Tactic winner: convince the enemy that he is doing everything right
Imagine that you are the owner of one of the 100,500 million real estate bulletin boards. You feel that the topic is promising, there is a lot of money in the market, you want to make money and be happy. To monetize your site, you have, say, a common trick: dividing accounts into “user-defined” (you can only post one ad), i.e. free, and "professional" , i.e. sellers accounts for money.
Some bad sellers (because they are bad, we will also call them a bad word - “fraudsters”) , in turn, they also want to earn and do not want to pay you.
As a result, every morning you get another ton of slag ads from “pseudo-partisans” on your site, which only scare users of your site (they are looking for private traders, and in every second ad they fall for another fraud).
')
Most of these sites, including the largest and most famous, use one more or less similar method:
Some sites also put cookies to the user, sometimes they still save their IP. But all this is ineffective: megatons of ads from scammers continue to fall every morning on the site.
The worst thing here is that we view the situation from the perspective of an ideal, fair world. We expect that the scammer, having seen how he was banned, will leave and will not try to add an ad anymore.
Should I tell you that the world is not a box of chocolates? Scammers are becoming more literate: having met with such protection, they, like real hackers, begin to look for a protection bypass. They remove cookies, change the browser, connect through a proxy, buy tons of “left” SIMs on the street and then rush to your site (no wonder, because they earn good money on it).
The most effective way to fight (he works many times better than other methods for me): to make it an illusion for a swindler that he “won”. But only illusion.
What does it mean?
This means that we:
What does a half-hidden ad mean? This means it is not visible to anyone except the owner of the ad (in our case, the fraudster). It is also not visible to non-logged users. What is especially important: for the scammer himself, we show this ad as if it were absolutely normally published and shown along with the ads of other users on the site.
Bottom line: the scammer thinks that he has tricked us, everything has been successfully added to him and with peace of mind goes to the next victim-board. And for other ("good") users, the site remains absolutely clean: they do not see all this scam.
What if the scammer logged out? Will he see that there is no ad?
No, we will determine it by the set Cookie.
But what if he cleans up cookies?
For this, we memorized a maximum of identifying information about it. Now, if he doesn’t find his ad, and tries to add it with a different number, we will determine it by that information and add his new phone number to the black list too.
But what if it deletes cookies, changes the browser, connects the proxy andreplaces the gender ?
The solution I proposed is certainly not a panacea. You can come up with many more ways to identify the fraudster, but none of them is 100% redeemable from villains. Manual work for moderators will still remain, but now it will be significantly less.
Why are you so sure that scammers will not immediately trick?
Because their work is also not only your site. After each bulletin board, clearing cookies / change proxy / change user-agent / change phone number is all the work for them.
PS: I thank you for being able to finish reading this terrible canvas of the text to these lines, I hope I spent a few minutes of your life for good reason.
PPS: reproaching me for writing a topic with Q & A , did you notice that actually I was the author of the answer to that question?
Some bad sellers (because they are bad, we will also call them a bad word - “fraudsters”) , in turn, they also want to earn and do not want to pay you.
As a result, every morning you get another ton of slag ads from “pseudo-partisans” on your site, which only scare users of your site (they are looking for private traders, and in every second ad they fall for another fraud).
')
What is the most common way to deal with such fraudsters?
Most of these sites, including the largest and most famous, use one more or less similar method:
- determine that a scammer is hiding under the ad;
- put his contact phone number in the black list;
- at the next attempt to add an ad with the same phone number, we say “atat!” to the user and refuse to add his ad.
Some sites also put cookies to the user, sometimes they still save their IP. But all this is ineffective: megatons of ads from scammers continue to fall every morning on the site.
What is the main mistake of this approach?
The worst thing here is that we view the situation from the perspective of an ideal, fair world. We expect that the scammer, having seen how he was banned, will leave and will not try to add an ad anymore.
Should I tell you that the world is not a box of chocolates? Scammers are becoming more literate: having met with such protection, they, like real hackers, begin to look for a protection bypass. They remove cookies, change the browser, connect through a proxy, buy tons of “left” SIMs on the street and then rush to your site (no wonder, because they earn good money on it).
How to more effectively deal with such a phenomenon?
The most effective way to fight (he works many times better than other methods for me): to make it an illusion for a swindler that he “won”. But only illusion.
What does it mean?
This means that we:
- we determine that this user is a fraud;
- in spite of this, we add its declaration to the database , but make it “half-hidden”;
- set him a perpetual cookie that he is a crook;
- we remember the current time and the maximum of unique information about it (IP, User-agent, e-mail, etc.).
What does a half-hidden ad mean? This means it is not visible to anyone except the owner of the ad (in our case, the fraudster). It is also not visible to non-logged users. What is especially important: for the scammer himself, we show this ad as if it were absolutely normally published and shown along with the ads of other users on the site.
Bottom line: the scammer thinks that he has tricked us, everything has been successfully added to him and with peace of mind goes to the next victim-board. And for other ("good") users, the site remains absolutely clean: they do not see all this scam.
What if the scammer logged out? Will he see that there is no ad?
No, we will determine it by the set Cookie.
But what if he cleans up cookies?
For this, we memorized a maximum of identifying information about it. Now, if he doesn’t find his ad, and tries to add it with a different number, we will determine it by that information and add his new phone number to the black list too.
But what if it deletes cookies, changes the browser, connects the proxy and
The solution I proposed is certainly not a panacea. You can come up with many more ways to identify the fraudster, but none of them is 100% redeemable from villains. Manual work for moderators will still remain, but now it will be significantly less.
Why are you so sure that scammers will not immediately trick?
Because their work is also not only your site. After each bulletin board, clearing cookies / change proxy / change user-agent / change phone number is all the work for them.
PS: I thank you for being able to finish reading this terrible canvas of the text to these lines, I hope I spent a few minutes of your life for good reason.
PPS: reproaching me for writing a topic with Q & A , did you notice that actually I was the author of the answer to that question?
Source: https://habr.com/ru/post/131214/
All Articles