This is a thread to give some background on the illegal porn spam with links. I've seen some false guesses and claims going around on various boards so I figured it's time I made a dedicated thread to explain it.
I have been a janny, mod or admin on a few imageboards for the past 10 years, and casually post on many, including anon.cafe for the last 4 (although less so recently). Those who use a few different sites at once, especially slower/understaffed boards, will soon begin to notice patterns. Posts which look out of place. Identical posts which look out of place on two different sites. Drop a quote from it into a search engine and it's on twenty different imageboards!
It turns out there are a few spammers on imageboards, who go down a list of boards reposting the same post. A few years ago I made a bot to regularly check for new threads on imageboards and highlight any duplicates, documenting imageboard spam to find patterns and learn how to combat it.
There are a few different main categories of this spam. One is imageboard spam (or sometimes forums or D#scord chats), many of you will have seen recent posts from two news imageboards, just posting a link to their site and leaving. Political spam is also big (almost always either generic /pol/ tripe, Christian evangelism or actual schizophrenic psychosis), and it's worth noting that politics spam was especially big around 2020 so there will probably be a heap later this year. This is easy to spot on hobby boards, although it often blends in unnoticed on politics boards and random (/b/) boards, where they're often taken seriously, and sometimes those spammers choose to just repost only on the dozen /pol/ boards online. There are some other smaller classes of spam, but we're here to talk about the biggest spam category by far:
The CP spam is commercial spam. That's why they have links in them.
They hit any imageboard they can find. Even test sites with no users.
Different CP site owners have been doing this for at least 10 years, and probably ever since the internet went public.
This isn't news to people who have been around for a while, but for fresh users on political sites it's easy to jump to the conclusion that its one person (some cryptic 'pedoposter' character), or their designated scapegoat or feds trying to take their site down. But this was happening before /pol/ was even a board on 4chan, and it was happening on even harmless niche hobby imageboards (which is where I started jannying ten years ago, to help delete the hourly CP spam until the admin programmed a hacky countermeasure). And they don't just target imageboards. This is commercial spam. They target any blog comment section or unsecured forum they can discover. You can verify this yourself by checking where the same ad link appears in a search engine. There are commercial/freeware tools made by organized crime companies for discovering and spamming unsecured forums, which brag about being able to break most captchas (and even 10 years ago you could pay $1 per 1000 Google reCAPTCHA solves by real humans in poorer countries, all plugged into your bot via an API).
But there's an important point. The current ones aren't bot posting. These are humans, fresh custom-made captchas don't stop them. Simple post filters don't stop them ('post blocked, please try again' won't stop someone who is financially motivated). Anything that wouldn't stop you, won't stop them. And I say 'them' for good reason, you can verify both through basic linguistic forensics (typing styles, filename choices, filter evasion techniques, etc.) and by fingerprinting their user-agents that the same link is being posted by multiple spammers. Specifically, the current one with a child model on a purple background has the same link being posted by three distinct people, all from East Siberia and far North East Asia. They each have a list of target sites (some use imageboard lists like (historically) cc0's list or AllChans, others use custom-made spam lists with all kinds of websites on them, this can sometimes be confirmed by checking their HTTP referrers) and they go down the list, one by one, often clearly in alphabetical order, posting their garbage. They usually post on the first board they see, usually the first alphabetically or the most active/bumped board (which is why anons here correctly pointed out /comfy/ and /k/ were disproportionately targeted on anon.cafe), although they may also just have a certain arbitrary board saved (like lainchan's /zzz/, apparently), maybe because it got listed in a search first. I've seen cases where an imageboard has just locked their /a/ board due to constant spam and most of it disappeared (/a/ is first in alphabetical order, so on their homepage it was the first a spammer would click, so this wouldn't work on lynxchan/jschan's boardlist where they're ordered by activity).
It's also important to keep in mind that CP sites come and go, and along with it, different spammers. There have been particularly nasty ones in the past which posted full nudes, link in the image only so the post couldn't be text filtered, random filename, and either no text or text copied from other posts. Phash techniques could be a useful approach there, and the Junkuchan admin has mentioned in the Cloudflare thread that phash filtering has worked well for them.
Keep in mind, while it's possible in rare cases there is some CP posting which is different to what most people and I am describing, you can very clearly tell when it's different, the main difference being that malicious posters aren't shilling a pedo scam website. I have seen malicious CP posting only once, where a /pol/ user raided a site with child nude modelling photos posted from purchased VPS servers (this was done during a mass raid after the victim imageboard was linked in an active 4chan /pol/ thread. This was back in 2021 or 2022). That stuff tends to be either posted without any text (neither in the body nor the image) or with a taunt.
Here is the monitoring system: https://xj9k.neocities.org/
It only monitors certain sites, and only OPs on some sites, so it's far from conclusive but it's demonstrative.
Spam posts are grouped together under one detection (semi-automatically, so there are some small mistakes), it's worth clicking [Expand] and seeing how they differ over time and attempt to evade filters, or how the same spammer makes similar but different spam posts.
Clicking the Tags button in the top corner (or clicking on a tag) will show you examples of the many categories of spam.