Wubzilla's profile picture

Published by

published

Category: SpaceHey

A proposal to reduce spam attacks

The Problem


Right now spacehey is vulnerable to account creation spam. During an attack hundreds of accounts with offensive images or names are created en-masse with the goal of eliciting a reaction from the user base. Personally I've done everything I can to show people how to limit their exposure to the content, and I've emphasized how posting blogs and bulletins simply to complain about the issue is exactly the reaction these people are looking for. There is only so much we can expect of the users, though, so this is my attempt to offer a systemic solution to the issue.

Part one: Adding a Queue

The target is typically the cool new people section because it's the easiest way to serve offensive content to the entire user base without any direct interaction. On an individual level most people who have taken action have hidden this section on their home page using an extension. This is effectively the same as removing the feature entirely, and doesn't discourage the attacks or limit their impact in any meaningful way.

My proposal for the simplest to implement and least mod-labor intensive solution starts with implementing a queue for the cool new people page. On account creation every new account starts with a "review status" flag that defaults to a "not reviewed" state. Only accounts that are both "new" and have a review status of "reviewed" would appear as new accounts in the browse and cool new people section.

Transitioning from "not reviewed" to "reviewed" would require some level of human intervention, but should overall be less labor intensive than seeking out and deleting the offensive accounts. Implementation could be as simple as a page displaying profile pictures and names, with a checkbox next to each. A human clicks the check box next to any offensive profile, and clicks a button that applies "reviewed" to approved profiles and "rejected" to profiles with check marks. Rejected profiles can be displayed in another page for further investigation and hidden from users until another action is taken.

This would have an immediate chilling effect on spam activity, as accounts would now have to first be created and approved before an attack could begin. It would also require spammers to retain credentials for all their accounts, and to log in and change the account images and content after approval. This greatly increases the time and sophistication required to launch the same type of attack.

To summarize the work required to implement this step:Β 
  • Adding a new field to user accounts in the database
  • Changing the query used in the new people section and the cool new people widget
  • Creating a page to display the queue for moderators with an action button to apply status changes.

Part two: Future development

Aside from the immediate chilling effect the first step would have when implemented there is a major benefit in scalability as well. With an account flagging system in place automation* can be used to supplement human labor using any arbitrary number of metrics. An endpoint to hash profile images, for example, could flag profiles for review by a moderator when the hashmap of the profile picture matches a database of banned hashes. Another endpoint can parse text in names and profiles to flag accounts for review. Account creation times can be used to map activity levels of offensive content and build a profile of the bad actors. These are just a few examples, there are many more options for reducing attack surface and increasing the costs required to attack the site.



Part three: ?????

I've done my best to lay out the simplest and least time consuming solution to the problem I can think of. I welcome suggestions for improvement in the comments and I'll update this blog with revisions if we come up with some better ideas.Β 

I know there are developers in the spacehey community capable and willing to help implement this sort of feature. I would be willing to build some of the endpoints mentioned and I know of at least one skilled developer who has offered to write front-end features for the site in the past. I'm sure there are more people willing to contribute their time to help improve the site.

An, if you like this idea please implement it. If you want help, all you have to do is ask!





*To be clear: I'm not advocating for the automation of any moderation actions but instead automating detection of potential problems that human moderators can then resolve.



164 Kudos

Comments

Displaying 10 of 10 comments ( View all | Add Comment )

PoBlo

PoBlo's profile picture

imo they should make it so the cool new people tab defaults to just showing active users like when you click browse, and make "cool new people" an optional thing


Report Comment

GoldenLucid

GoldenLucid's profile picture

I honestly didn't knew this was a problem on spacehey, but I like the suggestion you're thinking here on the first part. Fortunately, I didn't come across any gore attack on the "cool peoples to meet" page (yet). But I did came across on how to prevent from happening.


Report Comment

π»π’œπΌπΏπΈπ’΄ 𝒒𝐿π’ͺπ’ͺ𝑀𝐼𝐸

π»π’œπΌπΏπΈπ’΄ 𝒒𝐿π’ͺπ’ͺ𝑀𝐼𝐸's profile picture

Part one sounds SMART!! Maybe An would be on board with this idea, it sure would make his job managing this website much easier! :)

Also how do you become a Spacehey mod? Just curious


Report Comment



I don't know how the mod process works, sorry!

by Wubzilla; ; Report

ι›»ε­ζˆ¦

ι›»ε­ζˆ¦'s profile picture

great thoughts, but to implement a proper solution requires backend and infrastracture work. preventing repetitive requests form same ip address and that sort of thing. i don't think frontend hacks will fix it. i am working with a friend on an open myspace-like codebase, hopefully it will help make things more robust for the wider community.


Report Comment



There is certainly a lot more that could be done. The scope of this proposal is small, though, to demonstrate how easily addressed this particular problem is.

by Wubzilla; ; Report

Benjydenjy

Benjydenjy's profile picture

I spread awareness to this poss


Report Comment



Thanks!!!

by Wubzilla; ; Report

moog_

moog_'s profile picture

I'm loving these ideas! One thing I almost wish SpaceHey implemented would be some sort of peer review to lessen mod's load (but I'm sure that'd be harder in the long run :c )...
I really hope the higher ups take these ideas into consideration! It's been a big issue for too long :,)


Report Comment

vic_zombi3

vic_zombi3's profile picture

this is so good!!! u should probs send this to the support email, becuz they said they take suggestions there in the "about" page


Report Comment



Great idea, done!

by Wubzilla; ; Report

fish :B

fish :B's profile picture

genius!! very great ideas, hopefully they r taken into consideration :)


Report Comment

Bravo

Bravo's profile picture

https://i.imgflip.com/8fld50.jpg


Report Comment



Dude I was scared it was gore and tried it out anyway lol

by β˜… Alex / Kris β˜…; ; Report

LOL My bad, I probably should not have posted an image with no description

by Bravo; ; Report

Angel!

Angel!'s profile picture

Give this man mod tier


Report Comment



I think hed be way better as a site developer.

by Fluid Dynamic; ; Report