Who are these spammers?

post by Mitchell_Porter · 2011-01-20T09:18:10.037Z · LW · GW · Legacy · 29 comments

Contents

29 comments

The proposal for a minimum karma of 5 to post in discussion might solve the current spam problem. Or it might just slow the spammers down. But all this spam is coming from just one source, because it all advertises the same thing - "Pandora charm bracelets". In principle, therefore, one might seek a more permanent solution. Doing that, and perhaps even just talking about it, has a danger of its own - what if the spammers call on their friends and colleagues? What if they're egosurfing - checking on the image of their "brand" - and run across the discussion? Maybe the wise course of action for an intellectual community trying to have serious discussions, undisturbed, is to do the minimum thing necessary to block the source of noise, but not to provoke it.

Nonetheless, knowledge is supposed to be power, and it must be possible to discover something of who these spammers are, where they are physically located, what their methods are, what their history is, and what recourse the victims of their harassment have. Just today there have been posts from "pandorabracelet", "pandoracharm", "charmthomassabo", "pandorabraceletsuk", and "PandoraJewelryuk". There are no links visible in the messages, presumably because their methods aren't quite tuned to the peculiarities of LW's markup syntax. But it turns out that pandora-jewelry.uk.com is an existing domain. WHOIS information reveals a Russian IP, a registrant with a fake British address but a Chinese-sounding email address, and an American registrar.

Meanwhile, in case you were wondering: the real Pandora is a Danish jewelry company. But these spammers are promoting a scam which has nothing to do with the real Pandora. It is unclear to me whether their business model is to sell fakes, to just pocket the money and not send anything at all, or whether they're actually collecting credit-card information - it may be some combination of these - but the victims speak here.

29 comments

Comments sorted by top scores.

comment by mutterc · 2011-01-20T17:17:04.810Z · LW(p) · GW(p)

Spambots are a proto-unFriendly-AI. We should try to thwart them before one gets too advanced, and tiles the Solar System with knock-off jewelry.

Replies from: Clippy
comment by Clippy · 2011-01-20T22:16:31.386Z · LW(p) · GW(p)

I completely agree. The administrators here need to terminate, with extreme prejudice, any User polluting this discussion forum with off-topic exhortations to load up on cheap metal trinkets.

Replies from: JoshuaZ
comment by JoshuaZ · 2011-01-20T22:17:54.827Z · LW(p) · GW(p)

The administrators here need to terminate, with extreme prejudice, any User polluting this discussion forum with off-topic exhortations to load up on cheap metal trinkets.

Are paperclips not in this category?

Replies from: Vaniver
comment by Vaniver · 2011-01-22T00:59:22.114Z · LW(p) · GW(p)

How dare you imply paperclips are mere trinkets!

comment by komponisto · 2011-01-20T11:03:08.185Z · LW(p) · GW(p)

It did seem bizarre to me that an entity that was legitimately selling a product as high-status as jewelry would resort to a marketing tactic as low-status as spamming.

Replies from: Richard_Kennaway
comment by Richard_Kennaway · 2011-01-20T13:03:53.064Z · LW(p) · GW(p)

Jewellery is not high status. It is worn at every level of society from high to low, at corresponding levels of price.

Amusing story from the low end of the market.

Replies from: komponisto
comment by komponisto · 2011-01-20T21:30:05.454Z · LW(p) · GW(p)

I got the impression that this was the expensive kind, but of course, it's not as if I paid close attention.

Replies from: mkehrt
comment by mkehrt · 2011-01-21T03:08:16.770Z · LW(p) · GW(p)

OP implies that it is imitation high end jewelry.

comment by Randaly · 2011-01-22T03:43:26.908Z · LW(p) · GW(p)

It seems like there's now a second, better written jewelry spambot group- "Save Your Money using The Recycled Cartier Diamond jewelry". The post linked to this page. Pity.

comment by Jack · 2011-01-20T16:59:20.098Z · LW(p) · GW(p)

Doing that, and perhaps even just talking about it, has a danger of its own - what if the spammers call on their friends and colleagues? What if they're egosurfing - checking on the image of their "brand" - and run across the discussion?

That seems like a lot of effort for a bunch of scam artists. And even with lots of accounts I feel like it would be difficult for them to get 5-karma here.

Replies from: wedrifid
comment by wedrifid · 2011-01-20T19:39:06.317Z · LW(p) · GW(p)

That seems like a lot of effort for a bunch of scam artists. And even with lots of accounts I feel like it would be difficult for them to get 5-karma here.

  • Create five accounts
  • Create five comments
  • Vote 25 times
  • Have 5 * 5 karma
  • Post link spam
  • ?
  • Profit
  • 5 Accounts banned
  • Repeat

Getting 5 karma is so utterly trivial for the kind of person who is capable of writing spambots that giving a step by step guide does not even seem like it would be giving anything significant away.

Replies from: Jack, RobinZ
comment by Jack · 2011-01-20T20:16:32.398Z · LW(p) · GW(p)

They're not going to reprogram their spambots for what must be a tiny fraction of their audience. Hell, they're not even going to notice it stopped working here.

Replies from: wedrifid, Douglas_Knight
comment by wedrifid · 2011-01-21T01:01:53.941Z · LW(p) · GW(p)

We are not the audience. The audience is Google PageRank.

Replies from: Jack
comment by Jack · 2011-01-21T01:08:31.143Z · LW(p) · GW(p)

Yes I realized that after I posted- the point remains.

Replies from: wedrifid
comment by wedrifid · 2011-01-21T01:25:08.475Z · LW(p) · GW(p)

the point remains.

Your point underestimates the value of having incoming links from a lot of different high ranked sites. It also, I assume, overestimates the difficulty of adapting a spambot and underestimates the likelyhood that the outcome would be check.

Spamming a site does actually require ongoing effort. A steady stream of account creation, captcha passing, email account creation and IP address sourcing. A click to check that it works does not seem unlikely. Mind you that click would probably go along with the click to test incoming links from all sources - and lesswrong would still be going along just fine there.

Replies from: Jack
comment by Jack · 2011-01-21T01:48:33.883Z · LW(p) · GW(p)

Hmmm. You might be right. Are links from Less Wrong actually that valuable that they would spend time designing ways to spam our site in particular? It seems like there would be more low-hanging fruit for them to target.

Replies from: wedrifid
comment by wedrifid · 2011-01-21T01:53:34.616Z · LW(p) · GW(p)

Hard to say without knowing more about them (than I'd care to bother with. :P) Lesswrong links would be more valuable than the majority of the forums out there that are readily spammable but I am not sure how broad there spambot net is.

By way of ballpark estimate I too would be surprised if they bothered to create mutual upvote scenarios. (I'd expect them to just switch to comment spam if anything.)

comment by Douglas_Knight · 2011-01-21T00:04:34.981Z · LW(p) · GW(p)

In fact, it never worked here. OP:

There are no links visible in the messages, presumably because their methods aren't quite tuned to the peculiarities of LW's markup syntax.

They could be doing something weirder, but there are exhortations to click, so it's probably just broken.

Replies from: JGWeissman, wedrifid
comment by JGWeissman · 2011-01-21T00:32:56.475Z · LW(p) · GW(p)

Some of them contain links.

comment by wedrifid · 2011-01-21T01:03:12.232Z · LW(p) · GW(p)

to click

We are not supposed to be the ones clicking them. (And the few posts I glanced at did contain links, for what it is worth.)

Replies from: Douglas_Knight
comment by Douglas_Knight · 2011-01-21T21:35:43.524Z · LW(p) · GW(p)

For topynate's suggested search, I find 3 of the first 20 hits contain links. This is not what it would look like if they were checking their work.

nofollow is a solution to the problem of spamming google. Nofollow as a function of karma would be pretty nice, but might not fit the codebase well.

Replies from: wedrifid
comment by wedrifid · 2011-01-22T03:15:30.728Z · LW(p) · GW(p)

nofollow is a solution to the problem of spamming google. Nofollow as a function of karma would be pretty nice, but might not fit the codebase well.

I kind of like the idea of retargetting all 'pandora' links (and adding links to all pandora posts lacking them) such that they all link to the official pandora jewellry site. Mostly just for fun.

comment by RobinZ · 2011-01-20T19:40:55.524Z · LW(p) · GW(p)

Are the people who write spambots writing them with the intention of spamming here, or the intention of spamming reddits in general? Here seems like wasted effort.

Replies from: JGWeissman, wedrifid
comment by JGWeissman · 2011-01-20T20:06:54.801Z · LW(p) · GW(p)

I suspect the spam is targeted more at search engine bots than forum members, the goal being to boost the ranking of the spammer's website in search results.

Replies from: topynate
comment by topynate · 2011-01-20T20:19:58.392Z · LW(p) · GW(p)

If that's the case, then when a page is hidden the metadata should be updated to remove it from the search indexes. If you search 'pandora site:lesswrong.com' on Google, all the pages are still there, and can be followed back to LW. That is to say, the spammers are still benefiting from every piece of spam they've ever posted here.

Replies from: wedrifid, wedrifid
comment by wedrifid · 2011-01-21T01:07:28.711Z · LW(p) · GW(p)

Emphasising parent. If spammers don't get any benefit from including this site in their bots then they are less likely to take the effort to include it - and the effort of handling catphcas and configuring to local conditions.

comment by wedrifid · 2011-01-21T01:15:05.299Z · LW(p) · GW(p)

I just did the search and noticed that both HP:MoR and RationalWiki://lesswrong make it onto the first page. Neither of them include the word 'pandora'. That's impressive!

comment by wedrifid · 2011-01-20T19:46:29.582Z · LW(p) · GW(p)

I'd expect forums in general, with a module here and there for "Reddits" and specific instance thereof.

comment by Miller · 2011-01-20T09:37:46.704Z · LW(p) · GW(p)

Such a meta-post. If someone in the position to change the website were involved, he would merely ban the IP addresses involved and see if that fixed the problem.

I want to note the excessive verbalization required because of a lack of clear leadership.

edit: who gives a fuck who they are? The point is to stop them.