It’s almost funny how persistent they are, though. But an lot of their posts feels like it was written by AI, just without the random recommendation for an third-party.
Speaking of which, had anymore found out exactly what these “free” games are or is it just an byproduct of the holidays running around?
I just literally had a conversation with a new profile, went back to the forum question list, saw one pop up “I’m a new user need help” of the same user, clicked that, and got to a spanish APK advertisement. Not even a page redirect, just literally a bot post edited on the millisecond to become an APK advertisement. what. the. hell. I tried discussing this topic years ago! now the report button doesn’t even let you report things directly. Even less contact with EPIC these days than it used to be. Where are you hiding staff?
Sometimes though, there’s more junk that human content, literally. Is it really worth their while, or just they just buy a ‘bargain hack pack’ of forum and discord ids?..
From a security point of view, it could just be a botnet battle trying to get as many bot profiles on here as possible. Getting banned for reason X is one way to improve strategies I suppose. If the forums is largely botnet that means power for the controller. Like spreading false info, dangerous links, large scale exploit attacks (scripting), flooding the mods with false reports etc. mods better be taking my posts seriously. The way the forum is duckttaped together I don’t expect much of security… probably less secure than emailing strangers.
I’m honestly getting pretty sick of it. I’m on the forums to help a few people when I got the spare time, not looking for this virus BS.
It seems the “edit” function on the posts is too exploitable. It goes right past any checks done on initial posts. Same goes for pre formatted posts (like the bug submissions), you can make anything of them. Only thing we’re still missing is the remote code execution attacks before it all goes up in flames. ffs.
EPIC could use AI to extract context and cue a post for mod approval. In the end, I expect that this would still reduce the time for mods spending time on this compared to responding to post reports.
On github, just look for “ai summarize / analyze / conversation” to find models capable of detecting suspicious content. I know it works because I used one long ago. These days so many are released that I literally lost which one I used back then… It takes one server and 1 maybe 3 GB of RAM to process it in less time than the average user will load a forum page. I’d feed it an entire wikipedia page and ask a question like “what happened in 1962” and get an accurate answer summarized from its contents. These days results can only be even better. All the stuff is free on Github and Huggingface.
I’ve also noticed similar patterns in APK posts (and similar game spam). some of them are spanish, some have recurring words like granny.
XD well it takes a liiiitle more. When I reply to you mentioning a.p.k. my post is already flagged for mods. in my case, I’m not advertising one. that’s where AI comes in to grab the context. Funny thing, when I add the dots in a.p.k. It doesn’t get flagged. Again, that is where AI comes in :). It’s a piece of pie for me to write a sh"tpost bot to spam these things and a regex can’t detect context, only exact text patterns.
This whole war on spam/bots/or malware is like football game, when only one team has gate (and without gatekeeper). This team is Epic mods, Forum Owners, AV companies.
First there are more people that try to exploit than people that defend, esp when attackers can get some gain from it.
Also defender cannot respond proportionally, well cannot respond at all, can just defend. Banning bot accounts is just defense, bad guys can create multiple bots. Epic cannot do any harm to actual creators.
Same goes for malware detection, AV can only defend and response. All attackers must do is update detection, and try new mutations until it fails. Same would happen with automatic detection of spam. They get banned automatically for few days, in that time they improve creating new ones, banning script fails, and bad guys just improved botnet.
This is the critical portion, any system that can fight it proportionally (without recent advances like AI though they are less scalable due to token cost) would incur lots of false positives, which also need to be processed and corrected as not to disrupt legitimate users.
I feel like by now any networking device (router firewall, firewall) should have an AI defender built in into the OS by default as well, and be able to fully look into the traffic (in AND out). Yes it will need a better CPU and more RAM, no it’s not overkill. AI doing defender’s job as heuristics scanner could be updated at home. Bad traffic should be dropped as early as possible. At some point they will just start to exploit forum flaws in more dangerous ways. There’s already software like suricata, but hardware and such statuc rules for that are made expensive for the average user. Advanced defense should be made available to everyone.
I feel like lately I’ve been seeing more APK link posts than real posts. I really wish there was just some basic 1-2 click process to report them like on all the other discourse based forums