Spamming is an irritating and sometimes damaging issue that affects all of us, whether it’s constant emails about dubious products and services or pop-ups appearing after a quick Google search. Happily, though, the ongoing development of safety practices for our everyday email applications, and the average user’s increased security awareness, mean that spam does not pose as much threat as it once did. Yet the same cannot be said for the dark web, where spamming is becoming a real problem for forum administrators. In this context, spamming refers to the practice of using bots and other automated tools to create havoc within a cybercriminal forum, ultimately rendering these forums completely unusable or affecting the user experience to the extent that members abandon the platform. 

In this blog, Digital Shadows (now ReliaQuest) explores the subject of spamming via a recent discussion on the dark web community forum Dread in which members discussed the pros and cons of an invite-only member system suggested to combat ongoing forum spamming. We’ll also look at what an invite-based system might mean for the forum going forward.

Computer

What is forum spamming?

Forum spamming refers to posting messages on cybercriminal forums that are nonsensical, abusive, marketing gimmicks, or generally irritating. Although many forums attempt to set rules to prevent forum spam, the owners of accounts posting such messages usually disregard those rules to cause chaos. The motivations behind why spammers conduct these types of activity vary greatly. Dependent on the target and the desired outcome, these may include:

  • Negatively impacting a forum financially
  • Causing so much disruption that ultimately leads to a forum shutting down
  • Discrediting and tarnishing a rival competitor forum’s reputation
  • Skiddies (Script Kiddies) just doing it for fun

Forum spam can be posted to threads either manually or via automated bots (aka “spambots”). Spamming usually occurs when a competent administration team cannot maintain a forum and can take place over a couple of minutes, hours, or even days. It may ultimately result in server crashes. Examples of forum spamming include: 

  • Reviving multiple threads within a couple of hours that have not been active for a few months (often referred to as “gravedigging”)
  • Posting a random message not following the discussion in a thread, usually repeated across several sections
  • Spamming random threads repeatedly with advertisements or weblinks not related to the topic
  • Posting regularly to acquire elevated forum rankings and post counts, often contributing nothing to the conversation

Conventional forums on the clear web have several options to deal with spam, including

  • Using inbuilt spam mediation options included in forum software like phpBB, SMF, and YaBB. These measures typically protect against forum flooding, trolling, and forum spam by introducing limits on repeat postings, deactivating users’ ability to post images, or reducing member privileges. Forum administrators can control and modify each of these measures accordingly. 
  • Recovering and blacklisting the IP addresses of the accounts responsible.
  • Moderating new registrants and subsequently approving or deleting their forum contributions, respectively.
  • CAPTCHA routines to prevent automated registrations (either textual or visual).
  • Confirmation email verifications.
  • Redirecting spambots to specifically configured spam forums.
  • Blocking posts or registrations that contain certain blacklisted words.
  • Manually examining new accounts for specific indicators, e.g. spammers tend to delay email confirmation for several hours, while human-operated accounts will confirm promptly. Spambots typically have relatively overlong usernames to ensure uniqueness.

However, these measures are not so easy for a dark web forum to implement if the platform’s administrator has opted to use either non-conventional or completely bespoke forum software in combination with Tor. Tor helps to prevent the capture of data associated with these spam accounts, such as real-world IP addresses, nullifying the ability to blacklist identifiers. Bespoke forum software might not have inbuilt security features to identify spamming type behavior.

The increased time and resources expended by forum administrators and moderators in combating spam contributes significantly to labor costs and increases the skill level required to run a dark web forum. Continuous upkeeps can result in the demise of forums that are either returning minimal profits or are just smaller and therefore don’t warrant the extra efforts.

dread forum
Dread admin initiating discussion over possible invite-system

Dread members discuss spam

On 27 Jun 2020, the Dread administrator opened a thread to discuss the possibility of moving the forum to an invite-only format, with mixed member responses, to say the least. Dread has had to deal with ongoing issues related to spamming accounts registering on the forum and impacting its usability. The administrator explained that the forum team had attempted to mitigate spamming in the past by implementing several security measures, but that these were not sustainable in the long-term. Previous steps have included:

  • Implementing advanced CAPTCHA-based mechanisms
  • Actively removing suspicious or flagged accounts 
  • Temporarily suspending forum registrations

Dread has always prided itself on being a platform that is open to all and provides a service without censorship. Despite this commitment to freedom of speech, the administrator initiating the discussion about an invite-only format indicates they recognize that the ongoing threat from spamming could severely impact the forum’s running, and ultimately render it redundant, likely resulting in members flocking to rival platforms. 

The time and resources required to maintain the previously implemented anti-spam mechanisms, along with the advancing development of machine-learning that helps spambots circumvent CAPTCHA-based mechanisms, seem to have necessitated a search for a new solution to avoid forum member attrition. An invite-only system could potentially frustrate spamming accounts to the point they cease to exist or provide enough of an obstacle that those responsible do not see the cost-benefit ratio of continuing to do so.

But what are the advantages and disadvantages of introducing an invite-only system — or the few other ideas suggested in the discussion?

Concepts Dread members recommended to combat spam:

  • Invite-only: Registrants would be required to retrieve an invite link from an active member of the forum
  • Payment-based: Registrants would be required to pay a fee upon signing up to the forum
  • Post Count: Registrants would be required to achieve a specified post count before accessing the main forum
  • Post quality review: Registrants would be required to meet a set standard with their post content before granting them access to the main forum
Measure Pros Cons
Invite-only
  • Limits access to vouched members only
  • Restricts the creation number of new accounts
  • Administrators can tie spammers back to the affiliate account who shared the invite link
  • New users may not have a network to use to acquire an invite
  • Users could sell Dread invites on other forums for profit
  • Spammers may still find it worth their time to buy invite links despite the costs and extra effort required
Payment-based
  • Spammers are less likely to pay for an account if there is a high likelihood it will be banned
  • Spammers would not be able to automate the process of joining a payment-based forum
  • Provides a good source of revenue for the forum, and extra money that can be spent on other anti-spam measures
  • Damages the concept of the forum being available to all
  • Less skilled users or those with less money to spend may not have access to the cryptocurrencies or the funds needed for payment
  • Extra effort is required to implement a payment based system which would, in turn, need additional maintenance
Post count
  • Prevents new registrants from being able to access the main forum upon registration freely, and actively requires them to contribute content
  • Needs more time and effort on the spammers part to identify the post count number and automating the process of posting accordingly
  • May encourage users to spam the dedicated subforum to acquire the necessary post count, further reducing post quality
  • Technology advancements make the process of post automation a much less arduous task
Post quality review
    • Will judge each account based on the quality of their posts and types of contributions to a designated subforum, if they don’t fit the criteria, they do not get access

    • OR

  • Moderate each post made by a new registrant before being published on the main forum. This method ensures the publishing of all content in the correct place, with no vacant posts. The forum can then boast of this and increase its standing in the cybercriminal community by making it easier for users to find quality content
  • Manual effort and research is required to configure automated bots to post high-quality content specified for a targeted forum
  • Spammers can adapt their tactics to post “good” content and, once trusted, will continue to spam the forum
  • How are new forum members expected to judge ‘good’ content if they are new and learning from others
  • Considerable time and effort is required on the forum administration team to moderate each post before it is published

What does this mean for the future?

Spamming is likely to continue as an ongoing issue that remains a threat to all forums, both residing on the clear and dark web. Technology and machine-learning practices will continue to advance, and those responsible will continue to adapt their strategies to circumvent the defensive tactics that forums implement. The most sensible approach would be for forum administrators and forum software developers to discuss the methodologies that spam authors use and then devise automated functions and manual configurations to make it impractical for spammers to target a forum. Forums should ensure that the time and resources spammers would need to expend to target their site would not favorably compare to the financial return, meaning their site ceases to become a logical target.

Update:

In late July 2020, Dread founder “Hugbunter” specified that an invite system was not the forum’s solution to the spamming issue. Instead, they declared that they were actively working on a solution that would incorporate a more “human-thought process” to combat the problem. There is no indication of the implementation of this solution at the time of writing.