Army Rumour Service

Register a free account today to join our community
Once signed in, you'll be able to participate on this site, connect with other members through your own private inbox and will receive smaller adverts!

seems you have been hacked

Thanks, now I know what those are about. Learn something new every day. Even old goats can learn!
The pattern appears to be that a new account is created and then the spam posting starts by using the new account to post random numbers in successive posts into an existing thread. I suspect this is used to build up a posting history before starting new threads. I don't know if ARRSE enforces a rule like that, but many forums require that new members post a certain number of times in existing threads before they are allowed to start a new one of their own and the spammers will be following an SOP.

With the posting history established the spam account will then start new threads with text in Chinese characters and the name of a western English language university. I noticed that Canadian and Australian universities are frequently mentioned.

The intention is likely to try to make the spammer's web site rank more highly in Google by creating numerous references to it in long established web sites. Search engines typically rank a web site more highly if there are references to it in other "reputable" web sites, where being long established and constantly active count towards giving a good reputation.

The ultimate goal is to direct more traffic to the spammer's own web site by making it rank higher in search engines. Presumably they are making money by displaying ads on web pages to Chinese students who are trying to find information about foreign universities that they would like to attend.

The spammers are undoubtedly spamming large numbers of forums with identical posts shotgun style. The mods will clear them out, but they only need to stay long enough for Google (and other search engines) to notice them and give them a "bump" upwards in search rankings. It's all a numbers game. The spammers themselves might not be the owners of the web site they are promoting, they might be getting paid for their work, possibly by getting a cut of the ad revenue.

I suspect the spamming is all automated using scripts. It is possible though that the account sign-up might be manual as the user names seem to be quite heavy on the use of "q" and "w". That however might just be an artefact of whatever algorithm they are using to create new user names. ARRSE uses "Xenforo" forum software. The spammers are likely targeting loads of other forums which also use the same software so they can use the same spam scripts on all of them.

For amusement the other night I wrote a proof of concept script which would "scrape" the "new posts" web page and detect when a new spam "run" had started by looking for an excessive number of non-English characters in the title and summary. It seemed to work pretty well, although it just tells you the spammers have started and doesn't on its own do anything to stop them. The spammers are pretty predictable though, which is (among other reasons) why I think they are using scripts.
 
It's spam. And its dealt with. Every ******* night by me prior to going to bed. Do I get thanks, like say a mug - do I ****. I do it for the love.
Have not noticed it before tbh but that no doubt is down to your brave single handed fight with the hoards from the east.
 
Seems to start early hours of morning and Guns zaps them.

Normally when I get up in morning there's at least two or three who have posted in excess of 100 threads which get wiped out in a single click.

Then throughout the day there will be several more posters join.

I'm like a Japanese meal when it comes to ARRSE... little and often. It will be in the background all day at work and each lesson break I'll sit at my desk, a quick "what's new" click and then I crack on.

It's at that point I normally see the latest spammers. It's immensely satisfying when they've posted only a couple of threads and you get to pull the plug and ban their IP. Even more so when they have a shared IP with a number of sister spam accounts that they would be planning to Switch to - only to find they're also zapped too.

But if I'm zapping them as and when they pop up in the morning / during the day, Guns is doing the same from the other side of the world - and with the amount of other mods doing the same - just makes you wonder how much the site is getting hit. The COs will know cos they can see a report of who's killed who (which sometimes gets me into trouble when I zap a genuine member who just happens to be working in one of these shithole countries).
 
But if I'm zapping them as and when they pop up in the morning / during the day, Guns is doing the same from the other side of the world - and with the amount of other mods doing the same - just makes you wonder how much the site is getting hit. The COs will know cos they can see a report of who's killed who (which sometimes gets me into trouble when I zap a genuine member who just happens to be working in one of these shithole countries).
Luckily for me the ones who hit the QM's tend to be obvious if Chinese spam types, the difficult ones are often the ones who know the CO and have posted trade adverts but either not sought permission or the CO's haven't passed it on, luckily though we can put this into a holding cell and get approval later.
The keyboard does need an alcohol detector for when wielding the ban hammer
 
Hi mods
Was just on there and some of the treads changed to some form of language from south east asia, seems you have been hacked
Do you mean threads or treads..

A quick search of the forums would of prevented you posting this drivel.

I’d rather read the Korean spam than your barely coherent attempt at English.
 
Last edited:
I'm no expert (no sh1t) but wouldn't it be possible for these hits to just get redirected to one of the more esoteric bits of the forum? Gingers I Would or similar.
Are you mental? That thread is necessary for my sanity. How about one where people are discussing the president of an entirely other country, like he matters to them?
 
The spam factories have hundreds of people just doing Google searches to keywords and then hammering the Top 100 sites. Once they think they have a lead they pass it on for more spamming. It's easy because even those spammers that are real people are paid nothing or less and so it only takes one or two take ups to have success.

We get two types - first is the classic spam where they push out rubbish. The other is the random "1" in a thread. These people are creating accounts that are live to sell on. I like hoofing those best because someone is looking to make money on those and if they have sold it on and it is no longer active they may need to explain to the seller....

Would it not be wise to block all IP adreeses from the relevant ISP,s ie. all Chinese.
 
It's spam. And its dealt with. Every ******* night by me prior to going to bed. Do I get thanks, like say a mug - do I ****. I do it for the love.
You get love? Wow, sign me up! Where do I apply to be a mod and how long before the luuuve comes through??
 
Would it not be wise to block all IP adreeses from the relevant ISP,s ie. all Chinese.
No, because you would also be banning genuine members who are living there as ex-pats or on business trips. And I don't recall anybody saying that the IPs were from China either, they could be living anywhere, we just know the spam is Chinese language. If they are using a VPN they could make it look like they're from any country they want.

In practical terms the only thing you can do without making ARRSE too hard to use for legitimate members is to detect and delete spam as it appears. From what the mods are saying, smashing the spammers once they are found is pretty easy. A better early warning system for the mods would probably give the most return for effort.
 

New posts

Top