forum like this.

Anybody care to offer opinions?

One objective is hoping at least one unsuspecting member will go to the website, use the promotion code in the spam post, and provide a valid email address to receive the valuable discounts. This response validates the spam attack works and provides another source of spreading spam and/or malware.

 

[woodferret]

As I wrote earlier, the spam developers are smart and know about the censor features of the various discussion board software. During the most recent surge in spam posts, I've seen variation in the spelling of "temu", such as "t e m u", Tëmu, T€MU, TΣMU, and so on. Trying to target every variation that makes it through the spam filters is not practical.

They're not even bothering to do that. All the examples you've posted including the lastest batch literally are peppered with "Temu Promo code" in the title and post body. Not a single ofuscation. Hit that low hanging fruit.

There's that old joke "Two friends are in the woods when they spot a bear running at them. One friend starts running away from the bear, while the other friend begins to lace up his running shoes. The first friend asks, "Are you crazy? You can’t outrun a bear!" The second friend replies, "I don’t need to outrun the bear, I just need to outrun you."

 

[Crazyraceguy]

I wasn't on yesterday, so I missed this problem, but I definitely reported a bunch around 5 today.

 

[smorgasbord]

The values in the example you posted are the default settings and can be changed as required. However, they are global and will affect all members

Oh, that's too bad. It would be good to have some kind of "member" tier like "new member", "member," and "senior member" with increasing levels of trust.

 

[MikeGE]

Oh, that's too bad. It would be good to have some kind of "member" tier like "new member", "member," and "senior member" with increasing levels of trust.

The tiered status is already used here, as can be seen in the labels under the member's username, and is based on the number of posts. Using the tiered approach for increasing levels of trust is possible and is what I hinted at in Post #15. This type of membership ladder is frequently used in discussion boards to give members additional privileges or access to other areas once the Admin-defined criteria are met. Examples of the criteria that can be used include number of posts, duration of membership, number of reaction points (likes), and so on. However, if multiple factors are used, such as posts and membership time, then both must be satisfied in order to meet the threshold.

For spam control, the promotion criteria can be set to five posts and thirty days of membership. In this case, all threads or posts by new members would be in the Moderator Queue awaiting either approval or rejection until both factors are met. Once the new member reaches the ladder threshold, then no further moderation is needed. Content in the Moderator Queue is not seen by the general membership or the new member until it is approved.

While this does effectively shield the membership from the nuisance spam threads, it places an additional burden on the Staff to regularly monitor and clear the queue because of an unintended consequence. In the example above, if the promotion criteria is five posts AND at least thirty days since registering, then all existing active members with less than five posts will revert to the moderated pool regardless of how long they have been members. However, if they are infrequent contributors, then they won't notice until they create a new post. The solution to this is to either eliminate the registration time from the first promotion rule or create another promotion rule based solely on registration time. The additional rule is trivial to create and will take precedence over the first rule as long as the member remains active. Once created, the promotion rules run automatically as cron tasks every hour in the background and do not need additional attention.

 

[SoonerFan]

@Cheese I logged in tonight and noticed a bunch of Temu discount code threads. You are right that there are more of these threads than before. I have no idea why there are more but there are for sure.

 

[PaulMarcel]

Yeah this updated thread was the only non-Temu thread on the new posts and it looks like there's at least another page. They all have some unique text that could be applied to a filter. I recall a forum I was on ages ago where, say, I could post something the filter caught and the post would look like it worked. But nobody else could see it. Perfect for something like this in case the bots check for the post actually being there.

 

[Crazyraceguy]

It's happening again today

 

[MikeGE]

They're not even bothering to do that. All the examples you've posted including the lastest batch literally are peppered with "Temu Promo code" in the title and post body. Not a single ofuscation. Hit that low hanging fruit.

That low hanging fruit is no longer valid. Here are screen shots from today's spam attacks showing how the robot programmers (or AI) have adapted the wording and spelling. The programmers are also taking advantage of the XenForo default flood timing by adjusting the new threads at least 300 seconds apart.

 

[Mini Me]

Is this problem now occurring because of the forum software change?

 

[woodferret]

How about just putting

/^\[url.*\[\/url\]$/si
/^http\S+$/si
/\[url=("|')?([^"'\]]+)("|')?\].*\[url\]\2\[/si
/\[url=("|')?([^"'\]]+)("|')?\].*\[url=("|')?\2("|')?\]/si
/^https?:\/\/\S+\n/si

in Spam Phrase with a sane Maximum Messages limit. That'll weed out all external URLs for 'newcomers' And yes I know that if someone is actually watching closely, they may realize they need to spam Lorem Ipsum for the first 5 messages or whatever, but seriously it's getting silly. Get this site off the easy radar THEN worry about making the P3RfEct spam filter.

 

[Cheese]

Is this problem now occurring because of the forum software change?

My opinion is yes... ...but I think that's because we were protected from this level of interference ONLY because of the age of the older software. Not a big market out there to figure out a way to steal a 1934 Hupmobile.

However, this stuff is very annoying and I'm not so sure Festool understands it very well as this is also all new software to them. I hate this as much as everyone else does and it certainly makes me check my phone fewer times each day for updates, especially when I see the New Posts cluttered with 15 TEMU posts.

I can't believe that there isn't a better method available to efficiently combat this stuff, otherwise most other newer websites would have been brought to their knees.

 

[MikeGE]

@Mini Me and @Cheese, the new software might the reason because XenForo is a very popular software package and the robot programmers know how to go around the basic configuration. Deploying the software without tailoring it to the environment is the equivalent of installing a new S&G combination lock on a safe but not bothering to change the default factory combination. This will keep most people out, but anyone who knows the factory combination will not have any problem opening the safe.

Adding code like @woodferret recommended is an easy method to stop or delay most hit and run spam attacks that include embedded links. I looked at a few of the most recent attacks and think the only link was to an image on an external hosting site. Unfortunately, this URL snare will also trap all legitimate new members who include links and send them to the moderation queue.

 

[ChuckS]

If what you are saying is that there's a simple solution but that would put new members trying to join in a line until the moderator clears it, that sounds reasonable if the wait is not unreasonably long. Between upsetting existing members with the daily spam posts and admitting new members with a bit of delay, if I were the decision-maker, I know where my preference and programming change would be.

 

[woodferret]

It's not even moderating new members, unless they attempt to embed URLs or use spammy keywords like temu, coupon, etc. It's rare for a valid post to fall into that - happens, but unusually rare.

 

[MikeGE]

It's not even moderating new members, unless they attempt to embed URLs or use spammy keywords like temu, coupon, etc. It's rare for a valid post to fall into that - happens, but unusually rare.

I forgot to add the caveat about links for new members, but have just edited my post.

 

[Coen]

I’ve always wondered what the actual end game benefit is for spammers posting on a forum like this.

Anybody care to offer opinions?

To make money and on the side probably condoned by some foreign government because it just makes life shittier in countries they don't consider friendly.

 

[Crispy]

And someone is back at it again today...

 

[PaulMarcel]

Is there a wiki for the forum software? Surly other installs are getting spammed and may have posted a working solution.

 

[MikeGE]

Is there a wiki for the forum software? Surly other installs are getting spammed and may have posted a working solution.

More staff who aren't in the same time zone.

XenForo community

Forum software by XenForo

xenforo.com