The spammers have returned! And they are posting in the Feedback section and here on the Forum.
Is it now time to initiate a two-level verification process to deter these vermin from infesting our community?
The spammers have been bad this entire year, it's just that we usually catch them quickly.
Due to the holidays, the Foldit Team hasn't been as fast to delete them... sorry about that and thank you for letting us know!
Our hope is that we will be able to fight them off better with the new website early next year :-)
We'd had a few quiet days, but I guess those fine people thought of something else.
Hey Boots--feel free to just message me with spam if you happen to see it (and you wouldn't mind sending it over). Loci and other mods are great at spotting it and deleting it but some may be missed. Thank you for staying vigilante!
Same spammer is back. Why wasn't the account deleted, and the IP address permabanned?
Not sure if it's the same spammer or not, but it's different Foldit users. Yesterday we had the best washing machines in India, today it was amazing bar furniture, also in India. Two different Foldit accounts were involved.
Ops can remove spam posts, but it takes a member of Foldit staff to delete an account. Just letting someone know gets the ball rolling, but it may take a while for spam and user to be gone.
I don't think IP addresses are part of the process. IP addresses probably aren't even recorded in the Foldit database, so determining an IP address would require delving into the logs of the web server.
Even with an IP address, cheap and plentiful VPNs* make it easier for true spammers to evade an IP block. Blocking an IP just means a chance you'll block an innocent party who gets handed that address in the future. Or you'll block everyone at the University of Whatever, right now.
Let's hope that the new Foldit website we've been promised will have better anti-spam features.
(*VPN = virtual private network, commonly used to mask an end user's IP address)
The spammers have never really been gone, although Foldit did have some spam filters for a while. This cut down on spam, but also routinely interfered with legit activity.
Back in May 2020 (seems so long ago now, but maybe not long enough) Susume discovered a 2009 blog thread started by Zoran had become the spam magnet of all time, with page after page of herbal cure testimonials, from dozens of different users. The spam was removed, the users deleted, and the thread locked.
All the spam was kind of similar, praising a doctor who miraculously cured something or another, and usually giving a gmail address and a mobile phone number. Hard to be sure, but it didn't seem to be the work of one individual, seemed more like lots of people following a general script.
The infected topic included a three-letter keyword, which I'll call Haitch Eye Vee, which might have been what attracted the spam. Some of the spam referenced curing that keyword, although Ur Peas was frequently mentioned as well.
This spam outbreak started in 2019, when the thread was already 10 years old and long dormant. It went undetected because replies to a blog post don't show up in the topics area that appears on the main page and elsewhere. You had to search the website with the right keyword to find it. It's not clear what the point was, although maybe the spammers linked directly to the spam.
Although it was nice distraction during lockdown, let's hope the future gives us better tools.
I've noticed that other websites automatically lock dormant threads. That might be a good feature for the new Foldit website, although feedback might prove a challenge. (Feedback can appear dead, but actually be in deep hibernation.)
It would also be nice to be able see all recent posts, such as blog comments, puzzle comments, feedback replies, forum replies, and so on. We've had some hints that the new website may use a more unified approach to posts and comments, so I'll keep my fingers crossed. (For bonus points, watches and notifications would also be a plus.)
The ten-year-old boy deep inside me is giggling over "Ur Peas". Sounds like a dish I don't want for dinner.
Another spammer posted here, in the comments:
I don't get what the point is.
I'm guessing that Foldit is on some list for sale somewhere. Would-be spammers buy the list, then hit many many sites the same way. They are probably scripts that assist in the effort, but there's a fair amount of variation, which suggests manual effort.
I don't think comments like the one you spotted (now deleted) get a lot of eyes, but who knows. They are hard to find even when you go looking for them.
Another piece of the puzzle is spam user profiles that exist mainly for the "my homepage" link and maybe the "about me" section. We mainly ignore them. They are also hard to find. For each user that posts spam comments, there are many of these spam user profiles that never post.
Let's continue to hope that the new website fixes some of these issues. Spam users don't install Foldit, so they never open a puzzle. I'd suggest deleting these never-active accounts after 90 days (or less).
The idea of deleting never-active user id is complicated by the second ids used for IRC. A simple database query probably gets you the never-active ids without too much trouble, but that list would probably include most of the IRC ids.
I wonder if spammers would still create accounts and post such thoughtful messages as "Hi!" if we disallowed web addresses on player profiles (or at least players who haven't earned X achievements or global points)... or just locked player profiles entirely until they've played "enough" Foldit to earn that.