/meta/ - meta

General sitewide meta


New Reply
Name
×
Email
Subject
Message
Files Max 5 files50MB total
Tegaki
Password
[New Reply]


a86333d90dc7fbcabc9aff3ab77442d917604ebe1f33b3af1640b3cf1ff1144a.webp
[Hide] (21.6KB, 640x480)
This is a thread to give some background on the illegal porn spam with links. I've seen some false guesses and claims going around on various boards so I figured it's time I made a dedicated thread to explain it.

I have been a janny, mod or admin on a few imageboards for the past 10 years, and casually post on many, including anon.cafe for the last 4 (although less so recently). Those who use a few different sites at once, especially slower/understaffed boards, will soon begin to notice patterns. Posts which look out of place. Identical posts which look out of place on two different sites. Drop a quote from it into a search engine and it's on twenty different imageboards!
It turns out there are a few spammers on imageboards, who go down a list of boards reposting the same post. A few years ago I made a bot to regularly check for new threads on imageboards and highlight any duplicates, documenting imageboard spam to find patterns and learn how to combat it.
There are a few different main categories of this spam. One is imageboard spam (or sometimes forums or D#scord chats), many of you will have seen recent posts from two news imageboards, just posting a link to their site and leaving. Political spam is also big (almost always either generic /pol/ tripe, Christian evangelism or actual schizophrenic psychosis), and it's worth noting that politics spam was especially big around 2020 so there will probably be a heap later this year. This is easy to spot on hobby boards, although it often blends in unnoticed on politics boards and random (/b/) boards, where they're often taken seriously, and sometimes those spammers choose to just repost only on the dozen /pol/ boards online. There are some other smaller classes of spam, but we're here to talk about the biggest spam category by far:

The CP spam is commercial spam. That's why they have links in them.
They hit any imageboard they can find. Even test sites with no users.
Different CP site owners have been doing this for at least 10 years, and probably ever since the internet went public.

This isn't news to people who have been around for a while, but for fresh users on political sites it's easy to jump to the conclusion that its one person (some cryptic 'pedoposter' character), or their designated scapegoat or feds trying to take their site down. But this was happening before /pol/ was even a board on 4chan, and it was happening on even harmless niche hobby imageboards (which is where I started jannying ten years ago, to help delete the hourly CP spam until the admin programmed a hacky countermeasure). And they don't just target imageboards. This is commercial spam. They target any blog comment section or unsecured forum they can discover. You can verify this yourself by checking where the same ad link appears in a search engine. There are commercial/freeware tools made by organized crime companies for discovering and spamming unsecured forums, which brag about being able to break most captchas (and even 10 years ago you could pay $1 per 1000 Google reCAPTCHA solves by real humans in poorer countries, all plugged into your bot via an API).

But there's an important point. The current ones aren't bot posting. These are humans, fresh custom-made captchas don't stop them. Simple post filters don't stop them ('post blocked, please try again' won't stop someone who is financially motivated). Anything that wouldn't stop you, won't stop them. And I say 'them' for good reason, you can verify both through basic linguistic forensics (typing styles, filename choices, filter evasion techniques, etc.) and by fingerprinting their user-agents that the same link is being posted by multiple spammers. Specifically, the current one with a child model on a purple background has the same link being posted by three distinct people, all from East Siberia and far North East Asia. They each have a list of target sites (some use imageboard lists like (historically) cc0's list or AllChans, others use custom-made spam lists with all kinds of websites on them, this can sometimes be confirmed by checking their HTTP referrers) and they go down the list, one by one, often clearly in alphabetical order, posting their garbage. They usually post on the first board they see, usually the first alphabetically or the most active/bumped board (which is why anons here correctly pointed out /comfy/ and /k/ were disproportionately targeted on anon.cafe), although they may also just have a certain arbitrary board saved (like lainchan's /zzz/, apparently), maybe because it got listed in a search first. I've seen cases where an imageboard has just locked their /a/ board due to constant spam and most of it disappeared (/a/ is first in alphabetical order, so on their homepage it was the first a spammer would click, so this wouldn't work on lynxchan/jschan's boardlist where they're ordered by activity).

It's also important to keep in mind that CP sites come and go, and along with it, different spammers. There have been particularly nasty ones in the past which posted full nudes, link in the image only so the post couldn't be text filtered, random filename, and either no text or text copied from other posts. Phash techniques could be a useful approach there, and the Junkuchan admin has mentioned in the Cloudflare thread that phash filtering has worked well for them. 

Keep in mind, while it's possible in rare cases there is some CP posting which is different to what most people and I am describing, you can very clearly tell when it's different, the main difference being that malicious posters aren't shilling a pedo scam website. I have seen malicious CP posting only once, where a /pol/ user raided a site with child nude modelling photos posted from purchased VPS servers (this was done during a mass raid after the victim imageboard was linked in an active 4chan /pol/ thread. This was back in 2021 or 2022). That stuff tends to be either posted without any text (neither in the body nor the image) or with a taunt.

Here is the monitoring system: https://xj9k.neocities.org/
It only monitors certain sites, and only OPs on some sites, so it's far from conclusive but it's demonstrative.
Spam posts are grouped together under one detection (semi-automatically, so there are some small mistakes), it's worth clicking [Expand] and seeing how they differ over time and attempt to evade filters, or how the same spammer makes similar but different spam posts.
Clicking the Tags button in the top corner (or clicking on a tag) will show you examples of the many categories of spam.
partial_alphabetical_ordering_(newest_to_oldest,_so_read_bottom_to_top).webp
[Hide] (25.2KB, 372x502)
spammer_details.webp
[Hide] (39.8KB, 954x1396)
Directly replying to this post: >>>/comfy/8329

/k/, like /comfy/, was hit because it was more active and therefore prominent on the front page. Someone above said the spammers were persistent on (some) /b/, which is also typically a high traffic board, so this is no surprise.
It's also why on Trashchan, only /comfy/ has been getting spam recently and not the other boards, while it used to hit /nep/ (or sometimes /meta/).
If you've seen the spam text, it's clear they have a tenuous grasp of English if any. They're (mostly) far off Siberians who just try to make a post, retrying for a while if blocked, then move to the next site. It's business to them, they want to tempt pedos into going to their site and (I'm guessing) pay them crypto for porn access.
Why else would they be hitting literally-who anime sites with 0 active users? There is zero value for anyone to take such a site down, and if the feds wanted to do it, they'd just do it through technical or legal means instead of posting CP. Legally speaking, site owners just have to delete it in a timely manner once they become aware of it on their site, otherwise every public site in the world with file uploads would be de-facto illegal. If feds or [pick an arbitrary scapegoat of your choice] were trying to use it as shock imagery, they wouldn't just post one pic once every day or two which gets quickly deleted and they'd either have better anti-tracking infosec (I doubt it lol) or be traceable to a 5EYES country instead of Siberia. They wouldn't be posting short-links that expire/die after a few days. They'd be pretending to blend in, hey fellow anonymouses. Or, most likely, they'd just not take the site down and try to incite fedposting and trolling.
Replies: >>376 >>378 >>408
>>375
>It's also why on Trashchan, only /comfy/ has been getting spam recently and not the other boards
It happened 3 times on /retro/ so far, but those might have been the days when we had more activity
Replies: >>379
Thanks for the clear explanation, I bookmark your monitoring site out of curiosity and maybe it will help fighting those pedospammers.
So this is it ? Just some money greedy mafias ? I must say they are pretty anoying.
I remember some years ago they used some creepy CGI little girls with the link directly written on the picture.

I swear I've seen a post somewhere else about your monitoring system. Really informative.
Replies: >>379
>>374 (OP) 
>>375
I'd been wondering what the deal with that spam was for a while now, good write-up anon, let's hope an effective solution can be found.
Replies: >>379
>>376
Maybe so. There's also no reason they have to click the top board, or only one, so it could just be an exception to the trend.

>>377
>So this is it ? Just some money greedy mafias ?
Pretty much, either that or a site owner trying to find new members with untargeted spam. I suspect the first.
I have posted about my site before on other boards, if I've been in a thread and someone's asked about the spam, and a couple of anons have discovered and talked about it.

>I remember some years ago they used some creepy CGI little girls with the link directly written on the picture.
I don't remember seeing CGI ones (that said, I try to avoid looking at any). Some I remember were ones with the link on the picture in pink comic-sans, and another one which was a simple pic of the old pedobear meme with the link.

>>378
Sure thing, although it's important to be aware that when one group goes away, another will probably come up, or if it's not porn spam it will be pharma spam, passport forgery spam or imageboard-advertising spam (imageboard ad spammers are usually the most persistent and good at evading spam filters).
My point being, it will always be a cat-and-mouse game of defense and attack. Defending an open forum using automatic filters will always be a challenge. Fortunately, most of the current spammers aren't technically skilled or particularly creative to get past more technical filters. That said, one of them knows to re-encode images and change filenames to mess up simple file hash blocking.
Replies: >>382
chicken_nigger.png
[Hide] (304.5KB, 460x517)
>>374 (OP) 
Thank you for writing this up, OP. I'd had some small IRC scraps and the like here or there suggesting your OP but I've never had the time/energy to sift through 10 bibles worth of text to find a handful of off-comments about this issue other than remembering a lot of the spam IPs seemed to be Russian/North-Asian in nature. After some niggerfaggot accused me of being a CP spammer and tried getting me permabanned from a different board over an unrelated scuffle, this post and its related content are exonerating so I can proudly call that anon a nigger and thank you for providing such a useful tool.
Replies: >>760
>>374 (OP) 
I agree, the schizo theories about feds doing the occasional CP spam make no sense because that's not how you false-flag a site to death. They'd make bots and feign organic pedo activity on the board and then use that as a pretext for takedown, not make a garbled obvious spam post every few hours.
It's a spam issue and needs to be handled as such.
>>379
>Fortunately, most of the current spammers aren't technically skilled or particularly creative to get past more technical filters.
There's a thought, if these spammers are doing it for the money, then they're going to be optimizing the process as much as possible right? A spammer being paid to do this will go to a board, make their thread and then leave for the next target as soon as they have reason to believe they succeeded. What if the filters worked on a kind of fakeout system? Instead of blocking a post, it's given an expiration timer, allowing the spammer to see their handy work and be long gone by the time the thread is automodded. Since the posts tend to follow a certain format (at least for a little while), a filter could potentially be effective for the lifetime of a campaign, assuming they don't catch on and design more elaborate measures.
Replies: >>384
SEO_gaming_software.png
[Hide] (192.2KB, 780x789)
>>382
>What if the filters worked on a kind of fakeout system?
This is a variant on the tried-and-tested shadowban tactic, and I think it would work. If they have JS enabled (and the current spammers do) you can just make their post appear on their own computer and never even get uploaded.
Like you say, if they catch on then they can take countermeasures, but these ones aren't high-tier, merely persistent.
>There's a thought, if these spammers are doing it for the money, then they're going to be optimizing the process as much as possible right?
There are a couple of different theories behind who is making the posts. They might be the staff of some small website of CP traders doing their own self-promotion (my guess). They could be part of an organized/'professional' crime system which would give them more resources to make it efficient. Some anons suggest they could even be hired third-party posters, like a clickfarm.
But yes, they're going to dozens, if not hundreds of sites in a row, so they'd be crazy not to make the process more efficient. We know they use lists of sites and we know some are changing image hashes every few posts by re-rendering images, although we also know they're slow enough on each site that it's not fully automated. I don't suspect they're using purpose-built spamming software, or even know it exists. One site admin tipped me that they'd received a test post from someone using XRumer, picrel, but it may well have been some generic web spam knocking on doors to see which ones fall over. Spamming tools exist, and we should be aware of their capabilities.
Replies: >>385 >>390 >>415
d946a81a3cc2764492e1e32528f537e869f32f2558f6eac942218eb7accdf7c8.jpg
[Hide] (123.8KB, 700x840)
>>384
>automatically bypass captcha
But can it bypass picrel?
Replies: >>389 >>391
sample.png
[Hide] (377.8KB, 463x525)
>>386
There's this, which was actually proposed once to be integrated into jschan, but then it never happened (probably because it's pretty much useless if you have any board besides /a/)
https://github.com/bakape/captchouli
Back to being effective, you want something that's easily solvable by humans but not by computers. Having a unique captcha system can be a solution, because probably no one will bother to figure out how to crack a captcha system used by a single obscure site. (Unless you have an extremely butthurt enemy)
Replies: >>391 >>392 >>419
>>385
I'm not a newfriend but I never was interested in anime so I hate those anime captchas because I can't even tell who are these characters (cant' even determine if their male or female).
It wouldn't bother me on places dedicated to anime discussions but when it come on general topic places I just hate it.
Replies: >>390
>>389
I was referring to the advert(?) in >>384, not a suggestion to implement a captcha like that. I'm not sure whether it exist at all or it's just a joke someone made in paint in 2 minutes
Replies: >>392 >>393
fug.jpg
[Hide] (37.5KB, 659x676)
>>385
Heh, but you did just remind me of something. I came across an anime captcha on an imageboard (I forget which one, hopefully someone can help me out) where you had to select all the pictures of, idk, Konata Izumi. Now, I generally don't watch anime but it wasn't hard for me to look up the character name and find images to compare to, and hypothetically a bot, if taught about the format in advance (currently unlikely, I naïvely assume) can parse the question to find the criteria 'Konata Izumi' and then run an image recognition tool to see which images match the known symbol 'Konata Izumi'. Hell, I wouldn't be surprised if some anime weeb programmer has already trained a dataset to detect trap characters as a joke. But really, gluing all this together is unlikely to have happened or happen unless that kind of captcha becomes popular, even if it's hypothetically possible to do so.

However, my point is, if you have an imageboard/etc. where gatekeeping is acceptable (e.g. an anime forum can reasonably block people with no understanding of anime, not much of value is lost) then using a test of knowledge like 'which of these characters are girls' would probably be an effective test, so long as it's not a question which can be automatically searched online to find the answer easily (e.g. which studio produced [anime]?).

>>388 [replied to this before I deleted and reposted]
That might be the one, thanks!
>probably because it's pretty much useless if you have any board besides /a/
Surely it wouldn't be hard to change the images, tags and questions to suit another board's topic, but obviously it's not appropriate for some boards where you don't want to block new users.
>Back to being effective, you want something that's easily solvable by humans but not by computers.
This would be very effective against those professional anti-captcha tools like XEvil, but not against the CP spam which is performed by humans. A [generic] anti-bot captcha won't stop a human, by design.
Replies: >>393 >>394
>>390
It exist, I stumble upon those anime captchas like >>388 on some boards. I didn't even bother looking on a search engine because what I had to say was not that important.
So sure these captchas are very good for gatekeeped communities, implying the users have the related knowledge.
Replies: >>393 >>394
>>390
Someone did make it, based on the joke.

>>391 *
>Surely it wouldn't be hard to change the images, tags and questions to suit another board's topic
Ah, it's booru-backed, and maybe hardcoded to danbooru (although shouldn't be hard to adapt to a free shitty booru.org collection, or just make your own similar captcha)

>>392
For me, I wouldn't even be there if I didn't have something important to say :^)
But if I see a Google captcha or even an Hcaptcha, 99% of the time I just leave.
(Oops, forgot capcode)

>>391
>Surely it wouldn't be hard to change the images, tags and questions to suit another board's topic
Actually, no. If you look at the code, it uses a library to detect anime faces in images (using some OpenCV magic way before the AI craze) . It won't work with other things without huge work, and generating the images is what is complicated here, not selecting 9 random images from an image set and sending it to the user.

>>392
>users have the related knowledge
That is something that won't work here, since this is a generic IB, so you're limited to common knowledge. And if you limit yourself to common knowledge, manual spammers will have no problem solving your captchas, but can be still useful against bots. Places like smugloli could maybe get away with a capcha with that, but even they have a few not anime-related boards.
Replies: >>395
750d6b4a829e530894dfb983bfeec987a7f3950ebcd8bfea6b5d0dfef51591dd.png
[Hide] (719.2KB, 950x380)
>>394
I should have linked that OpenCV project here: https://github.com/nagadomi/lbpcascade_animeface/
What could work, is to dust off my stable diffusion install, come up with a few prompts, and generate a bunch of images. I'm pretty sure hcaptcha does something like this, their weird images are clearly AI generated. But then of course you're back at generating something that img2txt can't reverse.
Hi, just going around advertising a new board
https://endchan.net/dump/catalog.html
It's a slow board for dumping and long term storage archiving. 
Do you have any specific topic you would want to have more informations about?

---

update:
> By way of explanation...

The first part of this post, is the post that was moved into the /comfy/meta thread, which kicked off the discussion on Charles Petzold there. This post and the following 11 posts are therefore originally from /comfy/ . This is why the crosslinks aren't working within these posts.
>t. /comfy/ staff
Last edited by chobitsu
>>8290
Is Endchan sketchy? I know a lot of people seem to not like it, but I don't know much about it.
>>8307
AS far as I understand it's more for technical reasons people don't like Endchan.
I used to post on a a board that was hosted there in the past and never felt anything negtive, but I don't know much about it.

As >>8290 posted in the /meta/ thread and wasn't a retard, I let the post for now. It's not really comfy but I think it may be for some interest for some Anons.
>>8317
Okay, thanks for the response. It seems like a good idea for a board, but I didn't know if there was anything potentially nefarious about the site itself with the way I've seen people shit on it.
>>8307
I visited it today, assuming nothing much I went to the overboard and ended up seeing links to CP, so in my humble opinion, stay far from it
>>8323
CP is spammed everywhere tbh (even on /comfy/ sometimes, yes). The problem is mostly the staff's reaction. Whether they react promptly or leave the thing for a long time. If the latter, I'd stay away.
At this point, all chans and imageboards are victims of this, unfortunately.

It's up to anon to sort things out and the staff to remain vigilant.
Last edited by anonyme
>>8324
>even on /comfy/ sometimes, yes
Actually, looking at the logs, from the last 10 posts deleted for cp, 9 were on /comfy/. I don't know why pedoposter likes this board, but he should fuck off.
>>8325
>I don't know why pedoposter likes this board
I have the feeling they just don't like any board. I don't think they target specifically /comfy/ but just spam their shit everywhere randomly. Sure they are the scourge of the chan culture and I wonder who is behind this and why did they do that. I hater them so much.
>>8324
Makes sense, wish the pedo got caught
>>8327
He’s a persistent asshole over on /b/
Coming late to this conversation. I may say that the most CP spam on Anoncafe was -- by far -- directed against /k/ . IMO clearly a glownigger gayop designed to take anon.cafe down. IDF/JIDF and other highly-glowing entities, hate /k/ 's. /comfy/ had it's share of spam there as well, but roughly-speaking it was about the same as a few other Anoncafe boards. As someone also involved over at Alogs (/robowaifu/), I can say that the exact same type of spam was directed against that site as against the Cafe (and practically at just the same times). Clearly some GH glownigger troons working to destroy both sites in a coordinated fashion, I'd say.

But it's easy enough to deal with, so NP. The deck is stacked and basically all the cards are in our hands as staff. So we only have to exercise just a wee bit of due-diligence against these miscreants, and all their plots and connivings go right into the dust (where they themselves also rightly belong as well, heh.  :^)

---

@BO
My apologies for the /pol/-tier post, but IMO this topic is directly & unavoidably -related. Please rm it, if you feel it spoils the comf here.  :)
Last edited by chobitsu
Replies: >>419
redirect.webp
[Hide] (24.6KB, 637x411)
The uncomfy posts from a couple of days ago deserve a reply, although it is a topic better continued over here: >>>/meta/374
>>374 (OP) 
>>375
>I have seen malicious CP posting only once, where a /pol/ user raided a site with child nude modelling photos posted from purchased VPS servers (this was done during a mass raid after the victim imageboard was linked in an active 4chan /pol/ thread. This was back in 2021 or 2022).
Years ago, CP threads would stay up over a day on 4cuck (despite being reported numerous times, at least). There certainly wasn't any financial interests going on there.

I would observe your thread seems more of an attempt to smear the based Russians, than a legit appraisal of this situation. I doubt even a single sheqel ruble has changed hands with the literally thousands of these type posts that have occurred against the webring over the past 4+ yrs. Implying glowniggers have no VPNs that appear to be coming from the territories of their enemies.

Occam's razor (given the blatantly obvious & publicly well-documented many such cases of it by now) suggests instead that it is a persistent and concerted effort by US Federal Government & Israeli Zionist Government agents, specifically intended to corrupt the webring (indeed all altchans apart from the controlled-opposition 4cuck), and possibly create an easy opportunity of 'low-hanging fruit' to take down any site that has lax/nonexistent moderation. I'd estimate the count to be in the hundreds today of rando sites that have been black-bagged this exact way by now. 
>Ask our friend Tom what he thinks about such posts.

Simple as.
Last edited by chobitsu
Replies: >>421
For the time being I also tweaked my cp post detection rules a bit, along with some suggestions from https://xj9k.neocities.org/posts/cp2/, we'll see whether it helps.
>>384
>If they have JS enabled (and the current spammers do) you can just make their post appear on their own computer and never even get uploaded.
The problem is most of the times they make a new thread instead of replying. Which means you'd have to fake a whole new page from javascript (along with changing the url in the address bar), with thumbnail generation. Not impossible, but probably much more work than it's worth.
Replies: >>418 >>426 >>490
>>415
>The problem is most of the times they make a new thread instead of replying. Which means you'd have to fake a whole new page from javascript (along with changing the url in the address bar), with thumbnail generation. Not impossible, but probably much more work than it's worth.
An easier alternative would be a delayed auto delete. Instead of rejecting or immediately deleting the post, it's marked and then deleted after a couple of minutes. The spammer sees that his post went through and moves on. With the number of websites they spam, any more verification would take them far too much time.
>>406
I apologize to chobitsu in advance but your experience doesn't align with mine. Maybe I am seeing a different attacker but there is a lot of such spam coming from European and American data centers (the Netherlands, Germany and East Coasts of the USA seem to be popular) from 10 PM to 12 AM GMT on ibs regardless of their political biases. They post both on gun-loving places and on troon pages with the same frequency, so I doubt that politics are at play. They go after Japanese, Spanish and Turkish ibs as well. 

More accurate description for them would be hunting anything that looks remotely like a standard ib. Chans with quirky or outright weird interfaces that look nothing like an ib do not seem to get affected nearly as much by the same waves.

A simple (but inconvenient) measure would be not to show any images publicly for new threads for a period of time, to at least prevent hosting visual coconut pancakes.  

>>388
They are indeed butthurt enemies. And also humans. And a well trained image recognition ML model might still be able to solve that with ease.
Replies: >>422 >>425
inigo_montoya.webp
[Hide] (3.6KB, 298x240)
>>408
>Occam's razor suggests [spam with links in it isn't trying to get people to visit the link]
You don't seem to understand what Occam's razor is.
Replies: >>425
hrefer607.png
[Hide] (38.3KB, 484x555)
>>419
>More accurate description for them would be hunting anything that looks remotely like a standard ib.
I assume there are two different discovery methods: checking existing lists of IBs and forums (like the ones in OP), and using search engines to discover potentially vulnerable sites ('Google dorking'), like searching for open post forms in HTML or searching known software names. Picrel is a spammer tool used for doing this.
Because of that,
>Chans with quirky or outright weird interfaces that look nothing like an ib do not seem to get affected nearly as much by the same waves.
, this makes sense. They wouldn't be easily discovered, because you often can't just search known patterns to discover them from a search engine.
Spoiler File
(86.1KB, 1066x874)
Spoiler File
(104.2KB, 720x829)
>>419
With all due respect, Anon, I think you may have missed my point. The primary issue behind what's going on here isn't money -- (whether it's Pavel in Vladivostok, or Dong Chen in Shanghai) -- the primary issue is corruption. As in moral/spiritual corruption (whether by Chaim in Tel Aviv, or Ralph in Reston, VA).

CP spamming is part of an insidious plot to destroy young men -- and particularly young White men. If you think there's any real money actually changing hands by this concerted effort against alt-chans, then 'I have a bridge to sell you', as the old jewish adage goes.  :D

And this isn't a joke to these people either... they mean to utterly destroy you (as in death). Their goal is utter dominance, and porn & vice of all sorts is simply a vehicle. I won't go into it  further out of respect and honor for the Lord, Trashmin, Trashchan, and the several nice boards here. But this point is enough.

>tl;dr
THIS IS ABSOLUTELY POLITICAL, AND UTTERLY EVIL.
>

>>421
Ackshually, as an amateur scientist (in Astronomy), I believe I do Anon. But maybe there's something else I'm missing here. Why not share your view on it, and we'll see if we can find some agreement?
Last edited by chobitsu
Replies: >>451
>>415
Seems to me, it's probably helping a bit, Trashmin. Thanks!  :)
1448073463607.jpg
[Hide] (33.7KB, 480x360)
Don't bite it any further, Chobitsu.
Replies: >>461
I'm inclined to believe all the arguments both of you gives are valid.

>a simple shaddy corporate advertising their devious content on places known for their potential niche of devious users.
Makes totally sense for me. Also it can just be some honeypots from some glowing agency.

>some state entity trying to destroy the places they can't control trough indirect attacks by demoralizing the users toi use them.
Regarding the current state of the world it would be totally understanding.

Also a thread was made recently on Lainchan regarding the same issue and some good arguments were posted there: if feds (or another x letters agency) would try to destroy these places, why wouldn't they use more frontal attack tactics, given that they have this power. I tend to believe if it was a glowjob, the tactic used would be different: more agressive spamming without links or not even CP but more targeted spam regarding the niche they try to destroy.

Anyway, both of you may be right on the subject and I don't think one hypothesis systematically rejects the other.
Replies: >>436 >>455 >>755
>>434
>if feds (or another x letters agency) would try to destroy these places, why wouldn't they use more frontal attack tactics, given that they have this power.
This is what makes the glowies theory less credible to me, after all if they want to kill a site they can just shut it down (eg. Megaupload, The Pirate Bay). The only reasons to use sneaky tactics would be for PR reasons or long-term community dismantling, they don't have to worry about bad PR because the media already has an established narrative for sites like this one and occasional CP spam isn't having any real impact on our robustness as far as I can see.

In terms of Occam's razor the commercial angle makes a lot of sense and OP clearly put lots of time into researching all of this. Spam has predominantly been used for advertising campaigns (think of all the random emails and comments you've seen about vitamins, pills, etc online) in which the goal is to cast the widest net possible and catch as many suckers (who would unironically follow shady links in a barely coherent post/comment/email) as you can. The way these CP posts are structured and distributed is verbatim the kind of thing we've all seen across the internet with varying levels of legality, we're just another link in the chain of thousands of websites with open comment sections.
>>425
>Why not share your view on it, and we'll see if we can find some agreement?
Sure.

The principle of Occam's razor suggests searching for an explanation made from the smallest set of elements. The simplest explanation.
So let's consider the evidence:
<The spam typically contains a sexualized image of a child, and a link, the post text also containing a link (and, depending on the spammer, a description of what content the linked site has). 
<We can see the spammers are posting on any site they can get their hands on, regardless of the site content, imageboard or not, indiscriminately going down lists like AllChans and designated spam lists. An anon pointed out they saw the posts on Japanese, Spanish and Turkish imageboards and OP has pointed out they also post on random non-imageboard sites.

As I understand it, the explanation you're putting forward relies on the following assumptions:
>an entity (Zionists and/or the CIA) wants to kill young white men by corrupting their spirit/morals
>alternate imageboards are full of young white men, so the entity concertedly targets these imageboards
>the entity tries to corrupt the users by making a CSAM post with links to a website, a couple of times per week
>the entity is also doing this to shutdown the same imageboards it is using to corrupt the young white men who post there
>the entity skillfully disguises their operatives' browser settings as spammers an enemy country although many admins such as Junkochan's had success blocking the posts with basic countermeasures, so they evidently lack technical skill

Contrast with OP's theory:
>pedophiles own a pay-to-access porn website (or scam site)
>they spam a link to it on any website they can, to try and get visitors, in an attempt to get money

Occam's razor recommends the OP's theory based on its smaller number of elements.

It only assumes pedos who want money (most people want money) are promoting their illegal porn business (pay-to-access porn businesses evidently exist and need to self-promote) by posting links on any open forums they can find (legitimate marketing methods like buying ads obviously aren't an option, criminal service spammers like ID forgery and pharma drug spam are a well-established phenomena on forums). There's no plot needed to explain this theory, just terrible idiots acting rationally.
Replies: >>458 >>461
>>434
>>a simple shaddy corporate advertising their devious content on places known for their potential niche of devious users.
>Makes totally sense for me.
It makes sense and I believe some of the spammers are checking IB lists specifically because of that, and I also think some just see it as 'i can post here without making an account' and nothing deeper.
>Also it can just be some honeypots from some glowing agency.
Sometimes they're the same: feds seize an illegal site and continue running it.
While it is plausible, and I know police and other feds entrap all the time, I think it's unlikely in this case because looking at the context of them not targeting the sites of specific countries. The browsers are unwittingly revealing the current ones as Siberian, but neither Russia nor 5EYES feds have jurisdiction over Turkey, so why spam on a Turkish IB? Why spam on SFW hobby boards with very few users? My impression is the sites are chosen blindly by naive spammers trying to hit as many as possible, rather than some honeypot operation. Spamming those links takes time, and even feds have to worry about time and money.

>some state entity trying to destroy the places they can't control trough indirect attacks by demoralizing the users toi use them.
This hypothesis is understandable from the perspective of people just using political IBs, but it doesn't explain why dead and hobby imageboards are targeted equally. They don't threaten the state, if anything they help keep alienated people placated. There are well-known explicitly political imageboards, both socialist and fascist, which they spam on (so under this hypothesis, the spamming feds don't control them, and these would obviously be high-target), so why don't they just constantly barrage them with it constantly, or even just gore and scat like raiders often do? The imageboards get a few of the spam posts a week at most, which get deleted within minutes. That won't have the desired effect.

>Also a thread was made recently on Lainchan regarding the same issue
The post talking about bots and shill threads on /x/? Yeah I saw that one before, there's a few neat posts in there. And like you said, the big feds have PRISM, TAO/CNO, the power to arrest and all other kinds of direct, effective tactics, so I just don't think they would go in a round-about way. It's not like these are sites like 4chan where thousands of people would notice or care if they went down suspiciously, and feds like Europol suspiciously take down large darknet drug markets anyway, they're not scared to.
Replies: >>458
Sigh, I wanted to avoid this shitfest, but anyway.
The CP posters I've lately seen were all using random servers/VPNs in Europe, but with an ru Accept-Language header. Yes, it's possible that some three letter agency intentionally changed their chrome's language settings to Russian to badmouth them, but Russia is a big country, they have their share of criminals who care about nothing but money.
As for the corrupting young white man argument:
1. How many users do all these alt chans combined have? 1000? Probably less. Statistically insignificant.
2. If someone has enough IQ to escape facebook, reddit, covid vaxx, etc. and find these sites, do they really expect they'll fall for a lame spam message?
3. If they want to corrupt morals so much, why do they never realize when I delete their post in 30 seconds. They can't even be bothered to check back a few minutes later and see if their message is still there. The only case they retry is when they get a world filter block message.
Spam messages generally have abysmal efficiency, but they cost almost nothing to send, so even if only every 1000th retard falls for it, they're already good.
>>451
>although many admins such as Junkochan's had success blocking the posts with basic countermeasures
Well, I implemented a basic perceptual hashing for images years ago, the number of CP posts with images collapsed immediately. So it's not like they have a huge collection of images, they might not even be CP links and just some scam links, I don't know, I never checked them.
>>455
>They don't threaten the state
Wrong, anyone who is capable of individual, not state approved(TM), thought is a threat.
Replies: >>461
>>451
Not only are you complicating the principle itself ("All else being equal, the simplest explanation tends to be the right one"), but you are way over-complcating the basic conditions. To wit:
>jews hate White men with a passion, and know that porn destroys (because they themselves already own the smut factories and have shown them to be highly-effective at both degeneration and destructive behaviors -- particularly for young males).
Simple as.

Money-grubbing and all it's many & varied machinations for this domain is entirely-irrelevant in this situation specifically.

>>430
Heh, you're right Anon. I forgot that I was on the Internets for a minute!  :DD

>>458
>Sigh, I wanted to avoid this shitfest, but anyway.
Apologies, Admin. This issue is more important to me than the simple nuisance of dealing with spammers. I'll drop it now, for my part.
Last edited by chobitsu
Replies: >>471
>The CP spam is commercial spam.
>These are humans, fresh custom-made captchas don't stop them
Yes, likely not profitable but with some scripts it's easy. Though they use public websites for watermarking so there's a lot of manual action to it. So if you're on top of moderation it's like lol whatever.
>three distinct people
I would agree. 
>Different CP site owners have been doing this for at least 10 years
In the past 3 years there's been a large increase. I doubt CCD0 and the boardlists had any real effect. Not sure I've seen sites they come from. The referers are often blank.

Good tracking site. If you listed the shorteners it would be good for URL scraping either by my mods or scripts.

Here is what Kissu has done to combat this. 
I've added a way that scans posts for regex matches on link shorteners.
Admins can add new sites to the screening filter. If you're afraid that your CPU can't handle a few thousand regex patterns you've scraped off of github, you can eliminate most spam with
"/(^|\b)[a-z0-9\-_]+url\.[a-z]{2,4}\/[a-z0-9]{4,8}($|\b)/i",
"/(^|\b)url[a-z0-9\-_]+\.[a-z]{2,4}\/[a-z0-9]{4,8}($|\b)/i"
Blocking any url like tiny.com/asdf3ff
And of course we have exception filters and such.

If it were a bigger issue we have some options of OCR that can be explored, but moderation and regex does enough. We also use perceptual hashing through a utiltiy called blockhash https://github.com/commonsmachinery/blockhash
The perceptual hashing thing has to be implemented through yourself though, comparing hashes with a database you create yourself while moderating.
Correction on my major regex
"/(?: |
|^)(?:https?:\/\/)?(?:www\.)?[a-z0-9\-_]{1,4}\.[a-z]{1,}\/[a-z0-9]+\/?(?: |
|$)/i",
"/(?: |
|^)(?:https?:\/\/)?(?:www\.)?[a-z0-9\-_]*tiny[a-z0-9\-_]*\.[a-z]{1,}\/[a-z0-9]{5,100}\/?(?: |
|$)/i",
"/(^|\b)[a-z0-9\-_]+url\.[a-z]{2,4}\/[a-z0-9]{4,8}($|\b)/i",
"/(^|\b)url[a-z0-9\-_]+\.[a-z]{2,4}\/[a-z0-9]{4,8}($|\b)/i"
  
Replies: >>490
OP.. My righthandman agrees that it's a cool site and we'd like to use it more. If you were to do [redacted] on the URL paths and not the domains themselves it would be quite useful and safe way for us to gather up URLs that spammers will use.
Replies: >>472
The biggest argument against it being commercial, in my eyes, is that the images I see on spam posts vary dramatically from the ones people post when they're doing it for fun/attention (when there's no link and an obvious ongoing reaction to it).  It's common sense to use your best content to draw people in when you market something and it doesn't make sense to post the same nudie jpg over and over when hardcore webms would do a better job drawing in customers.  Admittedly, it would start to make sense if they don't actually have any CP to sell and are just trying to scam people into buying into the download site before acting like the links have been taken down.  No idea if that could be profitable enough to be worth the time, but the legal risk and barrier of entry of that would a lot lower than actually producing, or even collecting, stuff to sell.

On the other hand, while the idea of a conspiracy to corrupt white men with porn is completely schizo, an attempt to keep people on mainstream sites by making it seem unsafe to go exploring is slightly less insane.  There's also the possibility of feds casting a wide net and taking it easy, especially if they have preexisting tools for spam.  We know they use fake sites offering illegal services, so throwing around spambots in "at-risk" populations isn't too big a leap.

Regardless of the source, it's certainly a harmful practice to us that targets uneducated users for something bad and makes running and growing these places more difficult than it should be.
Replies: >>468 >>472
>>466
The typical setup I've seen for clearnet CP spammers involves two groups of people, the website operator and the actual spammers. The website operator runs a file sharing site. Some of the files on the site require a premium account or some other monetization mechanism to download. If you share files on the site, and someone buys a premium account to download your files, you get paid part of the money.

The spammers' links often lead to a web page full of descriptions of child pornography videos accompanied by links to the file sharing site. But on the file sharing site itself, it says nothing about what the files are. With this arrangement, the site owner, who's taking the suckers' money and is therefore in an easier position to get caught, gets plausible deniability. And the suckers don't have to buy cryptocurrency.

It's a very old scheme; as far back as 2009, 4chan, which did not have a captcha at the time, was being flooded with this sort of spam, using the file sharing site "Sharecash" which was monetized by the suckers filling out surveys that tried to get you to buy stuff and sold your information to spammers. There was a Portuguese teenager who sold e-books about his methods; after getting doxxed because he put his real email in the e-books, he defended himself by pointing out that the images he had been claiming were CP were really taken from legal porn sites that catered to pedos by making the adult participants look younger.
Replies: >>472 >>759
>>461
Maybe if you didn't rot your brain with /pol/ shit you'd realize that all this schizo ranting solves nothing. Just implement a better fucking regex to stop these russian spammers, which target all boards equally, political or not.
>>465
The original idea, years ago, was to plug in into an imageboard (e.g. vichan) and automatically generate filters, but it was far too experimental and liable to hit false positives at the time.
With a bit of work, it would be possible to do what you said and have an updating list of URLs or shorteners used by known CP spammers (although eventually I suspect they will probably just do what previous spammers did and just have the link in the image and not in the text). It would just have to be checked every five or ten minutes.

>>466
>Admittedly, it would start to make sense if they don't actually have any CP to sell and are just trying to scam people into buying into the download site before acting like the links have been taken down.
That's a good point. There's a real chance it's a straight-up scam instead of pedos selling to pedos, so they just look up 'child modelling' images, or in some other cases I've seen in link spam, anime images or the pedobear meme.

>>468
Thanks for the info. This is the same type of sleazy money-making strategy I remember seeing with some game mods, with those survey sites or delayed downloads filled with ads, makes sense. I'm guessing that e-book is long-gone, would have been an interesting read.
Replies: >>473 >>476
>>472
The more steps a spammer has to take the better. I have a commission to deliver on a bot which does OCR and link following for my site using his hardware. But I can't really justify the time investment and setting it up on a VPS if the spammers aren't going to put in either so it's backlogged.
plus they don't even really bother with kissu anymore anyways. There are adjacent sites with zero moderation that they prefer. As my mod says... the best defence against a bear is to run faster than the guy next to you
Replies: >>475
>>474
That's exactly it. These are opportunists going for low hanging fruit. Don't be the opportunity.
>>472
I've still got a copy of the e-book. Here's a redacted version (redacted so the mods here don't have to worry about whether the images are CP or not or whether the dead links lead to CP, and because the spammer was a minor at the time of his offense).

https://files.catbox.moe/fgzalh.pdf
Replies: >>477
9d1d5695eb6c821991c7285a3e727d6ed7bd9df0225d762a78b4d9d10ce265b9.jpg
[Hide] (54.2KB, 640x480)
>>476
Thanks Anon! Much appreciated, this could have some unexpected insights.
>>415
Well, I guess it took about 10 days for the spammer to figure it out. Back to manually deleting his posts I guess. I don't want to go with the url regex in >>464 yet, for me it feels like too many false positives (and I don't think that regex would have matched the last domain he used anyway). Getting a constantly updated list of link shorteners seems like a lot of work.
Replies: >>632 >>633 >>763
>>490
Blocking urls won't work, they switch to a new url shortener daily, and it would interfere with normal posters. What you can do however is checking server side if the posted links redirect to anywhere or not. The spammers use the same few pastebin clones (usually telegra.ph or vara.jp), sometimes even the exact same links. That's a relatively accurate way of catching them since NOBODY used those links on my site, especially not behind url shorteners.

Also a lot of the spam comes from allchans.org. Not just the porn ones but the other annoying ones too.
>>490
/comfy/ BO here, I see you delete cp regularly these days, I keep an eye on the board but looks like you're faster than me.
I configured world filters but as I don't have time to see the latest used on the posts you deleted I don't know what they use to update the list accordingly.
I monitor https://xj9k.neocities.org/ to figure out but the latest cp post mentioned here regarding /comfy/ are already in the filter list and date from some times now. So I don't know what I can do more on my side. I don't have many free time to constantly monitoring the board but I come multiple times a day to keep an eye on it.

Anyway, thanks for being this responsive regarding those spams.

for now I guess /ent/ is not that popular to suffer the issue but I keep watching :)
ZZZchan /v/ has some posts from someone using a Russian name with dick picks and one of those has pizza.
That reminds me one of the cafe boards (/l/ I think it was) that had that guy posting dick picks and shortly after it got hit with pizza.
I think the theory that he might be Russian could be true.
Here's the logs from /l/ to corroborate what I mean:
https://anon.cafe/logs.js?boardUri=l
Thank_you.png
[Hide] (88.9KB, 366x536)
Torfag here I just want to say two things: 1. Death to pedos

2. Thank you for not cucking like other imageboards and still allowing torfags to post files, we're not all cp spamming subhumans.  

Hope the CP spam issue will be quickly resolved.
Replies: >>685
>>682
To be honest, I've barely seen CP spamming from TOR. They all seem to come from random clearnet VPN/proxies.
Replies: >>722
09569947dec385c91cfa0bddfe14036f5cf028228bdbed502e65213fe1506b3a.png
[Hide] (57.9KB, 762x1017)
>>685
Same here, I get very little spam from Tor, and none from posters utilizing the the onion service. The most persistent spammer(s) seem to use IPs from a handful of commercial ASNs intended for hosting and VPN services.
Wapchan blocked the vast majority of VPNs and datacenters a week ago, and they haven't got hit with the last few waves of CP.
Replies: >>757
>>434
>if feds (or another x letters agency) would try to destroy these places, why wouldn't they use more frontal attack tactics, given that they have this power. 

A pretty cool paper called "Mining the Chans" or something along those lines recently got dropped in the Lainchan thread that I think explains likely glowie tactics pretty well. 
If this paper is to be believed, the "academic" view of the chans is more or less that there's 3 sorta "tiers" of chans. 

1) 4chan, which is big and annoying, but not that radical.
2) "middle chans", like what 8chan was at it's peak. These are smaller than 4chan, but more radical. 
3) tiny alt-chans. These are tiny and dead, but they're super-radical. 

The paper more or less outlines that direct take-downs may be ineffective due to bunker-chans. I.e. if you shutdown an active site, the community will just migrate to a currently dead alt-chan. Further, they outline that what boils down to chan boardculture makes it very difficult to push counter-narrative on imageboards, so that's out too. 

The strategy the authors go with is more or less to shitpost things that follow the pattern of imageboard dialect (so as not to get detected by the board culture effect) but are meaningless and boring in content. This way, instead of getting caught using counter-narrative to de-radicalize, or risking the community migrating with a takedown, they just sorta bore the users to death to the point that the community whithers. 

Further, the authors go with the idea to attack middle chans. IIRC, their reasoning is that dead alt-chans aren't really worth the effort, and 4chan itself would take too much effort relative to the ROI (since 4chan itself isn't as radicalized as the middle and small alt chans). So for maximal returns, they propose to attack the middle chans. 

This paper in mind, it would point to the CP spam not being related to glowies. It doesn't fit the "academic" model for how to attack radical imageboards. 

Now then, obviously, this paper seems more geared to a late-2010s sort of status-quo, and don't really reflect the current imageboard scene too well. Like 8ch's successor boards are not very relevant compared to the original, and when it comes even to radical content, I don't really see that too much in the more successful boards of today. I mean sure, I see people say "nigger" and "jew" and stuff, and there's definitely a freedom to be anti-trans, generally "conservative", etc, I'm not really seeing the sort of radical neo-nazi type shit that would have been big back at 8chan's peak. I mean, that's still on 4chan, but 4chan is retarded. Like I don't think someone from this webring's community or from lainchan or kiwifarms, agora road, or some other "modern middle" community is going to go shoot up a mosque or a black church or something based on the rhetoric found on the sites they go to. I mean, hell, we can even see on projects like XJ-9K that community-created resources are even beginning to label "alt-right" propaganda as a form of spam. 

So I can't even really think of what the glowie motive to attack would be anymore. The imageboard scene is significantly less radicalized (at least towards violent shit that the state would be most interested in crushing) than it was 5-10 years ago.
Replies: >>756 >>760
>>755
>The strategy the authors go with is more or less to shitpost things that follow the pattern of imageboard dialect (so as not to get detected by the board culture effect) but are meaningless and boring in content.
>meaningless and boring in content.

Tea-anon certified glowie xD
Replies: >>764
>>723
On that note, where can one find a good list of VPN IPs to ban?
>>468
This has been my experience.

I've been a janny and moderator for some years on various *chans and like you said, usually the first link goes to an index of premium file sharing links on some shady pastebin ripoff website, then the filehost website (different file) just says "pay to download file" with no indicator of what it is. 

I'm not going to pay money to see whether the links actually are child sexual abuse media, for obvious reasons but this sounds like a much better description of what's going on than "it's the JEWS!" 

My pet theory: it's the shady filehost sites paying poor people to spam the bait. Maybe they only need to charge $10 or $20 a file and the operation pays for itself.
>>755
On this topic, when has a *chan ever been shut down due to the presence of "CP spam"? I have never heard of this happening, ever. Though I could see a poorly-staffed site choosing to shut down rather than dealing with excess spam, especially CSAM-related spam but really any kind of spam. 

I believe the spam is 100% commercial but its presence could definitely be exploited by TPTB. 

>>380
If I were a glowie, this is what I would do: accuse specific risky individuals of being behind the "CP spam", or accusing rival communities. Getting equally disliked communities to fight each other wastes everyone's time and could get weaker sites to shut down.
Replies: >>761 >>762 >>771
>>760
There's someone who goes around claiming that it's impossible to host alternative imageboards because glowies will spam it with CP and get it shut down. But like you, I've never seen it or heard of any imageboard that it happened to, and I've seen and been to a lot of imageboards.
>>760
>On this topic, when has a *chan ever been shut down due to the presence of "CP spam"? I have never heard of this happening, ever. 

The kinds of places I'm aware of that have would have been Tor sites that wouldn't have considered that sort of thing "spam", but rather "content". 

CSAM has been a problem forever, though; my own chan, which was tiny, and not even indexed on overboards and was totally unrelated to overall chan culture was getting flooded by CP linkspam from india and china back in 2012-2013 kind of time period, so it's legit just cosmic background radiation. I built a captcha and it stopped, but that was a decade ago and likely was being done with bots back then. 

Generally, you're not going to get shutdown unless you're facilitating it, or so goddamn incompetent that you can't stop it. 

Really, rangebanning unexpected countries, ASNs and the dutch (netherlands is basically VPN: the country) and you should really be able to tune out a lot of malicious traffic, I'd think. 

I'm working on an IB script now too for funsies, and think there could be some alternative methods to build detections for bad content as well. XJ-9K is kind of invaluable for artifact sharing, and I think with enough coffee and some dirty tricks, some detections could be built out to greatly reduce human-posted spam too. 

currently, I'm looking at: 

>"count-up" timer for posting, to ensure user's can't ctrl+v their spam message and actually have to take the time to type their message out
>image phash blacklisting 
>to-do: text based detections for malicious messages 

I'm going to use XJ-9K's data to think about this last line item a bit more, but I think you could build out some really simple regexes to detect common text obfuscations. Like a lot of these messages are like "i. '-m a.-r.e-t .ar.d". Something that detects a pattern of several letters interspersed with common seperator chars like ., -, \s, etc could be used to detect obfuscation that these faggots use in general and just block obfuscation as a TTP entirely. That could cut out a lot of spam. 

For retards, like politics, religious prophecy, and tea anon, flat text detections seem like they'd be effective, since the message format generally isn't obfuscated like the CSAM faggot shit. 

Couple these with some tricky shit like false error messages instead of informative "your post looks like spam" type messages, and I really think you could throw the CSAMfag and schizo retard squad off a little. 

A lot of boards are operating without even a basic captcha too, so it's like shiggy diggy do, for real. Especially all the vichan instances, given how ass it is to get the weird captcha system that software has running. 

>I believe the spam is 100% commercial but its presence could definitely be exploited by TPTB. 

As I outlined before, I really think "their" (that is, the state's) plan is to bore us to death. Poisoning the well to make us so bored that we become redditors is the plan, since shutting down sites usually just leads to migration. I don't really think chans are as radical as they were 10 years ago, either, though. So "they" already won, or else we all got old and got a little more invested in the system lol. 

The people who would benefit from CSAM being on a site would be cancel culture types who use shit like that to try and get sites deplatformed. That sort of thing is retard-on-the-internet sourced, and not state sourced, though.
Replies: >>766
>>490

I was going through a lot of the posts on XJ-9K and came up with the following using GPT (I suck at doing regex manually): 

r'\b[a-zA-Z](?:[^a-zA-Z]*[^a-zA-Z\s][^a-zA-Z]*[a-zA-Z])+\b'


This doesn't go after URLs, but it does go after the common text obfuscation techniques used by the CP spammers, so it would detect shit like "I-m/ a/ f-u/c/ k in-g d/ i/d. dler" type shit you see in a lot of the post bodies that are in XJ-9K's dataset. Implemented, this regex would detect this post too, just from me writing that shit. It would also false pos on regex strings themselves, though, so a workaround would be needed for that. Dunno what to do there to keep the false neg rate down, though. 

To fuck up the links, you could target link shortening services in general using a list like this one: https://github.com/PeterDaveHello/url-shorteners/blob/master/list
Replies: >>764
>>756
The eternal anglo never rests.

>>763
One issue with the link shortening services is they need to be pretty up to date. I looked into one a while ago and none of the links being used in spam were in the list at all.
>>762
On my homebrew scripts, I prefer to just tell banned users (including all known tor nodes) that they solved the captcha incorrectly rather than telling them they're banned. This has gotten a handful of people to email me complaining of a "bug" -- no clue how many are CP spammers but it's always amusing.
Replies: >>774
>>760
Junkuchan absolutely got shut down by its web host in 2015 when it was unmoderated. If a concerned party (related or unrelated to the spammer) reports CSAM to an imageboard's host or domain name registrar, they can get an imageboard shut down. Obviously, getting to this point requires significant negligence and most poorly staffed imageboards would probably get shut down by the owners before getting to this point, as you said.
Replies: >>774
Just a note for reference, a CP spammer recently arrived at my board via the smuglo.li webring board list. So they don't just use the AllChans list.
I wouldn't assume this is some sign of intelligence, they were probably just looking for the fastest board on the site to spam since there's no homepage. So I'm assuming this is just a fluke, will reply if it happens again.

>>766
CP spammers aren't going to send an email, too much effort. They're going for low effort return-on-investment. (also, they don't tend to use Tor in my experience)
Hellbanning/shadowbanning is effective against spammers, but it totally destroys the end user experience if there is a false positive, and they can be easy to make especially with scripts.

>>771
This. It would straight-up require abandonment for most hosts. I've modded for a board which was maliciously reported for both CP and other offenses, we literally just told the (mainstream) web host it was deleted and they said kthx.
Replies: >>776 >>777
>>774
>So I'm assuming this is just a fluke, will reply if it happens again.
Note: It happened again today (and was also caught automatically by the antispam filter)
Replies: >>777
>>774
>>776
Have you recorded the referer info to see what was the exact url it came from? They have their own link farm (some online forum) they traverse from, but they also often come with no referers so they either learned to copy paste the links or use an add-on to automatically remove referers.

Also what filters did you use to catch them, just some regex, or something more powerful?
In these two cases, the referrer was smuglo.li. IIRC browsers send the exact URL anymore, for privacy reasons.
But yes, they do have link farms. I've seen some of the current spammers create wikis on free sites and use them to create a list of links to click on. One was http://avtodinozavr.xobor.de/t4f2-ERGGRGR.html

>Also what filters did you use to catch them, just some regex, or something more powerful?
Custom-coded filter on the IB, which is essentially regex and also blocking users who arrive and instantly paste text and post, plus referrer filter in the web server config to block known-bad referrers like the one above, and add a challenge to good-and-bad ones like allchans.
Replies: >>779 >>781
>>778
>blocking users who arrive and instantly paste text and post
In hohour of an old tradition, I litterally have a thread dedicated to pastes on my board. Recently someone reporting one of these post as "spam" and I must agree despite the nature of some texts posted there, there's room for doubt. But as long as it's not infringing global nor board rules it's okay.
Replies: >>796
>>778
Hahaha oh wow, I may have been the one who sent you that link. for what it's worth, they don't use that anymore, but they sometimes use a http://chatango.anime-bb.ru/.

I asked because I managed to block the cp spammers so well that I simply don't get them in large enough number to create statistics, so I was wondering if there's anything new I should keep up to date about. Our site is not on the webrings.
Did you save any other identification data on them, or a reference link on xj9k? Just so I know which spammer it is, one of the half dozen russian or the few brazilian ones.
Replies: >>796
ClipboardImage.png
[Hide] (31.1KB, 486x352)
I've just seen a new style of spam which I believe is the same group.
>picrel, using a QR code to try and evade link detection
>posted via .onion address using Tor Browser
>despite using Tor Browser, changed language settings to Russian: header = "ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3"
>specifically used jschan's board page to search for the most popular board, even changing the setting from default sort by activity to sort by popularity: "GET /boards.html?search=&sort=popularity&direction=desc"
It's actually pretty funny that they spent far more time preparing the post than it took me to notice and delete it. But on the other hand, it suggests a little more exploration into basic counter-detection.

>>779
>>781
Sorry for not replying, hectic month and I forgot to subscribe to this thread.
>In hohour of an old tradition, I litterally have a thread dedicated to pastes on my board.
Some of the detection tactics I talk about are context dependent. For example, a person coming up out of nowhere to post political propaganda and leave is far easier to detect on a hobby board than on a /pol/-like board. Similarly, 'low-effort' posts can be perfectly valid on many boards and a blatant sign of suspicion or rule-breaking on other boards. So visiting a site and immediately dumping pasta is more of a warning on some sites than others.

>Did you save any other identification data on them
Sorry, I didn't think to take notes and the relevant logs are now deleted, but I believe it was one of the typical RU ones.
Replies: >>797
>>796
The most viscerally disgusting thing about those posts is the shock imagery, so forcing them to adopt QR codes is a win
Replies: >>798
>>797
Absolutely. Let's hope they won't upload multiple files, but even then QR codes will make it easy to detect them. Cat and mouse.
373d3934c70955492b14b5e4c3c6a256-imagepng.png
[Hide] (64.2KB, 250x250)
i post kids in cute outfits - candydoll idols for fun, 
i guess i am somewhat upset that this normalniggerfaggot culture of every picture of a cute girl = child porn nowdays makes me kinda mad so i just make niggers upset by posting it myself 
it is kinda sick that internet has reached the point where 10 user imageboard bans pic of a cute girl whilst billion user site like instagram has tibs of awfuly lewd girls on camera even live-streaming
Replies: >>800
googly_man.webp
[Hide] (26.5KB, 474x600)
>>799
No-one here is talking about that. Consider reading posts before getting triggered by them, it's a good habit.
Replies: >>801
>>800
i do not  read
>>802
No, the CP spam we get here are 1000 times more explicit than that.
Also clown world got to the point where having a picture of an underage girl (real or drawn) is a bigger sin than raping an actual child, so anons being careful is understandable.
And you know, most people are not closet pedos.
?.png
[Hide] (3KB, 440x410)
Anon, this is /meta/. Your ranting is completely off-topic, put it on a /b/ board or something.
1252643743735.png
[Hide] (29.9KB, 1185x443)
>>802
>>803
>>805
Fuck off and take your pictures with you, you definitely mentally stable and totally not a pedo freak.
Replies: >>811
>>802
>>803
>>805
Trashadmin, are you okay with that???
Replies: >>810
>>809
Not really, but I gave up arguing with that schizo.
Replies: >>812
>>808
how about you take your crying back to 4shit?
>>810
wise
i never shit-posts imageboards that just leave me be
Replies: >>850
i'd wager the QR spam instead of CP is a minor victory. all chan admins need to do now is tell people to not scan random QR codes.
Can Trashmin delete some spam at the /nep/ board?
I recently got one that didn't even use actual CP as its image but a drawing of nude 3.1-tan (likely downloaded off Danbooru) which is a pretty bizarre choice. The link also wasn't the usual url shortener crap but an actual registered domain.
Replies: >>827 >>828
>>825
Upon further inspection it seems the same spammer posted the same link and caption on other boards, except with an irl image instead of lolicon like on my board. I've never seen this happen before. The original filenme was a recent unix timestamp which leads me to believe they downloaded this drawing off another chan imageboard.
These spammers are human. So my theory is that since my imageboard is fully anime themed (irl content including reaction images is rarely posted/discussed), they tried to blend in with the other posters by posting a drawing. Very weird stuff.
Either way I prefer them posting this tamer 2D stuff to the real deal.
Replies: >>828
>>825
>>827
Did the link have .top domain?. I run a tiny animu waifus themed altchan and this was very my very first CP spam post yesterday, also had a 2D loli image.
Could be indeed a human behind it if he adjusts image to the board.
Replies: >>829
>>828
Samefag here. Yes it had a .top domain. I looked deeper into this and came to the conclusion that the spammer possibly came from imageboards.net and only spammed the two first rows. On 39chan and /azu/ which show up at the top and are anime themed, they posted cunny, while on 4fuck and awsumchan which are not anime themed they posted the real deal.
Replies: >>841
>>829
I noticed that these types of bots are becoming prominent and have been buying even more .top domains so my solution has been to completely block .top domains. Most websites don't even use .top domains in the first place so nothing of value is really lost. They'll likely find a way around this though.
I want to ask Trashmin to be on the lookout for >>>/comfy/11104 as he's one of the main people who post pizza. I've seen him do on places like /b/ or /l/.
Replies: >>843 >>844
>>842
/comfy/ BO here, I removed the post and banned the poster.
I'm in the middle of moving so I'm not as available as I'd like to be.
>>842
It didn't get a global report and it didn't look like obvious CP so I didn't bother with it. Also the posting style seemed different from the usual CP suspects, and I still delete CP on sight.
I could mess around with filters, but since they're humans, they'd just modify their posts again until they bypass the filter
Spoiler File
(1.8MB, 1336x1040)
ah i love that faggots are here now too
literally has nothing to do with child porn 
You have to be mentally ill, as You are to think it does 
either way 
keep killing everything You do not understand to protect the kids right
Replies: >>846 >>848
>>845
Yeah it's not CP but please refrain for posting obvious porn on SFW boards.
a tiny bit of fat dick cannot really hurt nobody except faggots that scream child porn at it
at this point it is doing you a favor by posting it
Replies: >>848
>>845
>>847
Hey you fucking slav faggot you DID post fucking CP shortly after that
Just so everyone knows, he's a mentally ill attention whore who posts the same images on multiple imageboards.
fcc374c28f0ad23df5bebca05f6e935c1428d096d66734621d337d69152b860b.jpg
[Hide] (633.5KB, 3300x1785)
how about You go the fuck back and keep making shit up for somebody that cares >>812
as IVE said I do not ruin websites that leave me be, and this is one of them, as for other projections, all I can think of is that You are awfully jealous of my fat pearly white horse cock. keep cryin
[New Reply]
113 replies | 25 files | 77 UIDs
Connecting...
Show Post Actions

Actions:

Captcha:

- news - rules - faq -
jschan 1.6.2