I’m noticing a pattern starting to develop in the community I mod (just barely – it’s only happened 3 times so far) where a user that posts a fairly large amount of relevant content occasionally posts weird spam with a title of alternating letter nonsense (e.g. “zazaz” or “sdsdsds”) and a link that goes to some random domain that serves nothing but a default 404 error (as in the domain is registered and there’s a server responding to requests, but there’s no content for it to serve).
I suppose it could just be bad behavior on the part of said users, but it feels more like a bug or their account getting hijacked or something. Anybody have any insight?
I remember people using tools such as Greasemonkey to redact comments on Reddit using scripts to mass-replace the content of their comments with babble. If comments don’t get truly deleted when they are deleted or can be brought back up in some way, then editing comments to replace the content of them with babble is better. That’s my two coins anyway. I think something similar is happening here. Another factor could be that some instances might not federate comment deletions as well as they do with edits
That’s not what’s happening here. The comments are like that from the beginning, not being edited to that state.
During one of the mass exodus events from Reddit to Lemmy, a lot of people started using these tools they would install to automatically scrub and obfuscate their Reddit comments and posts history. Often these tools would replace posts with random letters and even nonsense links because there was suspicion that outright deleted posts could be detected and then programmatically restored if Reddit really wanted to get that user content back.
I suspect these tools probably exist for Lemmy as well and you are seeing users with long comment histories use them because those also happen to be the users who have a lot of previous content to cover up/obfuscate to maintain/ensure their own privacy.
There’s literally one at the bottom of this thread guys
zazaz
Can you contact these users. Ask them if they posted that?
I wanted to find out if they were known to be bad actors or something like that first, before tipping them off that I was looking into it.
dwazou was particularly bad about posting a legitimate link, then editing it to nonsense after the fact. Nobody was quite sure what they were up to, but they caught bans for it from multiple communities.
https://lemmy.world/modlog?page=1&actionType=All&userId=14033078
https://lemmy.world/modlog?page=1&actionType=All&userId=14993825
I’m not sure if you are referring to this, but I’ve noticed some people overriding their comments after around 24h they have posted them - probably running an automated script. I assume they are doing it for perceived privacy reasons.
No, these are posts that are gibberish spam from the beginning without having been edited. In fact, in two of the cases the post was later edited to remove the link and change the title from gibberish to “permanently deleted”.
Could be bot accounts that have people paid to use them them every once in a while to keep them looking legit. Either for training ai or propaganda.
I’ve been seeing these posts in various communities for at least a couple weeks. I’ve seen some communities ban the user, but then a different user starts doing it. No idea what’s going on or what the point is.
For those that haven’t seen these posts and want to watch for them (if just for curiosity), sort by “New” occasionally. They get downvoted and/or deleted by mods pretty quickly, so they’re not likely to show up in most other sorts.
Can you link some examples?
https://lemmy.world/modlog/3902,
ctrl-ffor “spam” or “rule 4”(ordered from newest to oldest)
-
https://lemmy.world/post/30789291 by daniel_callahan @ jlai.lu
-
https://lemmy.world/post/30245366 by dwazou @ jlai.lu
-
https://lemmy.world/post/29941517 by dwazou @ lemm.ee
I’ve also noticed that in the “dwazou” cases the post was later edited to remove the link and change the title to “permanently deleted”. The dwazou @ lemm.ee user account has apparently been deleted, but the other two accounts appear to still be active and posting legitimate content.
Also, the community I mod isn’t the only one this is happening to. See also https://lemmy.world/post/30720233, for example.
I think “permanently deleted” is when a mod or admin deletes their content administratively.
-
I may have found one (coincidentally a few minutes after seeing this thread): https://discuss.tchncs.de/modlog?userId=20528183
All the ones I have seen are from that same user. @daniel_callahan@jai.lu
Two of the three I noticed were from different users (but the other two cases were the same username on different instances, so it’s very plausible that they may all be alt accounts of the same human).
You misspelled the instance name, but that’s a good thing since pinging the user in question with a mention probably wouldn’t have been a good idea anyway.
The thing that confuses me is that the user has posted a bunch of other content (both posts and comments) such that the ratio of spam to ham is pretty low, and the writing of the comments seems very human (in terms of the inferences it makes and the idioms it uses), so if it’s some kind of repost-bot, it’s a very sophisticated one.
It really seems like a legitimate user whose account is getting hijacked to occasionally post gibberish spam, which is why I find it so weird.
Hot take: he occasionally leaves his phone unlocked when his little brother’s around.
Really looks like a prank to me.
Maybe admins/app developers doing test posts?
I don’t think those accounts are admins of the instances they’re from. They could be alts, I suppose, but why would they use the same alt for both real interactions and test posts? And why would they be test-posting to real communities on other instances (especially without warning the mods first) instead of somewhere like !bot_test@lemmy.world ?
Hard to say just from what’s in the modlog. Maybe they’re editing a post instead of deleting it?
I am not sure how a bug can change a users post to literal nonsense with URLs that direct you to some non functional website.
It’s most likely some troll.
I don’t think a bug is “changing” a user’s post to nonsense; I think a bug/hack might be letting some bad actor impersonate legitimate users or something like that.
Oh ok. That is not what your post says, though.
I don’t see how that would be the case, unless the hacker is 5 years old.
