There's been a rash of automated spambots targeting SMF based forums.  While post spam has been a battle since Web 2.0 apps like user forums started to take flight, the use of bots and AI has ramped up in recent years, targeting almost all forum programs common to websites.  Adopting a new piece of forum software isn't the solution; virtually all forum software is susceptible to automation like this.

This week, several of us were fooled when an inflammatory post from Reddit written in April was plagiarized and posted on our forums.  We confirmed it was a spambot on the moderation side after seeing the same IP address making fake accounts over the last several months.

Bot-made posts use a variety of tricks to insert advertising into forums against the policies of the owners.  Lately, some threads have been lifted from places like Reddit, Discus messages on other websites, and even our own forums at Titan Network and reposted to make it seem like a legitimate message.  Then when no one is looking days or months later, they change the content of a signature to insert links to their website.

Some signs that a post may be botspam and not a genuine post:
  • The user's post count is extremely low.  While this doesn't apply on all users (there are some new Titan users out there, of course), most spam bots hope to post 'below the radar' for 5-10 replies before injecting messages with links.
  • The posts, replies, or topics are non-contributive.  Responses like "Thank you for your perspective" or "You have a point, I agree!" appear regardless of the forum context (such as builds or free game codes... there's not really an argument going in in those places.)
  • The title of the post is cut off.  If a post is written, a user will see there's a character limit in the title and revise it accordingly.  A bot will truncate to the word or letter, even if it doesn't make sense, and post anyways.
  • The post is plagiarized from somewhere else.  When a post comes out of the blue from a new user and you search some of the text, it'll come from another website related to City of Heroes.  And the discussion could be weeks, months, or even years ago.
  • The user name is a actual name followed by a number.  This is helpful in automating a bot registration because a randomized name can be variable-driven, yet innocuous enough that it's a plausible user name (like AOL trial passwords with a dictionary word or two followed by a number like in the 1990s.)
  • After posting a new thread, no replies are made again.

If you see this behavior, don't get swept up or reply.  You can help by pressing "Report Post" and telling us it's potential spam when you see it.  We'll investigate it and take care of the matter from there.

Thanks for reading, and I'll see you around on Titan Network.
