DEV Community

Spam on dev.to?

GOSHROW on October 04, 2020

I have seen a dozen of blatant spam on dev.to since today morning from atleast 3 different accounts, which I have subsequently reported. Please r...
Collapse
 
graciegregory profile image
Gracie Gregory (she/her)

Hello everyone! On behalf of the DEV team, thank you for your help in surfacing and reporting these accounts.

Our team is both proactively seeking these accounts out and responding to complaints around the clock. We are also talking through a more permanent fix but in the meantime, we are banishing users and their posts/comments from the site as we find them.

Thanks again for your help in making DEV a positive, helpful, and spam-free environment for all!

Collapse
 
crimsonmed profile image
Médéric Burlet

@graciegregory Here is a suggestion of spam rules.

Spam Filter Rules Examples:

  • Limit the number of posts that can be posted after registration
  • Simple title analysis (removing numbers) will reveal the similarity percentage to be high (60%+)
  • Auto ban or disable posting when more than 5 articles are published in less than an hour
  • Check age of account vs post rate
  • Add re-captcha to the publishing action

source: dev.to/crimsonmed/updating-dev-spa...

Collapse
 
crimsonmed profile image
Médéric Burlet

I know dev team is working hard on this but this is really getting out of hand now:

dev-to-uploads.s3.amazonaws.com/i/...

feed

Collapse
 
goshrow profile image
GOSHROW

That's great to hear.

Collapse
 
190245 profile image
Dave

Also seeing the spam, though assuming your feed looks the same as mine, I'm not sure how you could possibly doxx anyone appropriately. It's not like the spammer is posting their own details (I mean, I could be wrong, but it's not the usual MO).

More likely, by repeating the info they're spamming, you'd be helping the spammer.

Re tighter posting controls - count me in. There's a number of ways to do it, and we're a community of developers / designers / architects. Probably the best I've seen was LifeHacker US before the site was sold to Gawker Media. Initially your account was "untrusted" and your posts hidden unless others wanted to look at hidden posts. Over time, as people replied to your comments or "gave love" or "upvoted" your posts etc, you gained "reputation." Eventually you have enough rep that your posts are visible by default. No-one could see their own rep, and rep could be negatively impacted too (confirmed spam reports etc).

Collapse
 
goshrow profile image
GOSHROW

I would leave the internal logic to the people at dev.to and the OSS contributors they have. Irrespective of that, you're idea seems a bit stringent since a lot of beginners post to dev.to. If I were to suggest, a round of recaptcha is perfectly reasonable at the least.

Collapse
 
190245 profile image
Dave

The logic is of course, up to the platform maintainers to determine, I was just throwing out an example for preventing comment spam that I'd seen work well (LifeHacker US posts, back then, could only be published by LifeHacker employees). There was a simple button for anyone who cared to view new user comments.

But yes, that system wouldn't work well for new users trying to post content, rather than comments.

Re doxx'ing - again, the contact numbers you're seeing are the ones the spammer wants you to see. Chasing those is like chasing faked emails, where the email has been sent from a server that allows open relaying. Regardless, my personal opinion is that doxx'ing should never be done. There's better ways to handle the situation, whatever the situation is (not just limited to spamming).

Thread Thread
 
goshrow profile image
GOSHROW

Thanks. I wasn't aware of that. I hope the devs look at your suggestions as well.

Collapse
 
goshrow profile image
GOSHROW

As for the doxxing, I assume that the spam posts are being flooded on everyone's feed since the posts don't have any tags. And I'd safely assume they are fake accounts. Yet I am unsure if that will be the right thing to do. Also, a lot of these posts have contact numbers. To start off, the enforcers can look at them.

Collapse
 
alvaromontoro profile image
Alvaro Montoro

This type of logic prevented me from posting in many reddit groups, to the point that I gave up on them. In my opinion, it provides a better user experience for older accounts at the cost of a not-too-nice user experience for new people.

Collapse
 
karandpr profile image
Karan Gandhi

I have reported 10 accounts today.
I am not sure how current spam filter works but the spam script is posting same post over and over again.
I think the devs can create a logic which restricts users from posting same content under an hour.

Collapse
 
goshrow profile image
GOSHROW

Yes. This should have been a basic feature. Also I cannot find anything relevant on their github where I may raise an issue for their collaborators.

Collapse
 
karandpr profile image
Karan Gandhi

In a very hilarious situation ,the spam bots have now invaded their github issues.
github.com/forem/forem/issues
Someone is trolling @ben :D .

Collapse
 
neeldev96 profile image
Neel

I have reported a few to dev's twitter handle on Thursday and it was taken down. But it looks like this is an ongoing problem.

Collapse
 
khmarbaise profile image
Karl Heinz Marbaise

I have reported in the meantime about 20 via reporting feature ... having issues to report a number of them based on a limit (to prevent flooding ;-)) ... I got message by filling out the spam form:

Make sure the forms are filled 🤖

Things like that...
Searching for "customer care" already identifies a lot of them....

Collapse
 
khmarbaise profile image
Karl Heinz Marbaise

So searching via

https://dev.to/search?q=customer%20care

will identify a lot of them... it seemed to be working very well and very easy....

Thread Thread
 
khmarbaise profile image
Karl Heinz Marbaise

So the following works even better:

https://dev.to/search?q=customer%20care%20number&filters=class_name:Article
Thread Thread
 
goshrow profile image
GOSHROW

That's a great job on your part. I will append it to the main article as it may help in properly reporting this spam issues. Thanks for digging into it.

Collapse
 
chilarai profile image
Chilarai

Exactly. This is what I am facing too

Collapse
 
goshrow profile image
GOSHROW

And the number seems to grow. I am seeing new names everytime, I refresh my feed.

Collapse
 
neeldev96 profile image
Neel

Yeah. Sad that all the spam users I have seen so far are from India. This is adversely affecting the reputation of our dev community 😔

I'm reporting a few spam I get in my feed. Looks like that's all we can do for now

Collapse
 
_hs_ profile image
HS

It's so exhausting to click through that "I'm not a robot" images that I gave up. I can't even report under 20 minutes I got like 10 steps. Just horrible captcha lately

Collapse
 
frikishaan profile image
Ishaan Sheikh

I am also seeing the spam since morning, I have reported 2 of them, but there are plenty of them.

Collapse
 
goshrow profile image
GOSHROW

Exactly. And the thing is that I had to clear more rounds of recaptcha on reporting them than they took to post.

Furthermore, the Indian seeming names pose a negative potrayal for the majority of us. I hope dev looks into it ASAP.

Collapse
 
michaelphipps profile image
Phippsy

The recaptcha thing to report spam is horrible. I have failed enough times that it deters me from reporting legitimate spam.

Collapse
 
paras594 profile image
Paras 🧙‍♂️

True :(

Collapse
 
learnbyexample profile image
Sundeep

I had reported 4 times during the past week. I feel these are bots, so it will be an uphill battle if some changes aren't made, at least temporarily.

Something like all posts from a new account up to a certain period has to go through manual approval. This will put a huge burden on moderators, so may be we users can help in deciding whether a new post is spam or not by some voting mechanism? These posts will not be visible until approved.

Collapse
 
goshrow profile image
GOSHROW

That's a great suggestion. I wish this were directly visible to the devs at dev.to.

Collapse
 
crimsonmed profile image
Médéric Burlet
Collapse
 
dendihandian profile image
Dendi Handian • Edited

I have to pick between block or report, can DEV do both with single action?

Collapse
 
goshrow profile image
GOSHROW • Edited

Even blocking does not stop them from appearing on feed. It just stops dm s.

Collapse
 
aboutdavid profile image
David

I think dev.to need to add a spam filter. The "customer care" accounts were created today/yesterday. So, they could add a cool down/recaptcha filter for newer accounts.

Collapse
 
goshrow profile image
GOSHROW

That's a great suggestion. Karl has also provided a suitable url to target these posts.

Collapse
 
thewdhanat profile image
Thew

Now they get to the top of my feed.
My feed

Collapse
 
fida1989 profile image
Fida Muntaseer

Yes...I already reported several of them...

Collapse
 
goshrow profile image
GOSHROW

Great. Guess that's what we can do for now. I didn't find anything relevant at their GH handle as well.

Collapse
 
kvharish profile image
K.V.Harish • Edited

I am also seeing many spam for the past few days. I have to reported every one of them.

Collapse
 
nieuwepixels profile image
Nieuwe Pixels

So, let's do a fair flag option. A treshold level 1 to mark items spam. Level 2 treshold (items marked spam) will be fully hidden from the feed after hitting that treshold.

Collapse
 
shadowtime2000 profile image
shadowtime2000

All the ones I found have the same number.

Collapse
 
riversiderocks profile image
RiversideRocks

Very strange, you would think that they would send out malware/phishing links, but no, just gibberish.

Some men just want to watch the world burn.

Collapse
 
rocknrenew profile image
Jonny Dubowsky

I've just reported the same posts. Hopefully we can nip this in the bud.

Collapse
 
goshrow profile image
GOSHROW

Sure. Hope so.

Collapse
 
rocknrenew profile image
Jonny Dubowsky

It's turning into a full on attack. The top 24 posts in my feed!

Collapse
 
shikharpriyadarshivstau4 profile image
shikhar-priyadarshi-vst-au4

Yes please, I don't want dev.to to be spammed just because of dickless folks.

 
goshrow profile image
GOSHROW • Edited

Sabotaging UX ? That seems pretty evil for anyone to be doing. Even I haven't engaged much on dev today.

Collapse
 
darkdebo profile image
Debojyoti Chakraborty

Now I am getting this nonsense spam posts from 2 accounts.

Collapse
 
goshrow profile image
GOSHROW

I don't get the business idea behind this. Hardly anyone will click on this spam link as is. On the other hand, it drives away user engagement at dev.to and the other targeted sites.

Collapse
 
mellen profile image
Matt Ellen-Tsivintzeli

The team behind Smoke Detector on Stack Exchange might be able to offer advice/help.