For the past few months, the General subforum has been under assault by spam accounts.These accounts copy D&D threads from Reddit that look legitimate, only to change their text days later to include a malicious link.
Because these threads look like actual questions or topics for discussion, they often fool users into responding.This gives the perception of legitimacy and thus increases the likelihood the thread survives long enough to undergo its metamorphosis into a truly malicious thread.
Having now seen countless legitimate users wasting their time responding to these threads. I wanted to post a step by step guide to identifying these threads and helping to stop them.Please note, this guide is not intended to justify harassing legitimate new users.Every legitimate user is going to have their first post; many’s first post will include making a new thread.Skipping steps below could result in adverse effects for legitimate new users.
Step 1: When to be suspicious:If you see a new thread created by a user with a single post, who does not have a profile image, you should be suspicious of it and perform additional inquiries before spending your time on a response.
Step 2: Check the other responses: Before spending time looking forward, see if anyone else has posted a warning that this is a Reddit copy.
Step 3: Check the user’s profile: These accounts are made mere minutes before posting their thread and their recent activity will coincide with that threads creation.Here is a picture of a spam account’s profile:
Note how the account was created 3 minutes, 21 seconds ago, how the last activity was 3 minutes ago, and the spam thread was posted 2 minutes ago.If an account has this pattern of posting, it is very likely a spam account.If it does not show this pattern of posting, it is almost certainly a legitimate account.
Step 4: Google the thread to determine if it was on Reddit: Googling portions of text from the thread or the thread’s title (if the title is longer and specific) will often locate the Reddit thread copied to create the spam thread.Note, everything about the thread, including its title and text, are copied word for word. If you find a thread on Reddit, skip to Step 6.
Step 5: Do a quick look at Reddit: Sometimes Google will fail to find threads on Reddit, even though they exist.These threads are is usually copied from two specific places on Reddit - the r/dndbeyond subreddit and r/DnD subreddit.A quick search of those Reddits can give some peace of mind if the other red flags are there, but Google turned up nothing.
Step 6: Report and warn others: Once you find the thread on Reddit and verify that is, in fact, the origin, you should report the thread for spamming.As a courtesy, you should also post a warning to others that the thread was copied from Reddit, so no one else who might be suspicious wastes time on this.
A Note on Step 3: Step 3, looking to see if the account was made shortly before posting its first post, can also be useful in other contexts.Some threads can get pretty heated - us usually threads about Wizards, race, or other changes to the game.There are trolls who seek to inflame these threads and who make alternate accounts to circumvent bans for bigoted or other problematic behavior.If you are in a thread where tensions are high, and one inflammatory user stops posting, only to have a “new” account begin posting in a similar manner for the same position, you can use the same inquiry as Step 3 to see if they might be a troll’s alternate account, and adjust your behavior to avoid being baited by them.
Anyway, I hope that helps folks. I know I have gotten fooled by these threads often enough that I have a personal vendetta against them. Hopefully this will raise some awareness and help others avoid wasting time crafting responses, only to have them either provide support to a malicious user or have them vanish into oblivion along with the rest of the thread.
Click ✨ HERE ✨ For My Youtube Videos featuring Guides, Tips & Tricks for using D&D Beyond. Need help with Homebrew? Check out ✨ thisFAQ/Guide thread ✨ by IamSposta.
Only a DM since 1980 (3000+ Sessions) / PhD, MS, MA / Mixed, Bi, Trans, Woman / No longer welcome in the US, apparently
Wyrlde: Adventures in the Seven Cities .-=] Lore Book | Patreon | Wyrlde YT [=-. An original Setting for 5e, a whole solar system of adventure. Ongoing updates, exclusies, more. Not Talking About It / Dubbed The Oracle in the Cult of Mythology Nerds
You do realize that the process of inserting malicious content into a thread can be done to ANY thread.
While this is such an obvious false equivalency that it really is not worth responding to, I will respond anyway to make sure no one is unclear on the common sense difference between “any thread” and these Reddit threads.
Any thread can be edited, true, but they are not. In the thousands of threads posted on this site, you will be hard pressed to find many which were edited after the fact to include malicious links. With over 14,000 threads in General alone, even if you found one hundred examples the odds of any thread being converted into something malicious are less than one percent.
Conversely, one hundred percent of these Reddit copies made by brand new spam accounts will contain a malicious link. No exception - that is why these threads are being made in the first place.
Moreover, multiples of these Reddit threads are made daily and have been for the past couple of months. “Any thread” being converted is a problem which does not appear to be pervasive - if it exists at all.
It is pretty obvious why there is a difference between a daily occurrence with a 100% of malicious intent and a possibility which never appears to have happened. Thus, it is pretty obvious why your post has no real constructive merit.
Correct, and that is why the final step in the process is reporting the thread. However, moderators are not omnipotent nor are they omnipresent. Dozens upon dozens of users have wasted thousands upon thousands of words responding to these threads, only for their efforts to be vaporised once the moderation team deletes the thread.
Though this is a known issue, folks keep falling for these threads. This guide is to both raise awareness of the issue and help provide folks the tools they need to identify and avoid posting on these spam threads during the pendency of their (hopefully) brief lifespan.
If you mean "to keep them from being able to do such things", no.
If you mean "deleting them", well, that depends on how many moderators are available at that moment, where they are looking, and what other things they are doing. One of my side gigs is a giant group of folks that has a mere ten thousand users worldwide. The general topic has made it the active target of hate groups and bad actors, who not only lurk for the express purpose of using posts there against an entire community, they also attempt to foment division and on occasion to try and sneak in outright violence and some stunningly horrific stuff (think doctored mutilation stuff).
There truly is no way I can spend every moment of every day vetting all the posts. I have to rely on community reporting.
And that would be true even if it was my full time job -- which I am not certain is the case for DDB mods (hell, I don't know if they are paid employees or volunteers or ICs).
Meanwhile, they have an active userbase in the millions, lol.
Rollback Post to RevisionRollBack
Only a DM since 1980 (3000+ Sessions) / PhD, MS, MA / Mixed, Bi, Trans, Woman / No longer welcome in the US, apparently
Wyrlde: Adventures in the Seven Cities .-=] Lore Book | Patreon | Wyrlde YT [=-. An original Setting for 5e, a whole solar system of adventure. Ongoing updates, exclusies, more. Not Talking About It / Dubbed The Oracle in the Cult of Mythology Nerds
You do realize that the process of inserting malicious content into a thread can be done to ANY thread.
It requires access to their account to do this. Bots that create the account, retain access, thus allowing them to easily edit. It is easier for a bot to copy a post and then edit it later (it's actually very easy to set this up) than it would be to try and hack into an account or try scouring the site for an opportunity for SQL injection, just to add a link. If they could do that - we'd see a lot worse. We haven't, ever, because that's not what is happening.
Moderators are people who do this in their free time. They are too few in number to scour every post and check them. This is why we have a report button - to make it easier to highlight these for moderators. This thread is do it is easier for people to recognise this and not bother posting in a thread that will just get deleted as well as to warn against any links that do appear, while we wait for that deletion to occur.
Rollback Post to RevisionRollBack
Click ✨ HERE ✨ For My Youtube Videos featuring Guides, Tips & Tricks for using D&D Beyond. Need help with Homebrew? Check out ✨ thisFAQ/Guide thread ✨ by IamSposta.
I've noticed the threads constantly, but had a little idea they were used for spreading malware. However, as this system appears to be automated, I doubt it will abruptly stop. Users shouldn't have to deal with these absurd safety risks, and D&D Beyond needs to automate a system to prevent posts that are just copypastas from other sites. Otherwise, countless users will continue to waste time responding to and reporting these threads, and many will be endangered by the links.
Fighting an automated malicious process via reporting works, but it's innefectual compared to the needed automated protection software for here. And we're lucky that the suckpuppets have generally been quite lousy in terms of productive ways to troll on the forums, but we need to adapt now.
Rollback Post to RevisionRollBack
BoringBard's long and tedious posts somehow manage to enrapture audiences. How? Because he used Charm Person, the #1 bard spell!
He/him pronouns. Call me Bard. PROUD NERD!
Ever wanted to talk about your parties' worst mistakes? Do so HERE. What's your favorite class, why? Share & explainHERE.
Out of interest, are the original Reddit posts authentic or are they too created by the spammers?
Hard to say. The links AEDorsay provided above point to a reddit post that looks like a "We're weird players" with little detail or follow through from the OP. A D&D player on reddit didn't go on and on about things is the first red flag. Following OP's reddit submissions leads to 2 other light commentaries about games and a removed post. Their comments don't really scream AI BOT at me though.
Out of interest, are the original Reddit posts authentic or are they too created by the spammers?
Some, at least, are authentic. I've seen the OP responding in a genuine and sincere manner, having conversations and so forth. Even using that terrible text speak and so forth. No way that's a bot - no need for something that authentic. The bots scrape the text from random subreddits to "fool" moderators here. Some don't...but it's not like every subreddit will have someone that bothered about interaction.
Of course, you have to take into account sample sizes etc etc yah di dah di dah, so it may not be true of all instances. However, some at least are originally genuine.
If you're not willing or able to to discuss in good faith, then don't be surprised if I don't respond, there are better things in life for me to do than humour you. This signature is that response.
I've noticed the threads constantly, but had a little idea they were used for spreading malware. However, as this system appears to be automated, I doubt it will abruptly stop. Users shouldn't have to deal with these absurd safety risks, and D&D Beyond needs to automate a system to prevent posts that are just copypastas from other sites. Otherwise, countless users will continue to waste time responding to and reporting these threads, and many will be endangered by the links.
Fighting an automated malicious process via reporting works, but it's innefectual compared to the needed automated protection software for here. And we're lucky that the suckpuppets have generally been quite lousy in terms of productive ways to troll on the forums, but we need to adapt now.
Modiphius' has a reading requirement. You have to read so many posts before you can post yourself. You have to then make so many posts before you can create a thread.
I'm not sure if the effect would be desirable, but it seems to work.
Rollback Post to RevisionRollBack
If you're not willing or able to to discuss in good faith, then don't be surprised if I don't respond, there are better things in life for me to do than humour you. This signature is that response.
The mod team is, where possible, checking new posts (thankfully you can highlight text and right click to Search with Google the selected text), but as with all things, the community's help is invaluable
Modiphius' has a reading requirement. You have to read so many posts before you can post yourself. You have to then make so many posts before you can create a thread.
I'm not sure if the effect would be desirable, but it seems to work.
I'm confident DDB is already using antispam software, otherwise you just get a blizzard of posts with ads for herbal male enhancement products right there in post #1, their software just hasn't caught up with this particular pattern (which is likely hard to filter for).
Modiphius' has a reading requirement. You have to read so many posts before you can post yourself. You have to then make so many posts before you can create a thread.
I'm not sure if the effect would be desirable, but it seems to work.
I'm confident DDB is already using antispam software, otherwise you just get a blizzard of posts with ads for herbal male enhancement products right there in post #1, their software just hasn't caught up with this particular pattern (which is likely hard to filter for).
I've read one of the founders of a minor social media site talking about the battle against spammers. Automated detection is not very accurate. (IIRC, she says about 2/3 accurate, compared to her 95+%) One reason for this is that the spam accounts mostly aren't bots -- they're people. (They may be people working from a set of instructions, but they're still people.)
For DDB, they could probably catch the vast majority of them by having the system auto-flag any account that posts to the forums without ever using the character builder.
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
For the past few months, the General subforum has been under assault by spam accounts. These accounts copy D&D threads from Reddit that look legitimate, only to change their text days later to include a malicious link.
Because these threads look like actual questions or topics for discussion, they often fool users into responding. This gives the perception of legitimacy and thus increases the likelihood the thread survives long enough to undergo its metamorphosis into a truly malicious thread.
Having now seen countless legitimate users wasting their time responding to these threads. I wanted to post a step by step guide to identifying these threads and helping to stop them. Please note, this guide is not intended to justify harassing legitimate new users. Every legitimate user is going to have their first post; many’s first post will include making a new thread. Skipping steps below could result in adverse effects for legitimate new users.
Step 1: When to be suspicious: If you see a new thread created by a user with a single post, who does not have a profile image, you should be suspicious of it and perform additional inquiries before spending your time on a response.
Step 2: Check the other responses: Before spending time looking forward, see if anyone else has posted a warning that this is a Reddit copy.
Step 3: Check the user’s profile: These accounts are made mere minutes before posting their thread and their recent activity will coincide with that threads creation. Here is a picture of a spam account’s profile:
Note how the account was created 3 minutes, 21 seconds ago, how the last activity was 3 minutes ago, and the spam thread was posted 2 minutes ago. If an account has this pattern of posting, it is very likely a spam account. If it does not show this pattern of posting, it is almost certainly a legitimate account.
Step 4: Google the thread to determine if it was on Reddit: Googling portions of text from the thread or the thread’s title (if the title is longer and specific) will often locate the Reddit thread copied to create the spam thread. Note, everything about the thread, including its title and text, are copied word for word. If you find a thread on Reddit, skip to Step 6.
Step 5: Do a quick look at Reddit: Sometimes Google will fail to find threads on Reddit, even though they exist. These threads are is usually copied from two specific places on Reddit - the r/dndbeyond subreddit and r/DnD subreddit. A quick search of those Reddits can give some peace of mind if the other red flags are there, but Google turned up nothing.
Step 6: Report and warn others: Once you find the thread on Reddit and verify that is, in fact, the origin, you should report the thread for spamming. As a courtesy, you should also post a warning to others that the thread was copied from Reddit, so no one else who might be suspicious wastes time on this.
A Note on Step 3: Step 3, looking to see if the account was made shortly before posting its first post, can also be useful in other contexts. Some threads can get pretty heated - us usually threads about Wizards, race, or other changes to the game. There are trolls who seek to inflame these threads and who make alternate accounts to circumvent bans for bigoted or other problematic behavior. If you are in a thread where tensions are high, and one inflammatory user stops posting, only to have a “new” account begin posting in a similar manner for the same position, you can use the same inquiry as Step 3 to see if they might be a troll’s alternate account, and adjust your behavior to avoid being baited by them.
Anyway, I hope that helps folks. I know I have gotten fooled by these threads often enough that I have a personal vendetta against them. Hopefully this will raise some awareness and help others avoid wasting time crafting responses, only to have them either provide support to a malicious user or have them vanish into oblivion along with the rest of the thread.
This needs to be pinned.
Click ✨ HERE ✨ For My Youtube Videos featuring Guides, Tips & Tricks for using D&D Beyond.
Need help with Homebrew? Check out ✨ this FAQ/Guide thread ✨ by IamSposta.
Here's a brand new example fo you to check out: https://www.dndbeyond.com/forums/d-d-beyond-general/general-discussion/184059-my-players-heavily-creep-out-an-npc-and-almost
I *just saw this on reddit*. Less than a minute ago: https://www.reddit.com/r/DnD/comments/17l8dn7/my_players_heavily_creep_out_an_npc_and_almost/
Only a DM since 1980 (3000+ Sessions) / PhD, MS, MA / Mixed, Bi, Trans, Woman / No longer welcome in the US, apparently
Wyrlde: Adventures in the Seven Cities
.-=] Lore Book | Patreon | Wyrlde YT [=-.
An original Setting for 5e, a whole solar system of adventure. Ongoing updates, exclusies, more.
Not Talking About It / Dubbed The Oracle in the Cult of Mythology Nerds
I think the thread was deleted. As it should have been.
Your friendly trans bard!
She/They pronouns
The Goddess of the Strings (thanks for the title Drummer!)
You do realize that the process of inserting malicious content into a thread can be done to ANY thread.
While this is such an obvious false equivalency that it really is not worth responding to, I will respond anyway to make sure no one is unclear on the common sense difference between “any thread” and these Reddit threads.
Any thread can be edited, true, but they are not. In the thousands of threads posted on this site, you will be hard pressed to find many which were edited after the fact to include malicious links. With over 14,000 threads in General alone, even if you found one hundred examples the odds of any thread being converted into something malicious are less than one percent.
Conversely, one hundred percent of these Reddit copies made by brand new spam accounts will contain a malicious link. No exception - that is why these threads are being made in the first place.
Moreover, multiples of these Reddit threads are made daily and have been for the past couple of months. “Any thread” being converted is a problem which does not appear to be pervasive - if it exists at all.
It is pretty obvious why there is a difference between a daily occurrence with a 100% of malicious intent and a possibility which never appears to have happened. Thus, it is pretty obvious why your post has no real constructive merit.
Isn't this what the moderators are for?
CENSORSHIP IS THE TOOL OF COWARDS and WANNA BE TYRANTS.
Correct, and that is why the final step in the process is reporting the thread. However, moderators are not omnipotent nor are they omnipresent. Dozens upon dozens of users have wasted thousands upon thousands of words responding to these threads, only for their efforts to be vaporised once the moderation team deletes the thread.
Though this is a known issue, folks keep falling for these threads. This guide is to both raise awareness of the issue and help provide folks the tools they need to identify and avoid posting on these spam threads during the pendency of their (hopefully) brief lifespan.
If you mean "to keep them from being able to do such things", no.
If you mean "deleting them", well, that depends on how many moderators are available at that moment, where they are looking, and what other things they are doing. One of my side gigs is a giant group of folks that has a mere ten thousand users worldwide. The general topic has made it the active target of hate groups and bad actors, who not only lurk for the express purpose of using posts there against an entire community, they also attempt to foment division and on occasion to try and sneak in outright violence and some stunningly horrific stuff (think doctored mutilation stuff).
There truly is no way I can spend every moment of every day vetting all the posts. I have to rely on community reporting.
And that would be true even if it was my full time job -- which I am not certain is the case for DDB mods (hell, I don't know if they are paid employees or volunteers or ICs).
Meanwhile, they have an active userbase in the millions, lol.
Only a DM since 1980 (3000+ Sessions) / PhD, MS, MA / Mixed, Bi, Trans, Woman / No longer welcome in the US, apparently
Wyrlde: Adventures in the Seven Cities
.-=] Lore Book | Patreon | Wyrlde YT [=-.
An original Setting for 5e, a whole solar system of adventure. Ongoing updates, exclusies, more.
Not Talking About It / Dubbed The Oracle in the Cult of Mythology Nerds
It requires access to their account to do this. Bots that create the account, retain access, thus allowing them to easily edit. It is easier for a bot to copy a post and then edit it later (it's actually very easy to set this up) than it would be to try and hack into an account or try scouring the site for an opportunity for SQL injection, just to add a link. If they could do that - we'd see a lot worse. We haven't, ever, because that's not what is happening.
These are definitely spambots.
Moderators are people who do this in their free time. They are too few in number to scour every post and check them. This is why we have a report button - to make it easier to highlight these for moderators. This thread is do it is easier for people to recognise this and not bother posting in a thread that will just get deleted as well as to warn against any links that do appear, while we wait for that deletion to occur.
Click ✨ HERE ✨ For My Youtube Videos featuring Guides, Tips & Tricks for using D&D Beyond.
Need help with Homebrew? Check out ✨ this FAQ/Guide thread ✨ by IamSposta.
I suspect the crawlers they're trying to target are much more likely to notice links on page 1 (and maybe post 1) than later in the thread.
Out of interest, are the original Reddit posts authentic or are they too created by the spammers?
I've noticed the threads constantly, but had a little idea they were used for spreading malware. However, as this system appears to be automated, I doubt it will abruptly stop. Users shouldn't have to deal with these absurd safety risks, and D&D Beyond needs to automate a system to prevent posts that are just copypastas from other sites. Otherwise, countless users will continue to waste time responding to and reporting these threads, and many will be endangered by the links.
Fighting an automated malicious process via reporting works, but it's innefectual compared to the needed automated protection software for here. And we're lucky that the suckpuppets have generally been quite lousy in terms of productive ways to troll on the forums, but we need to adapt now.
BoringBard's long and tedious posts somehow manage to enrapture audiences. How? Because he used Charm Person, the #1 bard spell!
He/him pronouns. Call me Bard. PROUD NERD!
Ever wanted to talk about your parties' worst mistakes? Do so HERE. What's your favorite class, why? Share & explain
HERE.Hard to say. The links AEDorsay provided above point to a reddit post that looks like a "We're weird players" with little detail or follow through from the OP. A D&D player on reddit didn't go on and on about things is the first red flag. Following OP's reddit submissions leads to 2 other light commentaries about games and a removed post. Their comments don't really scream AI BOT at me though.
How to: Replace DEX in AC | Jump & Suffocation stats | Spell & class effect buff system | Wild Shape effect system | Tool Proficiencies as Custom Skills | Spells at higher levels explained | Superior Fighting/Martial Adept Fix | Snippet Codes Explored - Subclasses | Snippet Math Theory | Homebrew Weapons Explained
My: FEATS | MAGIC ITEMS | MONSTERS | SUBCLASSES Artificer Specialist: Weaveblade
Dndbeyond images not loading WORKAROUND FIXED!!! (TY Jay_Lane for original instructions)
Some, at least, are authentic. I've seen the OP responding in a genuine and sincere manner, having conversations and so forth. Even using that terrible text speak and so forth. No way that's a bot - no need for something that authentic. The bots scrape the text from random subreddits to "fool" moderators here. Some don't...but it's not like every subreddit will have someone that bothered about interaction.
Of course, you have to take into account sample sizes etc etc yah di dah di dah, so it may not be true of all instances. However, some at least are originally genuine.
If you're not willing or able to to discuss in good faith, then don't be surprised if I don't respond, there are better things in life for me to do than humour you. This signature is that response.
Thanks both.
Must feel pretty grotty to find your post has been hijacked for illegitimate purposes.
Modiphius' has a reading requirement. You have to read so many posts before you can post yourself. You have to then make so many posts before you can create a thread.
I'm not sure if the effect would be desirable, but it seems to work.
If you're not willing or able to to discuss in good faith, then don't be surprised if I don't respond, there are better things in life for me to do than humour you. This signature is that response.
Best thing people can do is keep reporting them
The mod team is, where possible, checking new posts (thankfully you can highlight text and right click to Search with Google the selected text), but as with all things, the community's help is invaluable
Find my D&D Beyond articles here
I'm confident DDB is already using antispam software, otherwise you just get a blizzard of posts with ads for herbal male enhancement products right there in post #1, their software just hasn't caught up with this particular pattern (which is likely hard to filter for).
I've read one of the founders of a minor social media site talking about the battle against spammers. Automated detection is not very accurate. (IIRC, she says about 2/3 accurate, compared to her 95+%) One reason for this is that the spam accounts mostly aren't bots -- they're people. (They may be people working from a set of instructions, but they're still people.)
For DDB, they could probably catch the vast majority of them by having the system auto-flag any account that posts to the forums without ever using the character builder.