Bot Postings?

Post Reply
 
User avatar
exwoodburner
Member
Posts: 238
Joined: Thu. Aug. 12, 2021 10:46 am
Location: Southwest Pennsylvania
Hand Fed Coal Stove: Harman Mark I
Coal Size/Type: Reading Chestnut
Other Heating: Natural Gas Forced Air Furnace

Post by exwoodburner » Tue. Jan. 02, 2024 12:28 pm

Richard S. wrote:
Sun. Dec. 31, 2023 7:17 pm
The first thing to understand is HTTPS, when you are viewing a site over HTTPS the only thing exposed is the domain you are viewing and your IP address. Your ISP or someone else that captures that traffic can ascertain someone using that IP address is viewing something on coalpail.com. Specific pages and content is unavailable.

More precise information can be gathered through cookies but the imporatant thing to understand is only the domain that sets a cookie can access it. I don't utilize any type of resources from other sources with the exception of embedded Youtube videos and the occasional embedded image. When you a view a page on here with Youtube video they can access any cookies they set.

Also note anytime your browser makes a request for a resource from a page here or you click a link on here to another site the browser sends a referrer in the header which is the page it was referred from. You can block this behavior in any browser.

A VPN can hide your activity from your ISP but you are just transferring that exposure to the VPN. A VPN also hides your origin IP from the site you are visiting but your IP itself is already relatively anonymous without direct information from the ISP.
I'll start a new thread so as to not hijack the VPN thread. You seem to have a very in depth understanding of computer networks, servers, and technology in general. Also from your experience with owning and running this website you may have some insights. What is the point of the bot postings? Every once in a while you will see a post from what would have to be some kind of bot or machine generated poster. The "poster" will be a brand new member with no previous posts and will have resurrected a years old thread. Their posting will be very generic, almost certainly AI generated sentences that only have about 80-90% relevancy to the rest of the thread. My question is what is the purpose of those posts? Why would someone, or something set up an algorithm to find and make posts on a coal burning forum? If they are some kind of machine created users, how are they able to make a username prior to posting? Just curious.

 
User avatar
Richard S.
Mayor
Posts: 15604
Joined: Fri. Oct. 01, 2004 8:35 pm
Location: NEPA
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Post by Richard S. » Tue. Jan. 02, 2024 1:30 pm

They are trying to spam a link and there is many opportunities for them to do that. They are marketing to search engines more than the people that might read it. Search engines use many different signals to rank a page in search results and one of them is the inbound links. Most of the spam here is going to be replies to posts from non coal pages that are ranking well.

They will place links in their profile, signature on posts and of course in posts themselves. They will even be sneaky about it and come back after posting to edit in the link since it's possible the post will descend into obscurity if no one ever sees it.
how are they able to make a username prior to posting?
They are doing much more than that. The people operating these bots are going to have a list of forums and they script the bot to register on them. Often you'll see username like joe123456, this is an indication it might be bot. The number is incremented each time they run the script. They also need valid email addresses, a lot of them from gmail which itself requires a bot or human to obtain.

The captcha I use here is a Q&A that is fairly effective because it's unique, the downside is you only need one bot or human to break it and then it gets passed around or sold to the spammers. If you see uptick in spam accounts this is usually the reason why and you need to change the question. With AI being used more this is going to become ineffective.

I also have a lot of custom stuff going on in the background. For example you have a choice of time zone when you register. It's preselected for the eastern time zone and the first choice in the dropdown is UTC +0:00, it's legitimate time zone but it's not inhabited so I can just reject those registrations. I also have the custom field on the registration for "Other Heating" and for whatever reason they'll input "Health".

 
User avatar
Richard S.
Mayor
Posts: 15604
Joined: Fri. Oct. 01, 2004 8:35 pm
Location: NEPA
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Post by Richard S. » Tue. Jan. 02, 2024 1:57 pm

A little more information on how aggressive they can be. You see the "Most users online", that was single bot from multiple IP's, In this case it was referrer spam bot. If you click a link from another site to here the browser sends what is called referrer and that can be used for analytics. A referrer spam bot customizes the referrer when requesting a page here so it points to some website they are spamming. When I go to view my site stats all those sites show up as referrers. I'm the only person in this whole world that will ever see those links.

Here is my sledgehammer indicating how many requests were blocked over the past 24 hours. The bulk of these are what they refer to as scraper bots, they just suck up pages for whatever their purpose is. There has been a significant uptick in the past few years and I suspect the purpose is to collect data to feed AI.

Attachments

bots.png
.PNG | 100.3KB | bots.png


 
User avatar
exwoodburner
Member
Posts: 238
Joined: Thu. Aug. 12, 2021 10:46 am
Location: Southwest Pennsylvania
Hand Fed Coal Stove: Harman Mark I
Coal Size/Type: Reading Chestnut
Other Heating: Natural Gas Forced Air Furnace

Post by exwoodburner » Tue. Jan. 02, 2024 2:19 pm

Very Interesting....
Richard S. wrote:
Tue. Jan. 02, 2024 1:57 pm
A little more information on how aggressive they can be. You see the "Most users online", that was single bot from multiple IP's, In this case it was referrer spam bot.
Actually that was going to be my next question. Anytime I am online, and when I happen to notice, there is always less than 100 users online. Usually less than 40. Tuesday January 10, 2023 at 9:56 at night seems like a very unreasonable time to have over 750+ users on the forum. I always thought that had to have something to do with spamming.

 
User avatar
Richard S.
Mayor
Posts: 15604
Joined: Fri. Oct. 01, 2004 8:35 pm
Location: NEPA
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Post by Richard S. » Tue. Jan. 02, 2024 2:34 pm

I have reset the "Most users online" numerous times and I'm just removing it next major update as it has no meaning. There is legitimate reasons it can spike, e.g. someone very popular on twitter posts a link in a tweet or tweet goes viral. I have no idea what the real number is just accounting for legitimate users.

I've been playing around with the firewall rules over the past few weeks. The bulk of your bot activity is from outside the US. Anybody outside the US or Canad is now issued what is called a JS Challenge. This works fairly seamlessly in the backgound if you are legitimate user. The solve rate is only about 3%, that is to say only about 3% of the traffic from foreign countries is potentially legitimate.

Post Reply

Return to “Technology”