Denise (![[staff profile]](https://www.dreamwidth.org/img/silk/identity/user_staff.png)
denise) wrote in ![[site community profile]](https://www.dreamwidth.org/img/comm_staff.png)
dw_maintenance2023-09-28 11:16 pm
denise) wrote in dw_maintenance2023-09-28 11:16 pm
Continuing dispatches on the war against spam
A few days ago we let you know about spam prevention measures that we were taking to help stem some of the flood of garbage. One of those temporary measures included geoblocking all IPs from several of the countries that are our largest source of spam. This did (as we knew it inevitably would) have some collateral damage for real users, and we're very sorry!
We're continuing to experiment: this time we've slightly expanded the range of countries we're geoblocking to include the ones that we held off on geoblocking because it would affect too much legitimate use, but we've limited the geoblocking only to the account creation page. This should mean that if you were having trouble accessing the site because of geoblocks, you should be able to access 99% of the site without a problem, and the only page you won't be able to access is the account creation page. With luck, this should cut back heavily on our spam account creation without disrupting legitimate use of the site. The current list of countries that are geoblocked from account creation are Bangladesh, Cambodia, Egypt, India, Indonesia, Morocco, Pakistan, Singapore, Turkey, and Vietnam. (If you're an existing user from one of those countries and you'd like to make an additional account, email support@dreamwidth.org with the username you'd like to register and we can register it for you. If the number of requests gets to be enough that it's taking up too much of our time, we may have to pause this until we can build automated exceptions, but we'll start there.)
We will continue to monitor the results of these experiments and adjust as necessary: when we do one of these experiments, we always make sure to define in advance what "too much interference with legitimate use" will look like, and we try very hard to stick to it. I apologize to everyone who's been collateral damage in our efforts to filter out more of the goddamn spammers.
We're continuing to experiment: this time we've slightly expanded the range of countries we're geoblocking to include the ones that we held off on geoblocking because it would affect too much legitimate use, but we've limited the geoblocking only to the account creation page. This should mean that if you were having trouble accessing the site because of geoblocks, you should be able to access 99% of the site without a problem, and the only page you won't be able to access is the account creation page. With luck, this should cut back heavily on our spam account creation without disrupting legitimate use of the site. The current list of countries that are geoblocked from account creation are Bangladesh, Cambodia, Egypt, India, Indonesia, Morocco, Pakistan, Singapore, Turkey, and Vietnam. (If you're an existing user from one of those countries and you'd like to make an additional account, email support@dreamwidth.org with the username you'd like to register and we can register it for you. If the number of requests gets to be enough that it's taking up too much of our time, we may have to pause this until we can build automated exceptions, but we'll start there.)
We will continue to monitor the results of these experiments and adjust as necessary: when we do one of these experiments, we always make sure to define in advance what "too much interference with legitimate use" will look like, and we try very hard to stick to it. I apologize to everyone who's been collateral damage in our efforts to filter out more of the goddamn spammers.
Invitation tree
You should record the connection between new accounts and the accounts that issued the invite for these new accounts.
Then if you catch a spam account - you can quickly detect the whole tree of accounts to cleanup.
All new accounts in this tree - delete automatically (and automatically blacklist all IP networks that participated in creating these spam accounts).
The old and legitimate account that issued invite code - block from issuing any new invite codes again.
This automatic monitoring strategy should quickly stop invite-based spam accounts creation.
Re: Invitation tree
"and automatically blacklist all IP networks that participated in creating these spam accounts"
I quote Denise's comment in he previous post: "a massive number of the IPs that are in those abusive-IPs databases are VPN IPs and that would have a tremendous amount of splash damage, so we'll never be able to do it."
I suggest you read the comments to the previous post on it as this answers several suggestions you've made.
Re: Invitation tree
> a massive number of the IPs that are in those abusive-IPs databases are VPN IPs and that would have a tremendous amount of splash damage
The IP blacklisting does not have to be permanent.
It may be sufficient to blacklist IP network for ~30 days.
Blacklisted IP does not need to mean absolute block of new account creation.
Bad IP should lower HamScore that account that uses this IP address has.
If HamScore of the account (due to other indicators) drops below blacklisting threshold - only then delete the account (and blacklist all indicators that participated in creating this spam account).
In this case blacklist is not absolute - the "splash damage" will be minimized.