Published on 12, July, 2020
Hello
This is another thread to talk about things on the forum itself, particularly spam. Hopefully the moderators and web project manager can join here and allay any fears about technical risks. The last thread, called 'Chat Bot' was partly about how you tell the difference between a genuine user and abuse, and has reached 167 replies, so it was suggested that we start a new thread for each subject. There's also a thread from the last few months called 'Mods Please Make the Spam Stop', which has covered some of this and also covered the times when obvious spam is left on this forum. I don't personally think it's a massive problem, especially compared to some other forums, but it may make people uneasy unless it's dealt with in a clear way.
As I understand it, and Ross-Mod or Kerri-Mod or @WebPM can correct me, every interactive site on the web is subject to some abuse, and the forum software the NAS uses (Telligent Community) has some automated ways to detect and moderate this. However, occasionally some advertising for irrelevant products isn't so obvious, and gets through. There are also some other 'borderline' things, where we're not sure if the user is genuine, and interact with them very cautiously. The way this is supposed to work is that we, the forum users, readers and contributors, help detect the probable spam and click on 'Report as abusive' which pops up when you click the 'More' button below any post or comment. The moderators than consider this, and take action such as locking or deleting the thread. There's also a 'report as abusive' button on each user's profile for occasions when it looks like the only purpose of the account is spamming or trolling.
[Sorry I'm being so verbose.]
In the past week or two (May 2018), besides a small spam outbreak advertising pills and stuff, we've noticed what we're calling 'Copybot', which starts new threads by copying something someone real asked several months or years ago. This causes some confusion as people might start responding to these forgeries, not realising the question is very old and has probably been answered. There have been requests, mostly on the other two threads mentioned above, that the NAS checks its site security, and suggestions about how the site could better prevent Copybot.
I've actually only counted six Copybot threads so far, as of 7 June 2018. I think three of these have been deleted and three locked by the moderators, although some stuck around for several days. (Edit: since then there have been quiet periods and times of ten copied threads per week, which I've been listing at the bottom of this thread.)
Copybot is the name we (I) gave to whatever was behind the occasion when three threads showed up, from two users, that looked a bit suspicious partly because the two posts from the same account seemed to be from different people: one a parent, the other an autistic young person. Since then we've had a few more, mostly appearing overnight. The threads look like they come from a new user with no avatar image and the standard "NAS3nnnn" name. The posts are usually well-written and relevant to autistic individuals and families - which is hardly surprising, because it's copying most of the text from another post. The title is usually transformed a little so 'How to find a girlfriend' became 'I can't find girlfriend', and other ones include 'please everybody help me' to get extra attention - this transformation is apparently automated, in a way that recognises some English phrases, and chooses a random variation on it. Occasionally the fake title can be taken from the first sentence of the post instead. Sometimes people respond to the bot posting as it sounds genuine, but unsurprisingly I've not seen the bot reply. This is stealing people's real concerns and questions, which we find a bit creepy. Sometimes the text that is copied is truncated, either omitting the sign-off, or stopping at a punctuation mark.
[Here is probably a good place to stop reading. It may be too much information already.]
Several theories have been suggested as to Copybot's motives, such as that Copybot will eventually post malware links or impersonate a genuine user so well that personal information is compromised. However, I think it is simply a side-effect of trying to defeat anti-spam systems. If a bot registers and starts posting spam immediately, it's likely to get picked up by the automated anti-spam. If it registers, waits a bit, posts something apparently sensible, which people reply to and nobody complains is abusive, then it gains 'reputation', and when it does post spam, it's 'cleanlisted' and the spam appears on the site without moderation, and can go unnoticed which is why it seems to wait over two months to replace the copied text with spam. Also, if the copied post is automatically detected or treated as spam, then the anti-spam text-detection software may get a bit confused (technically this is sometimes called 'poisoning' a Bayesian classifier) and so won't be able to detect adverts for pills and so on so accurately.
A web search for "hi guys, i have a question about" and "i have a question, need help" shows that around June 2018 Copybots also started posting to other forums that use other types of forum software, including phpBB, myBB, vBulletin, Vanilla, Invision Community and Discourse. (Only in a technical Plone Discourse forum did I see someone notice that people were responding to bots, although moderators delete some threads.) The earliest Copybot thread I've found on the web is called "a quick question about business or public courses" on the thoroughly infested "Singapore Expats Forum" dated 26 April 2018, where the content was obviously different originally and then replaced with Vietnamese spam (I'm not linking to it for obvious reasons).
I've recently been on the forum a lot, and when I see any new post by someone I don't recognise, I check it. First I look at the post, and think about whether the title is written in a matching style to the text; then I look at the first few words and see if they also appear in the 'Related' bar to the right below one of the titles, and if they do, I look at that other post. I also might hover over the user name or avatar of the NASxxxxx poster to get a pop-up that shows how many 'points' they have; or follow the link on that user name to see their profile. So far, for Copybot, there's been nothing written on the profile, and there are 7 or 14 'points'. (An account gets 7 points for each thread started, and 5 for a reply, so 21 might also be suspicious, but we haven't seen a single account as active as that yet.) You can also check the 'Activity' tab of the profile to see if the posts are consistent and genuine.
If still suspicious, I also see if there are distinctive words or phrases and search to see if those have happened before. For example if the phrase 'depersonalization symptoms' appears, that's pretty rare with an unusual spelling, so I can put that into the search bar at the top and press 'Return' - if it shows a previous thread I check that. You can also check using a standard web search engine, by taking half of a well-written sentence (maybe six to ten words or so), putting double quotation marks (") around it and searching - if it only comes up with the latest NAS page, I'd assume it's not Copybot and we have a welcome post from a new user. If it comes up with other, older hits (I've not seen any from outside the NAS site yet, but it's possible), then I compare the two passages to see if they are more or less identical, and if the new post really is a copy.
If it looks genuine to me, I may like the post, or try to add a quick response, hoping other regulars know I check for Copybots. (It probably isn't appropriate to just say 'you're not a bot' politely, and ignore what the real human poster has said.)
If I find it's a copied post, what I do is:
[OK, it really does get dull and technical after this.]
Then it's up to the moderators to lock or delete the post as appropriate. Maybe more abuse reports from different people catches the moderators' attention more. If someone has added a valuable additional reply, I don't see any problem in locking the thread so that reply, and the link to the original thread, is still available. They may want to reassign the post to 'Deleted user' to prevent the spammy user from posting more copies or spam, but
If no obvious action is taken, then I suppose we can communicate with the moderators by mentioning them in this thread, via Direct Message if we've already had a message from them, or the communitymanager@nas.org.uk address. Forum rules are here by the way: community.autism.org.uk/.../rules
If this becomes a bigger problem, something more may need to be done until Copybot gives up. DongFeng5 suggested using a 'hash' of the text of a post to check for duplicates in an automated way, or use the type of software that claims to score plagiarism by students. I think this is something NAS would have to suggest to the software suppliers as a feature request. I know a bit about this subject (I've written hundreds of anti-spam regexes for a job), and a 'fuzzy hash' should be possible and cope with minor text changes. However, Copybot may also copy anything about autism from other sites so as not to be detected - someone said copied text from an article about baseball had also been used - or possibly use a Markov-chain text from multiple sources to generate random, but vaguely realistic, text. (We have also seen a short post, probably the same or a different bot, keyed to the forum title by NAS38283.)
Copybot seems unable at the moment to set an alias, avatar photo or profile text on Telligent. Therefore requiring a non-default alias in order to post may stop Copybot until its full features are implemented. It has been suggested requiring some kind of name would at least overcome the problem of not being able to tell the difference between 'NASnnnnn' users. If it is possible to require this in the current forum software settings it would seem worth doing. The accessibility problems with screening signups with ReCapctcha are probably prohibitive given many people with communication difficulties, and a maths Captcha probably wouldn't work. The software does have an option for custom fields to be mandatory. On some other forums, a bot sometimes posted spam in Vietnamese about cosmetics and pills and called itself 'amelinda' or 'philomena', so requiring a non-default alias to post may or may not stop Copybot.
StopForumSpam.com seems to be tracking a lot of related spammers, and there should be a free plugin for SFS for Telligent, although it's not listed on the SFS site. See also Project Honeypot, another free anti-spam service which is basically an IP address blocklist. A simple addition would be to use GeoIP to check for forum submissions from particular Asian countries, or if that's not possible could explicitly ban or firewall the main Vietnamese ranges.
Making the site HTTPS, partly to protect anyone from having their site password compromised if using unencrypted wireless, has also been suggested. This was done in June. It had no effect on Copybot. A related consequent suggestion was permitting non-alphanumeric characters in passwords.
[Oh, blimey. I do go on.]
We can also use this thread to report any new instances of Copybot, although I think adding a comment identifying it as Copybot and reporting it as abuse, as described above, is better. Perhaps mentioning the NAS number without linking would show a useful pattern in the spam signups.
The weather forecast for today, Thursday 7th June 2018 is: no Copybot sightings. Nothing on Friday either, so we're doing well. In fact I haven't noticed a peep out of it until:
Saturday 16 June.
Tuesday 19 June:
Thursday 21 June:
Friday 29 June:
Thursday 5 July:
Friday 6 July:
Mon 9 July:
Weds 11 July:
Thurs 12 July
Friday 13, copybotageddon
Saturday 14 July
Sunday 15 July 8am.... coast clear so far.
One reason for this is that a user may have something on their computer such as malware that could be causing this without their knowing
Copybot' poses a threat to forum security by enabling unauthorized duplication of digital content. Forums must implement robust security measures, including encryption, user authentication, and regular audits, to protect intellectual property and user data. Vigilance against such threats is vital to maintaining the integrity and trustworthiness of online platforms.
Posted for "All" (including NAS, prefrerably)... yet directly to "Cassandro", <>the last Autistic Defender Here... Mr. Cassie, please do not wear Yourself out by replying to too many disparate Threads, and at the same time ALWAYS be careful. Follows is a pre-written Message to Anyone including NAS... before I leave. Thanks Very Much for All You do, Mr. Cass, Thanks For being a Friend to All...
--------
I try this last post before having to leave for a while to protect My own Devices/Software --- *again*. MY being Hacked coincides with WebPM not being present, it seems...? --- *yet again*.I am currently tiring of not being able to do good/nice/helpful/funny things for others... because of Society ignoring Malicious Strangers, such as Malicious-Hackers & Stalkers. ...(e.g. NAS ignoring the latest things written upon this Thread!)
Yesterday/Three days ago:
https://community.autism.org.uk/f/health-and-wellbeing/19008/what-are-some-easy-doable-sustanaible-life-hacks-to-improve-wellbeing-please
copies the reddit Thread:
--- " r/Wellbeing/comments/gffssl/what_are_some_easy_doable_sustanaible_life_hacks/ "
And Then:
https://community.autism.org.uk/f/adults-on-the-autistic-spectrum/19007/question-for-autistic-adults
copies the Reddit Thread:
--- " /r/autism/comments/3xv9vm/question_for_autistic_adults_toileting/ "
...A Moderator ("Karin Mod") responded. (!!) So, If this is a serious long-term Malicious-Hacker (Mr."TenLettersFollowedByANumber") then they must *now* be laughing very hard, even more than before for this past Month/Year... (A Tip to Evil-Hackers: Post more about "Cute Children", for not even the "Moderators" here can resist that, yes?)
...Or - Directly asking NAS, here... Does this mean that it is OK to falsify names and/or to keep copying Questions & Posts from other WebSites...?
...& As I was simply checking this... NEW illogical errors came up for My Own Device, across the WWW and for this Forum. "TenLettersFollowedByANumber Malicious-Hacker" is as skilled as "Dutchman", yet is Automated & still not spotted/ restricted/censored. Because of this, For now, as I say I am going to have to take some time off from this site/forum, for the sake of My Devices...*AGAIN*.& Upon sight of the NAS Forum right now, I do not understand why nothing is done about this and why so few people involved seem to care... ?
I Myself no longer tolerate being "punished" for trying to be 'helpful, or cheering, or Good'. So... Best Wishes and Good Fortune Everyone. I hope You All understand This Post.
-----
Follows is a Picture showing the current FAKE UPVOTES (See the Thread with the same name for more info.) :
The pattern would seem to be: 1- put fake Upvotes (shown by the picture.), 2- post a fake post (see this Thread & others similar to it.),3- the fake post gains a "starter achievement" which then gets *automatically* at least Nine upvotes (both things together.), 4- that fake User gains a High "reputation", and so is not censored by any Downvotes or any "report as abusive" reports, it seems......I write that last part (with the Picture,) for NAS's sake... but You are almost completely on Your own now, NAS, as I am likely about to be Maliciously-Hacked ---*AGAIN!* (Just Me & no-one Else... *Again.*?)
Fare Well for now, Everyone. (Again.)
Thanks, DC for your kind words and 'ebullition'. (I note your vigilance when copybot was causing confusion over a year ago.) I hope you've coped OK with the hot weather. Yes, I agree about the internet being flawed. It sometimes seems as much trouble as it's worth, what with bad designs and 'bad actors' (including trolls and spammers). I guess I find spam a particular irritant, although some people just accept it and others don't even realise it's spam.
I'm afraid I've not had a lot of response from moderators so far about the spam accounts I've found and listed in the reply 3 above, although I've also emailed the list to the community moderator. NAS Moderator Kerri-Mod Ross-Mod @WebPM could we have a response please? It's mostly copybots, with some essay-writing spam. If there's no technical way to stop the copybot spam getting through, could you maybe review how the moderation team deals with it or how we can report it more easily? I've put some time into finding the spam posted over the last month, but just clicking 'report as abusive' doesn't seem to provoke action in terms of removing the copies or spam links. Hope they're all OK. Is moderation more difficult during 'lockdown'?
You can't edit your own posts if they're more than a week old, so I'm continuing the list of accounts to lock and spam to blank here:
found 28/6/20:nas67940 barkietrin7 1 post copied from same forum 19 days earlier, spotted by the person who posted the original thread.nas67942 berlinpose2 0 points - something removed?nas67772 bomishketi4 2 posts, copied from r/NoStupidQuestions and r/Wellbeingnas67771 aryankanse6 1 post, copied from r/autism, 3 spam links addednas67809 1 reply, essay spam, text maybe human-generated
( p.s. Mr, Cassandro, You need not reply now, if at all. I do not stay on very long, because Malicious Hackers can seem to see when I am online here, & so I shall log off soon. I just saw what You said and am very grateful for someone else saying it, as I was uncertain of how to say it.
...Now I am repeating Myself. Thanks Sooooo Very much anyway of course. )
...Very Glad Tidings to Mr. Cassandro, & excuse Me please, for some ebullition...
---YAAAAAAYYY!!! YIPPEE! THANK YOU SO MUCH!
... I had noticed this, I did a search upon the General WWW, and found "crimp8"'s post upon "Reddit" also --- I had little idea as to how to report it all (including "so-and-so-4-5-6-7-8").. You must have noticed that they posted here within an hour after I posted replies elsewhere, yet possibly also after Your good Self posted and I then replied to that...?
What I could not do was directly access "reddit" - My devices are old and I get errors. But You nailed it, Sir, and so Thank You So Very Much!...
In closing... there is the thing which I hope NAS reads, which was stated by a certain User here (name changed now but He knows who He is!)... a while ago. You are doing the Job which NAS should be doing. Sometimes, but not often, I have done it. But it is quite honestly not at all FAIR.
I am grateful for NAS and for those of us who spot such things, but to Me it just builds up more and more reason for how flawed and bad "The Internet (TM)" is in general. Everytime something goes awry, it is corrected, denied, and there is the "no problem it has been fixed now" attitude...
...Sorry for ending upon a bit of a RANT there. But honestly, You have done the task I was really worried about as to how to Post upon here before. (so-and-so-4-5-6-7-8 etc.)
This post may seem confusing, I shall end it now. But the thing is... I have been targeted by Hackers here before, yet I do like this Forum quite a bit, so I try to help, but am not always able. I hope You understand, Sir. Thanks for being here.
(Even just typing certain keywords ( e.g. so-and-so-4-5-6-7-8 's *unique* names ) makes me a target, I know that for sure. I know about programming but just do not do it just now, sorry..)
Thank You Again.
Hello Cassandro/ZZ top , thank you for your thorough analysis on this. I always go and report spam (and the spam accounts) when I see it, using the report spam button, and have been doing this regardless of my commenting activity, but your post is a master-class in feedback:-)
This may not be of much interest except to the NAS ModeratorKerri-Mod Ross-Mod if he is still around and @WebPM. The copying of content for spamming is still happening (maybe after a long break), but the content is now being taken from the autism 'subReddit', and the bots are setting usernames that are all lower case followed by a numeral. They've also started doing occasional replies, using copied text. Maybe it hasn't been that disruptive (DC noticed it on the thread 'Does anyone else get angry learning topics outside your special interests?' and Cloudy Mountains noticed a duplicate 9 months ago (NAS63676); I haven't been around to notice). However, it does mean people are spending time responding to people who will never see the responses, and the existence of spam links may make money for spammers, defraud people and downweight the NAS site with search engines.
Anyway, the sensible thing would seem to be to delete or freeze the bot accounts (their posts can be found from the Questions tab), and remove the spam links at least from any posts. I'll try to list the ones I find in this one comment. Thanks Kerri for dealing with some of them so far.
Noticed 19/6/20.members/nas67363 ashilnayak2 2 posts, 1 reply. (one still unlocked as I write this.) The reply is followed by a black box which contains a link to a '.cam' website. The lack of clickable link confirms that the bot is using the forums for 'blackhat SEO'.members/nas67514 jinelcrimp8 2 postsmembers/nas67828 bormikstel5 1 postA search for '.onl' (the spammy top level domain) doesn't find the posts, but if it did might find more..members/nas67830 yesinkatle6 1 post (again copied from Reddit, keyed to the word 'wellbeing').nas67515 makerbiles6 1 post copied from publichealth reddit.
Noticed 20/6/20Reported at least one spam reply about essay writing, not necessarily Copybot and a few other things. Scanning from 67500 to 67600.nas67541 is a Copybot that hasn't changed name, 1 reply, part copied from r/AskReddit. Links are trying to get SEO for router login and destination page may link to malware?If it were possible to search for '.uno/', '.fun/', '.onl/' (tools, vet and other new gTLDs) or '.link/' you might find many users and links worth deleting.nas67557 is old fashioned copybot (also not changed name) starting a thread based on text from this forum, with three added spam links in middle of text.nas67560 is 'old-fashioned' copybot caught in the act 18 days ago copying from original with same title in autistic adults forum. Locked post at the timenas67563 tarancepil7 1 post copied from r/AskDocs, no replies, please delete.nas67564 cristomike2 1 post copied from r/disability, several replies, link removed by moderator
Noticed/found 21/6/20nothing suspicious overnight, checking up to 67725.nas67506 2 successive replies to same topic 22 days ago, first something from r/Mommit, then part of the head post with the same 'routerlogin' links as above (from someone remarking on the links, they appear to have been included when the reply was made, ie the bot did not return to edit them in). Reported via button.nas67693 melkumew looks like a single-issue spammer for wifi-amplifiers (no other messages, similar things on other forums).NAS 67722 seems human may have just posted similar messages here and on a couple of Reddit forums later.
Noticed 23/6/20nas67879 essay-writing spam, probably a blackhat SEO bot looking for the word 'essay'.nas63604 3 replies about 9 months old, essay-writing, casino and general spam, possibly blackhat SEO human.nas67458 general spam (tutoring)nas67451 one post (but oddly Questions result confuses with nas67452), copying this thread to same forumnas67452 one post copying this thread to same forumnas67425 one post copied from r/autismnas67426 reply to the above, copying head post again, adding 'had the same issue !! lol' and three spam links; also copied this thread to new post in same forum, which was replied to yet another bot (ashilnayak2); also copied thread from r/AspiePartners to new post also in Health & Wellbeing, appending 'my issue has been solved!!' and three spam linksnas67434 one post copying this thread, adding an extra '?' to the title.and a 'cam' spam link in the middle of the text.nas67435 one post copying this thread to same forum (note by the way text loses formatting), adding an extra '?' to the title. No apparent links as yet.nas67399 named 'kreinafine2', copied thread from r/AskDocs, added 'my issue has been solved!!' and three spam linksnas67404 one reply copied from r/socialskills (first I've seen quite like this), with Reddit title added in bold. Itself a response to a spam post.nas67400 named 'aksargige4', one thread copied from r/Autistic again with 'my issue has been solved!!' and two spam links; relevant reply copied from 'r/Militaryfaq' to nas67425 (see above)Found 24/6/20nas67895 1 reply, essay spamnas67902 1 reply warez (in French)Found 25/6/20nas67919 1 reply with warez/malware French link, generic text, in reply to existing unlocked spam threadnas67910 named 'pedrocevil4' 1 post copied from r/Wellbeing with three spam links at bottomnas67909 named 'oelimtrila7' 1 post copied from genuine thread in same forum, with three spam links at bottom, attracted three genuine answers.nas67726 one reply 10 days ago, deleted by moderator, so dealt with. Plastic replied 'always the same pattern'
Thanks for the update. The moderators will respond. We'll also continue to look at options to reduce or prevent this.
I really had come to think we'd beaten it after over two weeks of apparent inactivity, but it's still out there and whatever automated defences there are still aren't enough. Today
Maybe I should check every new thread for the past month. Or maybe not.
Starting a new post here. As well as some unrelated non-bot 'research-spam' last night (I emailed the researchers quoting rules 5 and 8; apology here) which stopped us seeing which were most recent threads and posts within threads, today sees the return of Copybot:
Hi Tom & DC & mods. My verdicts:
@WebPM, please note there is a related thread: 'Unable to edit'. The 30-minute rule does seem to cause difficulties, and has had no effect on the rate of spam posting. Half the people here seem to be posting perfectionists. (edit: time limit has been increased.)
@DC, 'Report as abusive' does not mean insulting to users. It means abusing the forum service, the intended use of which is allowing autistic people and families and friends to communicate. Other than search engine bots (also known as crawlers or spiders, which just read content), bot activity potentially disrupts that purpose and is abuse. It's the same sense as in which spam is abuse of the medium of email. As WebPM says, bots don't need to break rules to be 'abusive' – they follow their programming, not agree to rules. Incidentally, I did see 'Flag as spam/abuse' once and once only I think for this function. Maybe I very briefly had moderator privileges (which I don't want, but I recall California said he was interested).
And before anyone asks, yes, I also saw some server errors about 0730 this morning, of the 'error authenticating your request' type.
[Edit, minor additions, 20 July. I saw one obvious copybot in the list, flagged by another regular and deleted before I could check. Otherwise quiet in terms of what's been public, I think. The thread(s) by NAS38067 and NAS37128 (which may have been a copy of this but keeping the same title) is still unlocked, although the spammer may not currently be able to edit the main post because of the edit time limit.]
[Minor edits, 23 July. The last four days seem to have been quiet; either Copybot is not posting as often, or the moderation is working much more quickly. The remaining post by NAS37128 still worried me that it might encourage the bot, so I added a request to moderate there, although something about that thread means that it's not appearing in the list of messages.]
[24 July. We've not quite neutralised Copybot. There was a 'need help?' posting this morning maybe 7am by NAS38384, copying this real thread. One person replied, I commented and reported it, and it now shows 'Content Under Review // This content is currently pending review by moderators and is not available. Please try again later.' so presumably enough people reported it for it to go to the abuse queue. (I think WebPM may have reduced the number of reports necessary for this to happen.) At least one of the old spam threads (introduce-yourself/11974/hi-guy-im-new) is also still 'under review'.]
And 'Advise please'.
'need help?', posted 4 hours ago, looks ominous, too.
( Greets, Mr.Webster...
Slightly off-Topic, and perhaps overly-pedantic, but... is there any way to change the Name of the Button "Report as abusive"... to something ike "Report as against NAS Rules" or something... since there are a LOT of Rules, and even the awful CopyBot is not exactly "abusive"...
...Just wondering... I'll go'way, now... mumble, mutter... (!) )
...Please have a nice day, though!
There is a Thread by NAS38067 called "Help Me", which seems to copy a 3 Month old Thread by "Veroedge" called "How do I tell my son he has Asperger's?"... But the COPY Thread is almost a Month Old, now...?
Thanks. I followed your lead and reported NAS38345 too. (edit, add) Yes, if certain patterns of title could reduce the need for abuse reports, it would have helped.
I am NotABot. I am Cassandro in disguise just confirming that the username chosen on registration is not used by the forum software. Maybe Single Sign-On can do that so people don't need to enter their chosen nickname twice, but for policy reasons it is a requirement. There is a message encouraging new users to fill out their profile. If we remember to remind new users of this, it may encourage trust.
This morning's two copies (18 Jul) were by NAS38354 (numbers really can be confusing), posted around 0754 and 0748. One, titled 'So i need help' (copy of this) has already disappeared; the other is an innocuous 'Hi there' copying this. It now looks probable that Copybot chooses some threads to copy based on already including a word like 'hello' or 'help'. Also seems that 9am is a good time to check, although one or two, like NAS38345 around 3pm which you mention, mean looking at the end of the working day is also worthwhile. (One other thought is that if the forum software's spam protection doesn't look like it's going to cope in the foreseeable future, could try moving the whole subdomain to an external proxy like Cloudflare that may use anti-spam systems, although with no guarantee it would stop the spam.)
Have a bot-free day, all.
We’ve just had another one, by NAS38345. I’ve reported it and added a comment to warn others.
It’s a shame we can’t immediately moderate posts that are titled ‘need help ?’ as it appears to be a favourite of copybot!
Thanks for the update. You can imagine that we are as frustrated by this as are you. As you have recognised, the point of the way that the "copybots" are doing things is to make them hard to detect by the usual counter-measures, and as I have mentioned we aren't by any means the only forum experiencing this.
The positive thing here, I think, is that the attentiveness of our users is helping to make the spammers' efforts a waste of time, although that is in turn taking your time to achieve it.
We'll keep working on appropriate counter-measures.
Cassandro said:I admit the copybots got me confused myself yesterday and I overzealously reported a new NASxxxx user (now called 1986)
My bad :o I was a little hasty in trying to use the forum, hadn't realised it had posted until I'd written out my new post :)