WebSite getting fake users that spam their sites/products, any clever idea to deal with them?

Question

Hi guys,

We have this website, something like a CMS with some extra stuff, it isn't relevant.

So people can register and write some stuff on their profile which is automatically published on the site. About 3 days ago, we start getting fake users whose profiles was just links to marketing sites or sites trying to sell you something. They are no bots, that for sure, they are humans registering users. I think some sort of "evil SEO company" is behind this.

So the only solution we thought of is not to publish automatically their profile until the admin approves it. But doing this everytime one person changes their profile doesn't sound very nice for the real users. So we thought just doing it the first time a user creates a profile. But that would only make them to work harder by creating a profile which seems "spam clear", getting it approved and then edit it to add the spam links.

I don't know if there's a real solution to this, I'm just asking this question to see how you would lead with this kind of people.

Thanks to all! Cheers

EDIT We already have a captcha control and email validation thing. I think they are humans. If they are bots, well, good job to those people, they have made a great bot =S

Answer 1

Take a look at re-captcha. With this you won't even need to build your own system...just integrate with there system!

Answer 2

Use this:

http://recaptcha.net/

I wouldn't be so sure they're not bots just yet. Bots have begun creating more human-like profiles by lifting content off of other profiles and appending in a few of their own phrases like "go to my site" which makes it really difficult to tell. I'm skeptical that they aren't bots and if you don't have a captcha in place, you should before assuming that isn't the issue.

EDIT

Alright since you're already using captcha I'd recommend a flagging system. Some computation based on factors like how many users view their profile, how many of those users flag it as spam and weighted by how long those users have been around.

Answer 3

At some level you will have to use admin-intervention. My preference would be to allow anyone to create a profile, then let the admin retroactively block the user. When that becomes too difficult (if your site becomes popular) then start leveraging community support. Let people report profiles.

Answer 4

If these are humans, it will be pretty hard to fight. Try to find a pattern in what these users are doing and then when this pattern appears, run the user through a moderation process.

Maybe the emails look the same? Maybe they link toward the same websites (same extension etc)? Maybe they come from the same country? Same IP address?

Also use tricks such as email validation and so on. It's not too annoying for regular users, but it can be for people creating a lot of accounts.

It is also possible that these are not humans. Try putting some simple semantic captcha and see if you get less spam.

Answer 5

There are a few different options for combating link spam in user submissions, including:

• Support administrator blocking of accounts and profiles
• Restrict external link domains to those on a whitelist
  • Reject those on a blacklist
  • Some sort of manual approval for "unseen" domains
• Throttle user creation/profile modification from the same IP to a sensible number per day
• Implement a captcha

You'll likely want to adopt some combination of these. With regards to making decisions based on IP addresses, remember that a lot of users on various ISPs will be rotated amongst proxies, etc. between requests (AOL, for example), and be aware of the problems of blocking or throttling single IP addresses which could conceal a large number of legitimate users.

Answer 6

At least one Wiki system (MoinMoin) keeps an online list of known spam phrases: http://moinmo.in/BadContent

You could use that to determine whether to mark a new profile for admin approval, or to let it through automatically. It wouldn't catch everything, but it would catch some spammers while being unlikely to affect any legitimate users.

Answer 7

You could add a community controlled content moderation system. Something similar to what is implemented on StackOverflow where the longer and more frequently a user participates the more power and trust they have. Then when a stupid user or a smart bot signs up on your site with inappropriate data they can get flagged or banned.