Troubleshooting & How-Tos 📡 🔍

Lessons from a Spam Attack: Moderation, Alerts, and Beware Auto-Sharing

I had to clean up a spam flood last week. A reader sent me an email that Speed Force’s Facebook feed appeared to have been hacked. TL;DR: someone had posted a couple dozen spammy pictures to the site’s Flickr group, which were then auto-shared to Facebook and Twitter. Fortunately there was no unauthorized access, just misuse of an open forum, or cleanup could have been a lot worse.

So I removed all the posts from Facebook and Twitter, replied to all the reports, posted an “oops” on each network and the blog itself, banned the spammy account, and tightened moderation on the group.

Lessons Learned

  1. Don’t auto-share anything that you don’t control.
  2. Moderate all the things!
  3. Maybe notification alerts aren’t such a bad idea after all.

Auto-Sharing

I use IFTTT to automate some of my social media. It sends blog posts to Tumblr, for instance, and it sends my own Instagram and Flickr photos to Twitter, Tumblr, and Facebook for certain tags. I also use it to share links to new photos that have been added to the Flickr group.

That was the problem: If the spammy pics had just gone into the group, it would have been annoying, but no huge deal. Instead, the attack was amplified as each photo generated a link post on the two most widely-used social networks. Ouch!

Moderation

I’ve tightened up the rules on the Flickr group. Up until now, the only “inappropriate” photos were just cosplay shots of unrelated characters. No big deal. But for now, I’m requiring all submissions to be approved. That’s probably OK — it’s not a super-active group, though it fluctuates with convention season. The limit shouldn’t hurt active members, and the approval process shouldn’t keep me too busy. And if I do keep that setting long-term, that makes the auto-sharing safe, because I’ve put myself back in control of what goes out.

Listen for Alerts

Interruptions from email, social media, games, etc. have a well-documented impact on productivity. I’ve pared down my distractions — I mean notifications — so that I only get pop-up or audio alerts for a few things (when I remember to turn the volume on, anyway).

  • Work-related email, IMs and appointments.
  • Text messages (and I don’t text that much).
  • Alerts from my web host and uptime monitor.
  • Actual phone calls (which i get even less often than text messages).

For everything else, I have to put in a little effort (even if it’s just glancing at the light on my phone or opening a minimized or background window).

Unfortunately, since I wasn’t actually on Facebook, Twitter, or email at the time this was going on, I didn’t see the links, and I didn’t see the reports, until over an hour later, when I paused to check my email. An hour or two isn’t that long, and it would have been even longer if it had happened overnight…but still, I can’t help but think: Maybe I should have had some sort of alert for this.

I’m not sure what I’d want to set up that wouldn’t put me back into alert overload territory. Maybe just turn on alerts for @mentions/DMs and Facebook messages. Or maybe it would be worth looking into some sort of rate detection alert: If more than X posts go up in a certain period of time, alert me: Either I’m actively posting a lot, in which case it’s not an interruption, or I’m doing something else…in which case it’s a problem worth knowing about!