Moderators refuse to remove a spammer selling pot

Early this morning there were so many spammers from China trying to flog devices to crack ATMs that it filled up an entire page + half of the next page (~30 posts, multiple usernames, but likely same/small cadre of spammers). At the end of a bunch of reports I reverted to “just look for the entry ‘wftg’ at the end of each diary”.

About 10 hours later I reported a spammer for the third (or possibly the fourth) time for trying to sell pot. The diary moderators have refused to remove him. I’m afraid that I lost my rag with this one:–

Why has this spammer been left in place; is he related to you?

There is a spam-link in his profile. His a/c was created on the same day that he created the profile spam-link + diary so that the SEs will also list his profile. Are you in his pay? That is the only reason that I can think of for not removing this user.

Autopsy

potxolate (now removed) (for that was the spammer) made a post (now removed) in ES on 2 May (this is the EN translation):–

My name is Ernesto García and I was born on July 1, 1979. My biological mother left me for adoption with "Sister María". My favorite flower is Cannabis Sativa. I do not do sport.

This is a classic post from a spammer — zero content related to OSM. However, it does contain a link to his Profile, and that is the point of the post.

The key features are:

1. The user created the a/c on 2 May
2. The profile was filled & link added for his website on the same day
3. The diary post was made on the same day

This is all classic spammer behaviour, known about for the last 20 years. The only other wrinkle is that they will often NOT post a spam-link for many days. Then, when attention has drifted away from their account, they edit the profile to add a link (if they remember). Again, classic behaviour, and the reason to remove every single content-less post.

At least one of the OSM moderators is both completely ignorant about spam and unwilling to learn, and sent me a message/email some months ago berating me for too many spam reports. There is also a pattern across the last few months of some of my spam reports being ignored and requiring a second report at a different time to be actioned. Meanwhile, as is easily predicted, OSM is sinking under the weight of Chinese spammers, as OSM is so easy to game. Truly, I feel for those guys/gals having to remove several score of spammers - I’ve been there. However, brace yourself, as it is very likely to rise into the hundreds or thousands daily (I’ve been there as well - 25,000 emails daily in a joe-job, as well as forum posts).

I’ve been banging on about this ever since I created my username. I should have chosen ‘Cassandra’ rather than ‘alexkemp’, I guess.

Saturday Update

• 05:39am BST: and the diary pages currently have 107 pages (== 1,605 posts) of Bengali ‘wfgz’ pages. The very first posted is quite short; others are very much longer:

In the exhibition, clbro is in the exhibition and clbro is in the exhibition 僭clbro..wfgz

• This sounds bad but it is much worse than you think, for I stepped in in the middle of the attack. Refreshing the page shows that they are still going. One surprise is that they are NOT using a bot or at least, any bot is choked in it’s speed.

• 05:56am BST: Phew. It has reached page 116 (1,740 posts, some of which are huge).

• 07:15am BST: wfgz spam has reached page 188 (2,820 posts). This is a bot, but a slow one
  (in my webmaster days the fastest bot was operated by the network guys at Technicolor and — from memory — was 403 attempted scrapes / second)
  (the reason the Technicolor bot was so fast was because 1) it was operating from a gigabit network across a gigabit connection, and 2) the first 30 hi-speed connections triggered the block, and everything after that was just system refusals).

• 07:22am BST: It has reached p200 (3,000 posts). Wrong again - that is a medium paced bot.

PS
With hindsight I now realise that the delays in removing my reported spam are probably collateral damage from all this Bengali spam. That does not excuse overlooking the reports, but does explain it.

For goodness sake, make use of the SFS database (accessed through an API so it can be automated) and once in the DB they can never get access to the site in the first place. It works ever so well & has zero cost.

Sunday Update

• 02:06am BST: The first Bengali wfgz spam has started. As there are just 2 of them, and there are zero links, I shall put them here:

(posted by yvswtxnw405:
Dirty and flattering cxzbd
(translate from Bengali): Giving history, rhyming legs, xbrvz, history, stylistic legs, xbrvz, history, stylistic legs, xbrvz..wfgz

(posted by yvswtxnw405:
Uranium plutonium refers to kmhxs
(translate from Bengali): Ruminating testosterone, czwae, ruminant, testosterone, czwae, ruminant, testosterone, czwae..wfgz

In the time that it took me to type that a 3rd post was made (02:14 - ignored here). Here we go again…

• 04:55am BST: The end of the wfgz spammers has now reached p164 (2,460 posts). All that I have seen follow a similar format to before. There are zero links, and my suspicion therefore is that the OSM system now stops links for new users. These latest posts are trying to promote a number of different criminal products; a couple of the latest include Car remote control universal decoder & Car lock jammer.

• 11:25am BST: The Bengali wfgz spammers have been removed & replaced by your normal Chinese & other spammers. We can now find the numbers for one day, since the OSM system increments the diary post number serially. These are the urls (I d/checked that the IDs were serial + added in stats for the Chinese spammers):–

    11:51:    https://www.osm.org/user/2PX1F3N3/diary/172663
    11:25:    https://www.osm.org/user/6q7ceUT0/diary/172507
    02:06: https://www.osm.org/user/yvswtxnw405/diary/163264
                                                      ------
                                     number of spams:  9,243
                                 min rate (559 mins): 16/min
             assume removed 8am: max rate (360 mins): 27/min
                                                      ------
                             number of Chinese spams:    156
                                     rate ( 26 mins):  6/min
                                                      ======
  

These access rates are essential in deciding if the attacks can be stopped by rate-limiting via iptables/ntptables* (see bottom of my Spam Attacks report post). The rates above suggest very much that yes, they should be capable of being stopped in that way.