Monthly Archives: August 2009

General

There is a kind of spambot that I call a Sleeper. It poses as a legitimate account by “stealing” arbitrary tweets from the public timeline and tweeting them as its own. As it follows people, a proportion will follow back. Eventually this account will have built a mature  following and can “wake up”. i.e. it can start tweeting its cargo and even send DMs.

These bots are usually easy to spot because their tweets all show as being “From API”, meaning that the update wasn’t sent by a registered app using OAuth. If I was a spammer, I’d be wanting to fix that because it’s a dead give away. I’ve also seen other services such as HelloTxt being used by these bots, but just now I spotted something new. – Tweets from Tweetie.

Continue reading…

General

I made a major change to TwitBlock the other night. The change was made to protect people who are heavily blocked, but are not “spam”. Of course that depends on your definition. (A topic for another day)

Originally each block on account would yield 10 points. Then I became aware of just how murky this issue is. Barack Obama is blocked by many accounts (Republicans no doubt) plus some people with extreme right wing views were being blocked heavily. Then the complaints started. People whose businesses survive on a huge Twitter following accused me of destroying their reputations, and generating further blocks on their account by showing the number of existing blocks.

So now two things have changed for the time being:
1. Clicks on “not spam” are deducted from blocks;
2. Blocks are diluted by the size of a user’s following. 10 points are added for every 1%. So, if you’re blocked by 40 people, but are followed by 8,000 this will only yield 5 points.

Although this has stemmed the complaints, the scanner is less aggressive and lots of real spam accounts are not showing up with high enough scores. I am struggling to find the balance in the face of all of this and may have to tweak it again.

General

Constructive criticism of TwitBlock seems to have quite rapidly turned into some quite aggressive complaints including several demands for immediate closure.  This is not intended to be a malicious project, but with a sudden rush of large numbers, I am experiencing a minefield of issues that I did not predict. I am doing my best to fight these fires, but please bear a few things in mind a few things when feeding back to me:

First and foremost, this is alpha software.
I did not expect 7,000 visits a day after just three weeks. (I can thank Mashable for that overhead). I am constantly thinking of ways I can please everyone and still keep the application doing what it needs to do, which is help people remove illegitimate followers.

Continue reading…

General

– or – “I told you it was in Alpha”

I’ve rolled out an experimental TwitBlock feature designed to reduce “false positives” for legitimate accounts that are being blocked. Whitelist entries are now subtracted from blocks. i.e. accounts marked as “not spam” will have their blocks counteracted on a 1:1 basis. If this feature is abused, it will be removed. It survives on the premise that the spam bots are not capable of whitelisting each other.

Here’s the full story:
Continue reading…

General

The list of Twitter accounts below all have something in common – They all have an identical profile image, which looks like this:

Shelley Ryan

At the time of writing none of these accounts have been suspended. Whether they are breaking any laws or not I don’t know, but it is clearly a syndicate whichever way you look at it. The profiles all point to a Korean-registered “Cash generator” website, which [I would hazard a guess] is a con.

TwitBlock unearthed this statistic from a list of only 18,000 100,000 blocked accounts provided by under 400 3,000 TwitBlock users . When you consider the size and growth of Twitter, you can well imagine that there are far more than 120 288 profiles in this syndicate. You also have to wonder how much of Twitter’s growth figures can be attributed to this junk.

[ UPDATE:  18 Aug ]
Many of these accounts have been suspended, but TwitBlock is discovering new ones each day – currently 248 accounts known with this image.

[ UPDATE 19 Aug ]
I’ve produced a report of the top 20 most duplicated profile pics identified by TwitBlock

Continue reading…

General

11 Comments

A detailed explanation of the scoring mechanism used by TwitBlock.

Some people have complained that they get a high spam score and point out that they are not spammers. There are a number of important things to note about this.

  • This software is in alpha – these indicators and the scoring mechanisms attached to them will change.
  • As the system gathers data it will rely less on heuristics and more on cross-referencing (e.g. how many people have blocked an account)
  • Some of these tests are only indicators of automation, not specifically of malicious behaviour.
  • The spam rating has no limit – Scoring 40 may be high for a “legimate” account, but in a list with real spammers scoring 300+ you’ll be way down the bottom.
  • If you display characteristics of a spammer then perhaps this amounts to the same thing as being a spammer. Most normal users score zero.

Roughly in order of accuracy, here are the 8 tests currently performed in the standard TwitBlock scan.

Continue reading…