There was no exaggeration fromJennifer Kelley when she introduced this session by declaring that spam attacks have significantly shifted in frequency and technique over the past 15-18 months. Spammers have become human-centric and more adaptive. Spammers are creating accounts and emails that appear legitimate and are difficult to detect; until the damage is already under way and crippling your community.
Sam Creek shared his first hand experience with the early 2015 'Korean' spam events. They experienced a period of time where spam attacks filled message boards, the community communication tools became spam repeaters, and community analytics were destroyed. Every reactive measure lead to greater adaptation of the spammer. On February 14, 2015 the creation of 100 spam accounts and over 10,000 spam posts forced the community to be taken temporarily offline.
Sam and Jive took initial measures to mitigate the attack. Jive blocked non-sanctioned party IP blocks, banned 2 S. Korean Telecom IPs from posting, and
invited CA Technology to become part of the Mollom Spam Prevention Service Beta. The CA Technology Community team:
- turned off private messaging
- added nofollow rules to external URLs
- Allow permanent bans
- added keyword interceptors
- added a spam link interceptor that requires moderation for users under point threshold
- moved spam to private space to be analyzed before deletion
- and worked with their IT team for complex blocks
Sam shared that ultimately, none of those efforts were effective. Their number one issue was that the community had an open door. In order to secure the 'front door' they set up a black list (which allowed no access), a grey list (requiring moderation), and eventually a white list process. The white list process cut the added work load of moderation from 2.5 hours a day to .5 hours a day.
(White List Process)
In the Winter of 2015 Jive released Cloud Spam Prevention. In Sam's experience, the white list process + Cloud Spam Prevention lead to great success and less stress.
In Summation, a proactive approach is the best strategy. Jennifer's proactive suggestions are to implement
- New user account moderation
- A points threshold
- Message governor interceptor
- Domain blacklisting
- Link moderation
- Create 'spam quarantine' private/secret group
- Define action plan, after-hours moderator coverage
- Enlist members' help - advise the process to follow r.e. spam/abuse
Recommended groups for further conversation: