Preventing abuse, part 1

As a young product (especially an anonymous one), you have to protect the environment you want to support on your service from early on. Ideally you want people to use your creation for good, magical things you could've never thought of. While that seems to be the overwhelming case on, there are of course people who try to take advantage of a service like this.

One of the earliest cases was last summer, when I noticed an unusually high number of new posts start to come in while passively watching our scrubbed application logs. They happened regularly and frequently enough to seem like some kind of robotic use, so I went into our web server logs, and saw they all originated from the same IP address. Since I assumed some kind of spammy behavior, I then went and looked at a few of the recently-published posts. Each was the exact same, with a few words and a link to some site. I saw most had a few views, with a lot of referrals from facebook. I blocked the IP address from publishing new posts, verified the posts were stopping, and went back to bed.

The next night I saw the same thing, this time from a different IP address. The text was the same and the URL was now a different, shortened one. So I modified the application to check for similar text and, if it was found, prevent publishing and instead present the spammer with an amusing “spam” page asking the poster why they aren't writing about their feelings. They eventually stopped trying.