loading...

Spam on dev.to?

goshrow profile image GOSHROW ・1 min read

I have seen a dozen of blatant spam on dev.to since today morning from atleast 3 different accounts, which I have subsequently reported.

Please refrain from harming this great community. As for others who have witnessed similar things on your feed, please report them as well.

It will also be great if dev.to imposes a stricter spam avoidance mechanism on posting to feed, since shitoberfest is already a real thing now. 😔



PS. I have screen recorded my feed if needed later on, but would prefer not to doxx anyone or violate anyone's privacy.

Thanks to Karl Heinz Marbaise, https://dev.to/search?q=customer%20care%20number&filters=class_name:Article filters out these reports for ease of removal.

Discussion

pic
Editor guide
Collapse
graciegregory profile image
Gracie Gregory (she/her)

Hello everyone! On behalf of the DEV team, thank you for your help in surfacing and reporting these accounts.

Our team is both proactively seeking these accounts out and responding to complaints around the clock. We are also talking through a more permanent fix but in the meantime, we are banishing users and their posts/comments from the site as we find them.

Thanks again for your help in making DEV a positive, helpful, and spam-free environment for all!

Collapse
crimsonmed profile image
Médéric Burlet

@graciegregory Here is a suggestion of spam rules.

Spam Filter Rules Examples:

  • Limit the number of posts that can be posted after registration
  • Simple title analysis (removing numbers) will reveal the similarity percentage to be high (60%+)
  • Auto ban or disable posting when more than 5 articles are published in less than an hour
  • Check age of account vs post rate
  • Add re-captcha to the publishing action

source: dev.to/crimsonmed/updating-dev-spa...

Collapse
crimsonmed profile image
Médéric Burlet

I know dev team is working hard on this but this is really getting out of hand now:

dev-to-uploads.s3.amazonaws.com/i/...

feed

Collapse
goshrow profile image
GOSHROW Author

That's great to hear.

Collapse
190245 profile image
Dave

Also seeing the spam, though assuming your feed looks the same as mine, I'm not sure how you could possibly doxx anyone appropriately. It's not like the spammer is posting their own details (I mean, I could be wrong, but it's not the usual MO).

More likely, by repeating the info they're spamming, you'd be helping the spammer.

Re tighter posting controls - count me in. There's a number of ways to do it, and we're a community of developers / designers / architects. Probably the best I've seen was LifeHacker US before the site was sold to Gawker Media. Initially your account was "untrusted" and your posts hidden unless others wanted to look at hidden posts. Over time, as people replied to your comments or "gave love" or "upvoted" your posts etc, you gained "reputation." Eventually you have enough rep that your posts are visible by default. No-one could see their own rep, and rep could be negatively impacted too (confirmed spam reports etc).

Collapse
goshrow profile image
GOSHROW Author

I would leave the internal logic to the people at dev.to and the OSS contributors they have. Irrespective of that, you're idea seems a bit stringent since a lot of beginners post to dev.to. If I were to suggest, a round of recaptcha is perfectly reasonable at the least.

Collapse
190245 profile image
Dave

The logic is of course, up to the platform maintainers to determine, I was just throwing out an example for preventing comment spam that I'd seen work well (LifeHacker US posts, back then, could only be published by LifeHacker employees). There was a simple button for anyone who cared to view new user comments.

But yes, that system wouldn't work well for new users trying to post content, rather than comments.

Re doxx'ing - again, the contact numbers you're seeing are the ones the spammer wants you to see. Chasing those is like chasing faked emails, where the email has been sent from a server that allows open relaying. Regardless, my personal opinion is that doxx'ing should never be done. There's better ways to handle the situation, whatever the situation is (not just limited to spamming).

Thread Thread
goshrow profile image
GOSHROW Author

Thanks. I wasn't aware of that. I hope the devs look at your suggestions as well.

Collapse
alvaromontoro profile image
Alvaro Montoro

This type of logic prevented me from posting in many reddit groups, to the point that I gave up on them. In my opinion, it provides a better user experience for older accounts at the cost of a not-too-nice user experience for new people.

Collapse
goshrow profile image
GOSHROW Author

As for the doxxing, I assume that the spam posts are being flooded on everyone's feed since the posts don't have any tags. And I'd safely assume they are fake accounts. Yet I am unsure if that will be the right thing to do. Also, a lot of these posts have contact numbers. To start off, the enforcers can look at them.

Collapse
neel1996 profile image
Neel

I have reported a few to dev's twitter handle on Thursday and it was taken down. But it looks like this is an ongoing problem.

Collapse
khmarbaise profile image
Karl Heinz Marbaise

I have reported in the meantime about 20 via reporting feature ... having issues to report a number of them based on a limit (to prevent flooding ;-)) ... I got message by filling out the spam form:

Make sure the forms are filled 🤖

Things like that...
Searching for "customer care" already identifies a lot of them....

Collapse
khmarbaise profile image
Karl Heinz Marbaise

So searching via

https://dev.to/search?q=customer%20care

will identify a lot of them... it seemed to be working very well and very easy....

Thread Thread
khmarbaise profile image
Karl Heinz Marbaise

So the following works even better:

https://dev.to/search?q=customer%20care%20number&filters=class_name:Article
Thread Thread
goshrow profile image
GOSHROW Author

That's a great job on your part. I will append it to the main article as it may help in properly reporting this spam issues. Thanks for digging into it.

Collapse
chilarai profile image
Chilarai

Exactly. This is what I am facing too

Collapse
goshrow profile image
GOSHROW Author

And the number seems to grow. I am seeing new names everytime, I refresh my feed.

Collapse
neel1996 profile image
Neel

Yeah. Sad that all the spam users I have seen so far are from India. This is adversely affecting the reputation of our dev community 😔

I'm reporting a few spam I get in my feed. Looks like that's all we can do for now

Collapse
karandpr profile image
Karan Gandhi

I have reported 10 accounts today.
I am not sure how current spam filter works but the spam script is posting same post over and over again.
I think the devs can create a logic which restricts users from posting same content under an hour.

Collapse
goshrow profile image
GOSHROW Author

Yes. This should have been a basic feature. Also I cannot find anything relevant on their github where I may raise an issue for their collaborators.

Collapse
karandpr profile image
Karan Gandhi

In a very hilarious situation ,the spam bots have now invaded their github issues.
github.com/forem/forem/issues
Someone is trolling @ben :D .

Collapse
greenroommate profile image
Haris Secic

It's so exhausting to click through that "I'm not a robot" images that I gave up. I can't even report under 20 minutes I got like 10 steps. Just horrible captcha lately

Collapse
idarek profile image
Dariusz Więckiewicz

Sadly everyware there is a place for spam and somebody find it on DEV.to like recently somebody found that can publish on Hugo Announcement blog without restrictions trigger free email notification campaign.

Collapse
goshrow profile image
GOSHROW Author

I don't get the business idea behind this. Hardly anyone will click on this spam link as is. On the other hand, it drives away user engagement at dev.to and the other targeted sites.

Collapse
idarek profile image
Dariusz Więckiewicz

And that’s their idea I think. Looking on my today’s wall where 40 posts contain 60% spam I passed and closed app.

Thread Thread
goshrow profile image
GOSHROW Author

Sabotaging UX ? That seems pretty evil for anyone to be doing. Even I haven't engaged much on dev today.

Collapse
crimsonmed profile image
Collapse
learnbyexample profile image
Sundeep

I had reported 4 times during the past week. I feel these are bots, so it will be an uphill battle if some changes aren't made, at least temporarily.

Something like all posts from a new account up to a certain period has to go through manual approval. This will put a huge burden on moderators, so may be we users can help in deciding whether a new post is spam or not by some voting mechanism? These posts will not be visible until approved.

Collapse
goshrow profile image
GOSHROW Author

That's a great suggestion. I wish this were directly visible to the devs at dev.to.

Collapse
sheikh_ishaan profile image
Ishaan

I am also seeing the spam since morning, I have reported 2 of them, but there are plenty of them.

Collapse
goshrow profile image
GOSHROW Author

Exactly. And the thing is that I had to clear more rounds of recaptcha on reporting them than they took to post.

Furthermore, the Indian seeming names pose a negative potrayal for the majority of us. I hope dev looks into it ASAP.

Collapse
michaelphipps profile image
Phippsy

The recaptcha thing to report spam is horrible. I have failed enough times that it deters me from reporting legitimate spam.

Collapse
paras594 profile image
Paras

True :(

Collapse
fida1989 profile image
Fida Muntaseer

Yes...I already reported several of them...

Collapse
goshrow profile image
GOSHROW Author

Great. Guess that's what we can do for now. I didn't find anything relevant at their GH handle as well.

Collapse
thewdhanat profile image
Thew Dhanat

Now they get to the top of my feed.
My feed

Collapse
dendihandian profile image
Dendi Handian

I have to pick between block or report, can DEV do both with single action?

Collapse
goshrow profile image
GOSHROW Author

Even blocking does not stop them from appearing on feed. It just stops dm s.

Collapse
aboutdavid profile image
David

I think dev.to need to add a spam filter. The "customer care" accounts were created today/yesterday. So, they could add a cool down/recaptcha filter for newer accounts.

Collapse
goshrow profile image
GOSHROW Author

That's a great suggestion. Karl has also provided a suitable url to target these posts.

Collapse
shikharpriyadarshivstau4 profile image
shikhar-priyadarshi-vst-au4

Yes please, I don't want dev.to to be spammed just because of dickless folks.

Collapse
kvharish profile image
K.V.Harish

I am also seeing many spam for the past few days. I have to reported every one of them.

Collapse
rocknrenew profile image
Jonny Dubowsky

I've just reported the same posts. Hopefully we can nip this in the bud.

Collapse
goshrow profile image
GOSHROW Author

Sure. Hope so.

Collapse
rocknrenew profile image
Jonny Dubowsky

It's turning into a full on attack. The top 24 posts in my feed!

Collapse
nieuwepixels profile image
Nieuwe Pixels

So, let's do a fair flag option. A treshold level 1 to mark items spam. Level 2 treshold (items marked spam) will be fully hidden from the feed after hitting that treshold.

Collapse
shadowtime2000 profile image
shadowtime2000

All the ones I found have the same number.

Collapse
riversiderocks profile image
RiversideRocks

Very strange, you would think that they would send out malware/phishing links, but no, just gibberish.

Some men just want to watch the world burn.

Collapse
darkdebo profile image
Debojyoti Chakraborty

Now I am getting this nonsense spam posts from 2 accounts.

Collapse
mellen profile image
Matt Ellen

The team behind Smoke Detector on Stack Exchange might be able to offer advice/help.