![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
sock-puppets R us
I've been seeing more spam on my LJ entries than usual in recent weeks, but most of it is posted anonymously and gets auto-screened, so nobody else sees it. Two days ago I started getting the following message from LJ accounts that were presumably created just to post these comments (on, I assume, as many journals as possible as quickly as possible):
"Hey This is hard for me because I have never done anything like this.. but I have a huge crush on you. I have never been able to tell you for reasons which you would quickly identify as obvious if you knew who this was. I'm really attracted to you and I think you would be wanting to get with *Read FULL Card Here* [URL removed]"
These ones, coming from logged-in accounts, do show up (about 15 so far). I really don't want to have to start screening comments from people not on my subscription list; I prefer to be more open. (I didn't like having to screen the anonymous ones, but the spammers left me no choice.) I've been marking these as spam when I delete them, which blocks that particular LJ account from commenting on my journal again, but it would appear that creating bogus accounts is easy enough that the spammers don't care. This probably means that more-challenging captchas are in our future. (I struggle with them already.)
The pattern of attack is different, by the way. The anonymous spammers tend to latch onto the same three or four old posts to hit; this current wave is hitting random posts with, so far, no duplicates.
In semi-related news, I've seen no update on the journal-import problem over at Dreamwidth (entries come across fine, but comments don't). I've started to read regularly there in addition to here, so if you're there too and I haven't found you yet, please get in touch.
Update: I discovered that I can do something less severe than screening comments from non-friends: I can make them answer a captcha. Sorry, legitimate non-friends, but I'm going to see if this deters the bots.
Update #2: The captcha doesn't seem to be slowing them down, so either the spammers are humans, the spam-bots are good at captchas, or... the setting isn't working. Could somebody do me a favor? I'd like somebody who is not on my friends list to post a comment (while signed in, not anonymous) here and tell me if you got a captcha. Thanks!
"Hey This is hard for me because I have never done anything like this.. but I have a huge crush on you. I have never been able to tell you for reasons which you would quickly identify as obvious if you knew who this was. I'm really attracted to you and I think you would be wanting to get with *Read FULL Card Here* [URL removed]"
These ones, coming from logged-in accounts, do show up (about 15 so far). I really don't want to have to start screening comments from people not on my subscription list; I prefer to be more open. (I didn't like having to screen the anonymous ones, but the spammers left me no choice.) I've been marking these as spam when I delete them, which blocks that particular LJ account from commenting on my journal again, but it would appear that creating bogus accounts is easy enough that the spammers don't care. This probably means that more-challenging captchas are in our future. (I struggle with them already.)
The pattern of attack is different, by the way. The anonymous spammers tend to latch onto the same three or four old posts to hit; this current wave is hitting random posts with, so far, no duplicates.
In semi-related news, I've seen no update on the journal-import problem over at Dreamwidth (entries come across fine, but comments don't). I've started to read regularly there in addition to here, so if you're there too and I haven't found you yet, please get in touch.
Update: I discovered that I can do something less severe than screening comments from non-friends: I can make them answer a captcha. Sorry, legitimate non-friends, but I'm going to see if this deters the bots.
Update #2: The captcha doesn't seem to be slowing them down, so either the spammers are humans, the spam-bots are good at captchas, or... the setting isn't working. Could somebody do me a favor? I'd like somebody who is not on my friends list to post a comment (while signed in, not anonymous) here and tell me if you got a captcha. Thanks!
no subject
no subject
no subject
I have no idea how anybody found it -- possibly spidering interests or community memberships. It has no friends.
Since then, a few days ago, I've been getting various spams for the first time on my regular LJ. This is remarkable, because I've basically never before gotten any before.
no subject
(no subject)
(no subject)
(no subject)
no subject
no subject
I'd kind of like a way to lock all comments on an entry after some time, since my experience is that spammers (but not legitimate commenters) seem to hit random old entries.
(no subject)
Test
Edit: But I didn't.
I don't think it matters though. If the spammers can solve the captcha to create an account, they can probably solve the captcha to leave a comment.
Re: Test
Re: Test
Re: Test
Re: Test
(no subject)
no subject
I first got that "massive crush" comment this morning, on a public post from several months ago. I didn't check whether it was actually visible before deleting it. If I get it again, I'll check.
(no subject)
(no subject)
(no subject)
no subject
no subject
no subject