Current status of the Ning Platform is always available on the Ning Status Blog.

The Spam Arms Race

Many of you have been seeing a sharp increase in the number of spammers attempting to sign-up to your networks. For NCs with member moderation turned on, this means you need to spend time each day wading through spammers to find valuable, legitimate new members. For those of you who don’t have member moderation turned on, spammers are clogging up your member lists. We are facing similar challenges on Creators and personal networks. Allison is getting 10-20 spammers attempting to sign-up each day on Creators despite having CAPTCHA, email verification and the quiz turned on.

Unfortunately, spam continues to grow across the Internet as spammers get more sophisticated and build larger teams to overcome defenses. This Spam Volume Index reported by Trustwave shows a 3x to 4x increase in spam since late last year. Patrick Chappelle recently posted a discussion on Creators discussing spam trends off the Ning Platform. And community owners are reporting issues on other platforms, such as this discussion in the Drupal forum.

Ning has invested a large amount of engineering resources in an arms race to fight spammers, starting in 2009 and working almost continuously up to today. This summer, we released the spam folder to automatically detect spam and prevent your members from seeing it. We are evaluating a number of options that will make it harder for spammers to join your network, including a more sophisticated sign-up quiz. We expect to release these new tools in September. We also plan to improve the member moderation interface in your dashboard in Q4 to make it easier to reject spammers in bulk.

Ning Approach

Blocking spam is a complex problem. Almost every solution has trade-offs. I’d like to share what Ning has implemented over the past 4 years to help you understand the trade-offs we’ve made and all of the tools that are available to you.

Our approach has evolved since spam first emerged as a significant problem in 2009, but generally has had three elements:

  1. Identify, and in some cases block, members who look spammy
  2. Identify and block content that looks spammy
  3. Give you a set of tools to block spammers from joining

Identify Spammy Members

There are several ways to identify spammy members. Each has drawbacks:

  • Information collected at sign-up. IP address, profile question answers, email address patterns, even the speed with which a new member completes registration. Unfortunately, spammers adapt quickly to detection rules. They use bot-nets to avoid IP address blocks, modify email domains and address structure, and quickly change profile question answers (e.g. use 3 letters instead of 2).
  • Behavior after sign-up. For example, a new member who makes 12 comments or 15 blog posts immediately after sign-up is likely a spammer. This approach has two main drawbacks. The new member will do damage (publish spam) before we detect them. We will always have false positives – a valuable new member who is highly passionate and engaged.
  • Flagging by other NCs. If one or more other NCs suspend a member for spam, then we could block them from signing-up for any Ning Network. However, different NCs have different definitions for what they consider spam. And one NC could ‘black ball’ an IP address or another NC from joining other Ning Networks for malicious reasons.

Ning rolled out a spammy member detection system in February 2010 based on member behavior and flagging by other NCs. We immediately received a high volume of complaints from NCs and members about false positives – legitimate members that were disabled. Based on the complaints, we modified our approach to soft block suspicious accounts, rather than disable them.

We are continuing to soft block suspicious accounts. However, we found it difficult to expand this approach without impacting an unacceptable number of legitimate members. So in May 2011, we introduced the Spam Watchlist. Rather than automatically disabling or soft blocking a suspicious member, we flagged them and placed them in a Spam Watchlist folder in the member moderation interface of your dashboard. This gives you or your admins the ability to review and take action as you see fit.

Identify and Block Spam

A major disadvantage of spammy member identification is that by the time we identify and you take action on the spammer, the spam has already been published to your network and the damage is done. To address this issue, the Ning engineering team built and “taught” a spam classifier to detect spammy content with a high degree of accuracy. We first used this classifier last spring to clean-up old spam that was cluttering up your networks. This also helped our engineering team to test the performance of the classifier under a high load.

This summer, we deployed the spam classifier to block spam in real-time through the Spam Folder feature, released on Ning 3.0 Networks in early June and Ning 2.0 Networks in late June. If the spam classifier detects spam with a high degree of confidence, we place it in your network Spam Folder rather than publish it. Administrators can remove content from the spam folder and publish it. Content left in the spam folder for longer than 14 days will be automatically and permanently deleted from your network, which makes it easier for you to manage the spam folder.

This solution also has a trade-off. In order to catch more spam (increase the catch rate), we need to block content we are less certain is spam (decrease the hit rate). A lower hit rate means more false positives. We feel it is important to have a very low number of false positives, so we are currently only blocking content that we are highly confident is spam.

NC and Admin Tools

Over the past 4 years, we have also released a variety of tools to help you block spammy members from joining your network. These tools are primarily meant to defeat automated sign-up scripts or bots and slow a human spammer down. None are silver bullets – they are meant to be speed bumps. By forcing a spammer to register with a human being and making the process more expensive, we can reduce a spammer’s return on investment (ROI) and encourage them to attack easier targets than a Ning Network. Here’s a list of tools we currently offer:

The major advantage of the tools approach is that it gives you control. You can make the trade-off between limiting the number of spammers who join vs. adding friction to the sign-up process for legitimate members. You can find valuable advice and creative suggestions about using these tools in Creators discussions initiated by Kos and Patrick last month.

Note, turning on member moderation is a very effective way to block spammers from joining your network. However, we recognize it puts an administrative burden on you and your admins. And it introduces a delay between a member signing-up and being able to participate on your network. Even if you have member moderation turned on, we recommend that you take advantage of the tools above to reduce your workload.

Moving Forward

As our last 4 years show, fighting spam is an ongoing battle. We will continue to invest engineering resources to help you keep your networks clean and reduce your community management workload. In September, we plan to release at least one new tool to make it harder for spammers to join your network. Longer-term, we plan to optimize and expand the scope of our spam classifier (Spam Folder) and investigate new ways to identify spammers when they try to sign-up.

I’d like to thank all of you for being vigilant and training your admins and moderators to effectively use the spam-fighting tools we offer. As always, we appreciate your feedback and ideas.

Image courtesy of Scent of Green Bananas via Flickr.

You need to be a member of Ning Creators Social Network to add comments!

Join Ning Creators Social Network

Votes: 0
Email me when people reply –

Replies

  • I tried the new signup quiz question, "What are the first two letters in the third word in this sentence" and have mixed results to report.  While it seemed to keep out spammers Mr. 182.68 and Mr. 182.64 (Yeah!) unfortunately my more prolific spammer, Mr. 122.162 posted 10 spam profiles while I was sleeping last night (see attachment (one spam profile out of view)).  

    I think quizzes are definitely the better way to go than questions because most/all questions can be answered by search but in my case the spammer can read/comprehend English pretty well or he/she has access to someone who can.  

    I will keep experimenting and changing my quizzes but I still go back to what I think are the only two real ways Ning can fight this variety of spam, either scan profile pages for spam or allow site admins to block address ranges.

  • I would like the profile questions to disallow all caps. That would keep the spammers out from my site. They answer the questions in caps. 

  • Take a look at my screenshot to feel my pain - 15 out of 33 signups so far today are bogus.  

    I wish I had either robo spammers or spammers who don't know how to use search because if a spammer can read they can answer any profile or signup quiz you can come up with.  

    I have attached a screen shot of my work for this morning.  Out of the 33 sign ups I had last night (you can't see 2 of them) I am about to delete 15 spammed profile pages.

    It's not that it is difficult for me but for 7 hours the members of my community have to see them and in the case of today it is 50% of the new members are bogus.  

    I use ALL of Ning's anti-spamming tools but my spammers leave messages with links on their profile page.  Unless Ning scans the new member pages for key terms then the only way I can see to fight this is by blocking IP ranges.  

    In my case you can see that 13 came from Mr. 122.162 and the other 2 (usually there are more) came from I'm guessing Mr. 182.68 and Mr. 182.64 - and they come back day after day so I know them well.  Moderating every member in my case is not practical so I and I'm sure others need to live with this pain until Ning finds a solution.

    • if a spammer can read they can answer any profile or signup quiz you can come up with.

      Bruce, I'd love to know what signup quiz question you are using that is not working well.  i bet it's way to easy to answer.

      Most humans hired by spammers to answer profile questions probably only read English as a second language, and not very well.  That's why if you use a quiz question like "What color is the sky?" or "What is 2+2+3?"...well most spammers will not have a problem answering those simple questions in English.  However, if use use quiz questions such as the ones Kos and I have suggested in previous posts here or similar, it will indeed stop almost all spammers from even being able to put in an application... yet legitimate applicants will not have too much trouble answering correctly.

      • Quick update, using the question, "Type the third word in this sentence" is not allowed by Ning.  I get the error message, "You cannot use an answer that appears in the wording of your question. Please rewrite your question or answer."

        However using your idea I came up with, "What are the first two letters in the third word in this sentence?"   th  

        Which works but is a little trickier to my point of non-english non-spammers but let's see what happens

        • Be sure to let us know how it goes Bruce :)

      • Hi Strumelia, I cycle through a bunch of questions such as:

        • How many bits does an IPv4 address consist of? 
        • Which internet protocol has more addresses?
        • An IPv4 address consists of how many octets? 
        • How many bits does an IPv6 address consist of? 

        But they can all be entered into Google and answered.  

        Take a look at what comes up when I copy/paste your question: What is the black & white wild striped horse?

        https://www.google.com/search?q=What+is+the+black+%26+white+wild+st...

        The question from Kos, "What's the last name of the first US President" can be found by search but it requires opening the first page result and doing some reading so this may work. Many international non-spammers may be frustrated if they need to take the time to look it up but it is a step in the right direction...

        However your other question, "Type the third word in this sentence" is intriguing.  I will try it now and since I don't usually get anything over the weekend (even spammers need time off) I will know how it works Monday morning and will let you know.  My only worry is that 75% of my community is outside North America so it may trip them up too but I'll get messages if that's the case.  

        Thanks!

  • i took my site off approve

    and changed the profile question back to a simple 2+4=6 question

    after having a strong question for over a month or 2  all spammers gave up

    since removing aprove and switching back to a simple question 2 days ago i still have zero spammers

    it seems if your able to block them for a month or 2 they give up trying

  • Hi - I was getting about 10 spammers a day...I had everything on

    I changed the security question to an abbreviation widely known for those who would join our community e.g. what does HR stand for?

    Hey presto I've not had a spammer in since.

    Thanks for the tips

    • 3229673?profile=originalGreat to hear Mike!  I think many use the profile questions believing they will stop spam and that's not their purpose.  The quiz is the way to go.  Thanks for sharing your success story.

This reply was deleted.

Meanwhile, you can check our social media channels