Month: November 2011

Notes on handling identi.ca group spam accounts

As admin for the identi.ca group Friends of W3C, I spent several hours today blocking spam member accounts. Because I could, thanks to the US Thanksgiving holiday which blesses us with a couple quiet days.

A few notes:

  • It isn’t easy a task. It has to be done from the members page, one at a time, by clicking ‘Block’ and confirm the action in the next page. And it’s really boring.
  • Homepage links that contain ‘buy’, ‘cheap’, ‘best’, ‘reviews’, ‘price’ are a sure sign of a spam account. Ah, and ‘forex’ too.
  • Also, ‘deals’ especially when that follows ‘blackfriday’ in the URI. But this is seasonal spamming.
  • Homepage links which end in ‘sitemap.xml’ and ‘sitemap.php’ all turned out to belong to spam accounts.
  • Homepage links which contained ‘sexy’ turned out to be pretty disappointing. I AM KIDDING, I didn’t look.
  • Those which Bio contains ‘SEO’ most often are spam accounts. Same for Bio that contains ‘increase your’. And ‘toys’; you get the idea.
  • Some trends: identifying ‘Thailand’ as location, promotional links around SLR cameras, watches, TVs. Vaccum cleaners too.
  • While most of spam accounts show the default avatar, a small number of them do have an avatar. Most likely, an image depicting landmarks in Thailand. Or Thai masks. Or Thai temples. After a while I got the feeling they were familiar; they use a very limited pool of images. That’s why.
  • I have nothing against Thailand.
  • Is it a coincidence that some spam accounts have a Bio written in Thai? I’m asking.
  • I was fooled. Nickname ‘cutecat’, avatar of the most adorable sleepy kitteh, Bio ‘I like snow and cats’. A couple inconspicuous micro-blog entries and bam! one that points to an obscure promotional website. Dated a year ago. Blocked.
  • I reached the awkward series of those accounts which joined en masse and which homepage links contained NSFW words. They made me miss the SLRs, watches, shoes and TVs links! I looked at none. Honest.
  • There was a ‘JustinBieberPhotos’ account. Didn’t take the bait!

I’ve been at it more then 3 hours and blocked 830 spam member accounts. I have more than twice that number to go over still. I’m done for now. Next time I’ll do it for a half-hour maybe, and I’ll do it once a week. Till we’re rid of our historical spam member accounts.

These days we get a dozen new spam accounts joining that group. I hope the folks at StatusNet would look for patterns and block them as soon as the accounts are created.