Over the last month or so, you may have noticed posts, including highly upvoted ones, disappearing from the sub after a few hours. In the interest of transparency, I felt it was worth making a post about what’s been going on.
This sub has been targeted, along with a few others (notably /r/HairyHentai, /r/CartoonPorn, and /r/AnimeMILFs) by a persistent network of spambots. These automated accounts will report stuff from several months to years ago, wholesale copying the title and any source links left by the original poster, as part of a scheme to farm karma. What exactly the endgame of the botnet is I’m not quite sure, but I’ve seen speculation from other mods that the accounts are sold off to advertisers and phishing spammers once they hit a karma threshold.
There’s a few traits these bots have in common, which can be used to identify them from a quick glance at their profiles:
-
The bots all have usernames that consist of two words, sometimes with or without an underscore. These words tend to be overtly “sexy-sounding” ones — “sweet”, “soft”, “cozy”, “sugar”, “lips”, “charm”, “spicy”, “blush”, “vibe”, “velvet”, “lush”, “kiss”, “flirty”, “silky”, “tender”, “honey”, “satin”, “glossy”, and “tease” are the most common ones I’ve seen. In 90% of these bots, one letter in one or both of the words in the username will be doubled, so instead of “spicy_lips”, we get “sppicy_lipss”. This is the most common tell for the accounts, so I’ve taken to calling this the “double letter botnet”.
-
The bots are created in waves and will all be around 2 weeks old when they start posting. Typically, we have at least two or three bots all posting on the sub on the same day, and their accounts will all be the same age (14-15 days old).
-
All of the bots have nearly identical activity on the site. For the first two weeks, they’ll farm comment karma by leaving very obviously LLM-generated comments (full of “It’s not X. It’s Y.” and other “ChatGPT-speak”) on a number of large, mostly oriented towards people looking for advice. I’ve noticed /r/Advice, /r/tifu, /r/CatAdvice, /r/NoStupidQuestions, /r/AmITheJerk, and /r/Residency are the main subs they post on. Once they pass the two-week threshold, they will begin farming link karma via porn subs, mostly 2D/hentai oriented. As previously mentioned, along with this sub, they tend to target /r/HairyHentai, /r/CartoonPorn, and /r/AnimeMILFs.
Here’s some examples of the most recent wave of these accounts from our ban list. Look up any of these usernames on here and you’ll see exactly what I’m talking about.
These bot posts are not directly linking people to phishing sites or anything, but I don’t want the this sub flooded with fraudulent accounts regardless. We’ve already received a few modmails about this, so some users have noticed what’s going on. Some of the posts will even get a report or two on them, which is helpful, but about half of them get through unnoticed until we manually comb through the user profiles of posters on here every day. I am also looking into re-implementing automod to deal with the problem, though as far as I can tell most automod services don’t have a way for directly identifying these accounts in a way that wouldn’t hit a lot of false positives like the old filters were doing.
