Couldn't they just fix the #comments-X problem? That's mainly how spam is done (or at least where I usually am)

i-stubbed-my-toe wrote:

Couldn't they just fix the #comments-X problem? That's mainly how spam is done (or at least where I usually am)

“#comments-X problem”? Elaborate

AHypnoman wrote:

i-stubbed-my-toe wrote:

Couldn't they just fix the #comments-X problem? That's mainly how spam is done (or at least where I usually am)

“#comments-X problem”? Elaborate

It's a glitch where if you post a comment saying "https://scratch-mit-edu.ezproxyberklee.flo.org/users/<username>/#comments-1 https://scratch-mit-edu.ezproxyberklee.flo.org/users/<username>/#comments-2 https://scratch-mit-edu.ezproxyberklee.flo.org/users/<username>/#comments-3 etc" then if you click all of them, once you post a new comment, a bunch of clone comments will all be posted, bypassing the spam filter and rate limiter.

i-stubbed-my-toe wrote:

AHypnoman wrote:

i-stubbed-my-toe wrote:

Couldn't they just fix the #comments-X problem? That's mainly how spam is done (or at least where I usually am)

“#comments-X problem”? Elaborate

It's a glitch where if you post a comment saying "https://scratch-mit-edu.ezproxyberklee.flo.org/users/<username>/#comments-1 https://scratch-mit-edu.ezproxyberklee.flo.org/users/<username>/#comments-2 https://scratch-mit-edu.ezproxyberklee.flo.org/users/<username>/#comments-3 etc" then if you click all of them, once you post a new comment, a bunch of clone comments will all be posted, bypassing the spam filter and rate limiter.

Tested this on my profile and with an alt, this does not happen.

The main source of spam is advertising, excluding recent spam “attacks”.

AHypnoman wrote:

i-stubbed-my-toe wrote:

It's a glitch where if you post a comment saying "https://scratch-mit-edu.ezproxyberklee.flo.org/users/<username>/#comments-1 https://scratch-mit-edu.ezproxyberklee.flo.org/users/<username>/#comments-2 https://scratch-mit-edu.ezproxyberklee.flo.org/users/<username>/#comments-3 etc" then if you click all of them, once you post a new comment, a bunch of clone comments will all be posted, bypassing the spam filter and rate limiter.

Tested this on my profile and with an alt, this does not happen.
The main source of spam is advertising, excluding recent spam “attacks”.

I tested it on my profile and it worked?…
It is true that there's advertising, but there is much more ACTUAL spam than usual.

Helpppppppppppppppp- wrote:

I can already imagine someone chatting with their friend making it so that they post a bunch of comments and then receive the “Your activity seems unusual. Please review your comments before posting” message and then getting muted for 10 hours lol. How would the spam detector detect when someone is just chatting or actually spamming? I don’t know if I misunderstood something but that seems like something that could potentially happen. Also a limit of 5 comments each hour would discourage a lot of new users from interacting with the site. (I’m just gonna ignore the whole upvoting system rn cuz there are too many flaws to list)

And on top of that anti-spam measures are more often than not annoying most of the time and can be easily bypassed by people who really want to spam (such as the essa spammers)

1/ Spam warning ≠ automatic mute: Receiving a message like “Your activity seems unusual” doesn’t mean you’ll be immediately muted. Sanctions would only apply if you keep posting comments considered as spam
2/ Spam detection: The system could detect repeated or highly similar messages from the same user (as it’s currently). Normal conversations don’t usually involve saying the same thing 30 times, so it shouldn’t interfere with regular chatting
3/ The “5 comments per hour” limit is just an example to explain the concept. This number could be adjusted
4/As you mentioned, determined spammers might still find ways to bypass the system. The goal isn’t to stop them entirely (which is nearly impossible) but to slow them down enough that it becomes too time-consuming to continue spamming

SCLF-Xingshu wrote:

No any support. Actually, many things are prohibited on Scratch, but people still continue to do it. So, votes may be exchanged even it is not allowed. Then, no restriction is too much relaxed, they could actually spam when they are “experienced”, but 5 comments is too much restrictive. And even they'll be hidden, it's easy to discover :
New Users => New Scratchers
Active => Scratchers that do not speak much
Experienced => Scratchers that speaks very much
And losing commenting rights, for how much time ?
I think that Scratch's moderation, that is even not the best, should not be replaced by points-based moderation, then there will be many exchanging, even it is not allowed because spammers often prefer be banned on alts and be able to spam on main rather than waiting people voting.

1/ To reduce abuse, terms like “vote” could be included in a banned word list. If a comment contains such words, it wouldn’t be allowed to post
2/ Very few spammers would invest the time required to become an “experienced user” just to spam.
3/ Contribution points wouldn’t only rely on comments but would include several activities.
4/ Sanction duration: Temporary comment restrictions could follow a progression (e.g. 10 hours, 1 day, 1 week) based on the recurrence of spam, as mentioned in an other post

everwinner64 wrote:

1/ To reduce abuse, terms like “vote” could be included in a banned word list. If a comment contains such words, it wouldn’t be allowed to post
…
3/ Contribution points wouldn’t only rely on comments but would include several activities.

'Vote' has a lot of valid uses - banning it would do harm.

What activities? Examples?

This is absolutely terrible can could lead to it being abused by bots downvoting comments to get them comment blocked. Also “No restrictions” is an absolutely terrible idea since you can just be a fake helper then just ddos scratch randomly.

AHypnoman wrote:

What activities? Examples?

Participation on forums, doing valid remixes, making projects (not just a white background), and maybe by participating to Scratch events

Helpppppppppppppppp- wrote:

Uh there isn’t really any way to slow down determined spammers, for example essa uses hundreds of hacked student accounts to spam all at the same time (and some glitch to bypass the “whoa seems like you’re commenting really quickly!” message) this system would do nothing to slow them, since essa could just spam 100 other different accounts to eventually wait out the mute (or find another glitch to bypass it lol) this would just be more annoying than good.

My suggestion would apply to each accounts, student or not. However, if groups use many accounts, even with a low “status’’, they’ll be able to spam, but, in my opinion, it’s not the same sort of spam, because, in this case, they hacked accounts, which is illegal, and use them to massively spam, what is in my opinion, DDoS, which illegal too. I don’t think, and I’ve not seen, many people doing this, even if it exists.