Is this a bug, a glitch, or are those pesky chemtrail aliens using my account?
TalkBug Collectors
Join LibraryThing to post.
This topic is currently marked as "dormant"—the last message is more than 90 days old. You can revive it by posting a reply.
1bluepiano
I've just got the message 'bluepiano, This is a friendly (and automated) reminder. LibraryThing only allows members to sent 10 comments and requests per day. You have now posted 5 comments.' I'm suspicious of the message itself but in any case I've not posted any comments today. Has anyone else received it? is anyone aware of such a policy?
2Lyndatrue
>1 bluepiano: I would say that someone with an ugly sense of "humor" is attempting to make a joke. Anyone who believed that there were limits on postings (except, perhaps, in some strange private group) would only have to glance at recent threads with multiple posts to know such a thing was not a rule.
Please point out the comment to someone on staff, and don't delete it until they've had a chance to take action.
"Friendly" seems an extraordinary word choice.
Please point out the comment to someone on staff, and don't delete it until they've had a chance to take action.
"Friendly" seems an extraordinary word choice.
3fdholt
I also received a comment. I did send several messages. (And in almost 10 years, I've never seen this comment.)
Also this is the second time I am posting this message. First one did not get through.
Also this is the second time I am posting this message. First one did not get through.
4gilroy
This sounds like a message about private comments or friend requests. Possibly a new anti spam entry that's still being verified? I agree with >2 Lyndatrue: , alert staff to investigate.
5bluepiano
4) Not that, either--I'd posted 1 private message in 24 hours; in fact I strongly doubt I've ever posted that many comments in one week.
Thanks, you lot. Since message was purportedly fr. Tim Spalding I'll point it out to him.
Thanks, you lot. Since message was purportedly fr. Tim Spalding I'll point it out to him.
6kristilabrie
This is indeed a new anti-spam procedure we're implementing, but it may need fixing/tweaking. I've alerted timspalding so he can take a look.
7kristilabrie
>1 bluepiano: Just to clarify, this encompasses all comments, including comments on images or covers. Did you make at least 5, then?
8bluepiano
>7 kristilabrie: Not at all at all. In fact, I haven't a clue where, nor why, one would comment on a cover. Didn't do so a couple days later either when I got another friendly warning. (I'm really leaning toward chemtrail explanation now, assuming Big Pharma isn't the culprit.)
9Crypto-Willobie
>7 kristilabrie:
Does it include comments in Talk/Groups?
Because I just got the "Beware of 10 Comments" message which claims I've done 5. But in fact I've done only 3 Profile Comments today. Can't recall if I've done others in Talk though. If we can't make 11 comments in Talk this is gonna be a problem.
Does it include comments in Talk/Groups?
Because I just got the "Beware of 10 Comments" message which claims I've done 5. But in fact I've done only 3 Profile Comments today. Can't recall if I've done others in Talk though. If we can't make 11 comments in Talk this is gonna be a problem.
10kristilabrie
>9 Crypto-Willobie: I can't imagine it covers Talk because, yes, that would certainly be a problem.
>8 bluepiano: people post image comments on member gallery photos, or on cover images that get flagged (we ask for a reason as to why the cover is getting flagged, so the member who uploaded the cover will get a note). I'll alert Tim so he can take a closer look!
>8 bluepiano: people post image comments on member gallery photos, or on cover images that get flagged (we ask for a reason as to why the cover is getting flagged, so the member who uploaded the cover will get a note). I'll alert Tim so he can take a closer look!
11lorax
I've just sent three test profile comments to my other account; I'll give it an hour or so to see whether I get the nastygram.
12kristilabrie
Great help, thank you!
13lorax
I waited a couple hours after sending three test comments, no nastygram, so I sent two more and triggered it immediately. I hope that having received it isn't going to be a black mark on my account, given that it was done in the name of debugging.
I'll add that the tone comes across to me as *extremely* harsh - if I'd been an innocent newbie, I'd have been scared off.
I'm one of those people who interprets things like "friendly reminder" and "please" in automated correspondence as the worst sort of passive-aggression, and the use of the username seems extraordinarly condescending, like I'm a small child being called on the carpet. To me, a neutral phrasing like
"LibraryThing only allows members to sent 10 comments and requests per day. You have now posted 5 comments."
would have read like a neutral, informational message, rather than like being sent to the principal's office for talking in class.
I will leave the message for an hour in case staff needs it, but then it's getting deleted. I can't bear to look at it.
I'll add that the tone comes across to me as *extremely* harsh - if I'd been an innocent newbie, I'd have been scared off.
I'm one of those people who interprets things like "friendly reminder" and "please" in automated correspondence as the worst sort of passive-aggression, and the use of the username seems extraordinarly condescending, like I'm a small child being called on the carpet. To me, a neutral phrasing like
"LibraryThing only allows members to sent 10 comments and requests per day. You have now posted 5 comments."
would have read like a neutral, informational message, rather than like being sent to the principal's office for talking in class.
I will leave the message for an hour in case staff needs it, but then it's getting deleted. I can't bear to look at it.
14kristilabrie
>13 lorax: It shouldn't, it's simply a throttle we have as far as I know. Thanks for testing that out!
I'll add that the tone comes across to me as *extremely* harsh - if I'd been an innocent newbie, I'd have been scared off.
Very good to know. I'll pass that along. I think I agree with keeping it more neutral, informational on tone.
I'll add that the tone comes across to me as *extremely* harsh - if I'd been an innocent newbie, I'd have been scared off.
Very good to know. I'll pass that along. I think I agree with keeping it more neutral, informational on tone.
15Crypto-Willobie
Does flagging or unflagging a review count? Because otherwise I can't figure out how i got from three to my supposed five...
16kristilabrie
>15 Crypto-Willobie: no, it shouldn't, but timspalding would be able to confirm (he's actually out of the office on business for a couple of days, so this may have to wait).
17lorax
It may be worth considering whether this is something that would be worth implementing only in some circumstances. "Paid account" doesn't work anymore as a non-spam filter, since anyone starting an account via the app gets a free lifetime account, but maybe "has entered at least X books" or "has been a member for longer than Y months" would be reasonable? bluepiano isn't suddenly going to start spamming after 6 years and 4000+ books, and there are some genuinely chatty people here who I suspect routinely send more than 10 legitimate profile messages daily.
Also, messages sent to LT staff members should be exempted from the count under all circumstances.
Also, messages sent to LT staff members should be exempted from the count under all circumstances.
18norabelle414
>17 lorax: Although don't forget that one spam attack that was caused by old accounts (some with books) being hacked.
19gilroy
>17 lorax: >18 norabelle414: Then maybe add in an added check of last activity on account was less than X months?
20kristilabrie
>17 lorax: like >18 norabelle414: said, that's tricky. We have sleeper spam accounts, and I've seen batches of spam accounts that add a number of identical books (maybe even by import). But perhaps there are other parameters we can look at. Open to suggestions.
21lorax
You've got known-spam accounts, and accounts that are, if not precisely known-good, at least very, very deep sleeper agents. Throw them into a classifier and see what comes out. Alternatively, look at:
1. Age. Yeah, you have some sleepers, or some hacked accounts, but *most* spammers will be newer accounts.
2. Activity. Do they have a history of adding books over time, or are they zero books or at most a single import event?
3. Profile. What parts are filled out?
4. Site activity. Very, very few spammers are likely to be active anywhere other than on Talk - someone with a history of combining and separating, CK edits, etc. is unlikely to be a spammer. This is captured by profile badges, which means it's going to be queryable somewhere.
Really, though, if "you've been here a year, and you've added 500 books, so you can comment freely" only catches 95% of spammers, I think it's probably still an improvement.
1. Age. Yeah, you have some sleepers, or some hacked accounts, but *most* spammers will be newer accounts.
2. Activity. Do they have a history of adding books over time, or are they zero books or at most a single import event?
3. Profile. What parts are filled out?
4. Site activity. Very, very few spammers are likely to be active anywhere other than on Talk - someone with a history of combining and separating, CK edits, etc. is unlikely to be a spammer. This is captured by profile badges, which means it's going to be queryable somewhere.
Really, though, if "you've been here a year, and you've added 500 books, so you can comment freely" only catches 95% of spammers, I think it's probably still an improvement.
22norabelle414
>20 kristilabrie: Are you currently restricting accounts from sending more than 10 messages a day, or just warning them? As we approach Christmas/other gift-giving holidays there are several secret santa exchanges on the site and I could foresee the restriction being a problem for those organizers.
What if accounts were allowed to make unlimited comments to accounts that they are friends with, and restricted to 10 comments/day for accounts they are not friends with?
What if accounts were allowed to make unlimited comments to accounts that they are friends with, and restricted to 10 comments/day for accounts they are not friends with?
23kristilabrie
>21 lorax: Indeed, I think the devs are taking all of these into consideration. Thanks for fleshing it out!
>22 norabelle414: timspalding implemented the feature, so he can confirm, but I believe it's disallowing 11+ comments/day. Definitely worth putting holidays on the board for consideration here.
What if accounts were allowed to make unlimited comments to accounts that they are friends with, and restricted to 10 comments/day for accounts they are not friends with?
I like this suggestion. Will see what Tim thinks!
>22 norabelle414: timspalding implemented the feature, so he can confirm, but I believe it's disallowing 11+ comments/day. Definitely worth putting holidays on the board for consideration here.
What if accounts were allowed to make unlimited comments to accounts that they are friends with, and restricted to 10 comments/day for accounts they are not friends with?
I like this suggestion. Will see what Tim thinks!
24lorax
I also want to call out my suggestion from above that comments to LT staff be excluded from the count - we need to be able to contact staff.
25kristilabrie
>24 lorax: Valid!
26melannen
It does seem like some metric of "Consistent activity over time" should work - any spammer who has been consistently posting over time was probably already caught, and a consistently active member with a hacked account is, likewise, going to notice and not need to be automatically stopped.
27Crypto-Willobie
I just got another of those messages from Tim. As it happens I had been having a 'comment conversation' with a single member earlier today and posted 7 comments to his page (and now 8). I'm tempted to do three more just to see what happens. Do I go to LibraryJail?
28kristilabrie
Tim has let me know that these are all good ideas and he will implement them when he can! (Posting for him as he's traveling today.) Thanks, all.
29the_red_shoes
anyone starting an account via the app gets a free lifetime account
Wow, really?
Wow, really?
30kristilabrie
>29 the_red_shoes: Yep, started as a promotion when we released the app, and have kept it since. :)
31timspalding
>29 the_red_shoes:
This is essentially an Apple requirement. If the app isn't free for iOS users, then we'd have to arrange the payment through Apple, so they can collection 30% (?).
This is essentially an Apple requirement. If the app isn't free for iOS users, then we'd have to arrange the payment through Apple, so they can collection 30% (?).
32gilroy
>31 timspalding: Is it bad that I heard the last part of the sentence in the voice of Hans Gruber from Die Hard? :)
33bnielsen
>32 gilroy: I was listening to "Nick Cave: God is in the house" and thinking that maybe "Google (or Apple) is in the house" would be more appropriate now that Alexa or Siri listens to most of what we say. I hadn't thought of Apple influencing membership payment on LT, but yeah, why am I not surprised.
34bluepiano
I've had a couple more friendly warnings since OP. Only time in past weeks, hell, probably past year, I've come near 5 comments/day was last week when I posted 3 or 4 within 24-hour period to a single member & so summoned the threatening bot--which set me wondering: 1) Spam isn't usually directed at one person only, is it? I'd thought it was a matter of casting bread upon the waters; 2) About definition of 'a day'--Does an LT day begin 17:11 US eastern seacoast time?
35jjwilson61
>34 bluepiano: 1) Spam isn't usually directed at one person only, is it?
I didn't see anywhere in the discussion above where it said that the trigger was number of comments sent to a single person, just the total number sent to anyone.
I didn't see anywhere in the discussion above where it said that the trigger was number of comments sent to a single person, just the total number sent to anyone.
36bluepiano
Feck sake I posted one message to the same member a short time ago & whilst posting here was sent the same message. This is, how can I say it, just a tidge over-enthusiastic. Stop it.
37timspalding
Okay, I've made the following bug fixes/changes:
1. It was counting both previews and edits as posts. This was—we suspect—the cause of many of the problems. It is no longer doing that.
2. The maximum has been raised from 10 to 30 posts.
3. Warning now comes at 27 posts.
Let me know if you have further problems.
Boring Background:
I'd like to open it up more, but it's not simple. Usually we gradate by type of account—new accounts and accounts with no books coud get one maximum, others another. But the Russian credential-stuffing attack we suffered means that some small percent of real accounts—accounts with real books and so forth—have compromised username/passwords. (It's clear these accounts were compromised on LibraryThing, but rather that people used the same credential on multiple sites. Going over the account again recently, I have concluded it was some sort of Russian-centered social network that was compromised, as a high percentage of the accounts that had info on them pointed to Russian domains, entered Russian books, etc. Sad.)
We may do something where, if you enter a new password, and click through some box promising that the password isn't reused or dumb, you get more comments and whatever. But I haven't written that code.
1. It was counting both previews and edits as posts. This was—we suspect—the cause of many of the problems. It is no longer doing that.
2. The maximum has been raised from 10 to 30 posts.
3. Warning now comes at 27 posts.
Let me know if you have further problems.
Boring Background:
I'd like to open it up more, but it's not simple. Usually we gradate by type of account—new accounts and accounts with no books coud get one maximum, others another. But the Russian credential-stuffing attack we suffered means that some small percent of real accounts—accounts with real books and so forth—have compromised username/passwords. (It's clear these accounts were compromised on LibraryThing, but rather that people used the same credential on multiple sites. Going over the account again recently, I have concluded it was some sort of Russian-centered social network that was compromised, as a high percentage of the accounts that had info on them pointed to Russian domains, entered Russian books, etc. Sad.)
We may do something where, if you enter a new password, and click through some box promising that the password isn't reused or dumb, you get more comments and whatever. But I haven't written that code.