Spamming is an irritating and sometimes damaging issue that affects all of us, whether it’s constant emails about dubious products and services or pop-ups appearing after a quick Google search. Happily, though, the ongoing development of safety practices for our everyday email applications, and the average user’s increased security awareness, mean that spam does not pose as much threat as it once did. Yet the same cannot be said for the dark web, where spamming is becoming a real problem for forum administrators. In this context, spamming refers to the practice of using bots and other automated tools to create havoc within a cybercriminal forum, ultimately rendering these forums completely unusable or affecting the user experience to the extent that members abandon the platform.
In this blog, Digital Shadows (now ReliaQuest) explores the subject of spamming via a recent discussion on the dark web community forum Dread in which members discussed the pros and cons of an invite-only member system suggested to combat ongoing forum spamming. We’ll also look at what an invite-based system might mean for the forum going forward.
What is forum spamming?
Forum spamming refers to posting messages on cybercriminal forums that are nonsensical, abusive, marketing gimmicks, or generally irritating. Although many forums attempt to set rules to prevent forum spam, the owners of accounts posting such messages usually disregard those rules to cause chaos. The motivations behind why spammers conduct these types of activity vary greatly. Dependent on the target and the desired outcome, these may include:
- Negatively impacting a forum financially
- Causing so much disruption that ultimately leads to a forum shutting down
- Discrediting and tarnishing a rival competitor forum’s reputation
- Skiddies (Script Kiddies) just doing it for fun
Forum spam can be posted to threads either manually or via automated bots (aka “spambots”). Spamming usually occurs when a competent administration team cannot maintain a forum and can take place over a couple of minutes, hours, or even days. It may ultimately result in server crashes. Examples of forum spamming include:
- Reviving multiple threads within a couple of hours that have not been active for a few months (often referred to as “gravedigging”)
- Posting a random message not following the discussion in a thread, usually repeated across several sections
- Spamming random threads repeatedly with advertisements or weblinks not related to the topic
- Posting regularly to acquire elevated forum rankings and post counts, often contributing nothing to the conversation
Conventional forums on the clear web have several options to deal with spam, including:
- Using inbuilt spam mediation options included in forum software like phpBB, SMF, and YaBB. These measures typically protect against forum flooding, trolling, and forum spam by introducing limits on repeat postings, deactivating users’ ability to post images, or reducing member privileges. Forum administrators can control and modify each of these measures accordingly.
- Recovering and blacklisting the IP addresses of the accounts responsible.
- Moderating new registrants and subsequently approving or deleting their forum contributions, respectively.
- CAPTCHA routines to prevent automated registrations (either textual or visual).
- Confirmation email verifications.
- Redirecting spambots to specifically configured spam forums.
- Blocking posts or registrations that contain certain blacklisted words.
- Manually examining new accounts for specific indicators, e.g. spammers tend to delay email confirmation for several hours, while human-operated accounts will confirm promptly. Spambots typically have relatively overlong usernames to ensure uniqueness.
However, these measures are not so easy for a dark web forum to implement if the platform’s administrator has opted to use either non-conventional or completely bespoke forum software in combination with Tor. Tor helps to prevent the capture of data associated with these spam accounts, such as real-world IP addresses, nullifying the ability to blacklist identifiers. Bespoke forum software might not have inbuilt security features to identify spamming type behavior.
The increased time and resources expended by forum administrators and moderators in combating spam contributes significantly to labor costs and increases the skill level required to run a dark web forum. Continuous upkeeps can result in the demise of forums that are either returning minimal profits or are just smaller and therefore don’t warrant the extra efforts.
Dread members discuss spam
On 27 Jun 2020, the Dread administrator opened a thread to discuss the possibility of moving the forum to an invite-only format, with mixed member responses, to say the least. Dread has had to deal with ongoing issues related to spamming accounts registering on the forum and impacting its usability. The administrator explained that the forum team had attempted to mitigate spamming in the past by implementing several security measures, but that these were not sustainable in the long-term. Previous steps have included:
- Implementing advanced CAPTCHA-based mechanisms
- Actively removing suspicious or flagged accounts
- Temporarily suspending forum registrations
Dread has always prided itself on being a platform that is open to all and provides a service without censorship. Despite this commitment to freedom of speech, the administrator initiating the discussion about an invite-only format indicates they recognize that the ongoing threat from spamming could severely impact the forum’s running, and ultimately render it redundant, likely resulting in members flocking to rival platforms.
The time and resources required to maintain the previously implemented anti-spam mechanisms, along with the advancing development of machine-learning that helps spambots circumvent CAPTCHA-based mechanisms, seem to have necessitated a search for a new solution to avoid forum member attrition. An invite-only system could potentially frustrate spamming accounts to the point they cease to exist or provide enough of an obstacle that those responsible do not see the cost-benefit ratio of continuing to do so.
But what are the advantages and disadvantages of introducing an invite-only system — or the few other ideas suggested in the discussion?
Concepts Dread members recommended to combat spam:
- Invite-only: Registrants would be required to retrieve an invite link from an active member of the forum
- Payment-based: Registrants would be required to pay a fee upon signing up to the forum
- Post Count: Registrants would be required to achieve a specified post count before accessing the main forum
- Post quality review: Registrants would be required to meet a set standard with their post content before granting them access to the main forum
|Post quality review||
What does this mean for the future?
Spamming is likely to continue as an ongoing issue that remains a threat to all forums, both residing on the clear and dark web. Technology and machine-learning practices will continue to advance, and those responsible will continue to adapt their strategies to circumvent the defensive tactics that forums implement. The most sensible approach would be for forum administrators and forum software developers to discuss the methodologies that spam authors use and then devise automated functions and manual configurations to make it impractical for spammers to target a forum. Forums should ensure that the time and resources spammers would need to expend to target their site would not favorably compare to the financial return, meaning their site ceases to become a logical target.
In late July 2020, Dread founder “Hugbunter” specified that an invite system was not the forum’s solution to the spamming issue. Instead, they declared that they were actively working on a solution that would incorporate a more “human-thought process” to combat the problem. There is no indication of the implementation of this solution at the time of writing.