A peek into Reddit's anti-spam internals
101 points by rebane2001
101 points by rebane2001
Really interesting material and research (as she mentions in the conclusion, you rarely get to see the details of anti-abuse mechanisms like this), but what caught my eye was Lyra's characteristically deft CSS. The custom censor bars and red circles on the rebuilt reddit UI made me think they were screenshots at first, when they are in fact fully-interactive mockups.
Always excited to see a new blog post from you! Both for the very interesting content and the awesome recreations of other UIs. I've found at least one easier egg so far :)
thank you! i put a lot of them in the post this time ;)
A heads up, the site somehow causes Safari, both Desktop and Mobile on v27, somehow to display an error page. Loading from the Wayback Machine works, just as using desktop Firefox.
EDIT:
bisect plz
It's somewhere in the art-frame from line 404 (lol) on
EDIT2: I've gutted it and it crashed somewhere else. Might be a genuine browser bug lol
EDIT3: for sure, it works fine on older safari, 18.6
interesting, i haven't been able to repro both on the latest safari as well as the one that ships with sequioa
i wonder if it's safari not liking the way i'm censoring stuff? it uses svg filters, so i wouldn't be surprised if something somewhere in safari is broken or poorly optimized with that
Yep, it's the censor indeed. Commenting out feOffset and feDisplacementMap fixes the crash. Still, it's a WebKit bug.
thanks!
i'm still wondering how i could even test it, because i can't repro it on the xcode iphone simulator, and i asked a friend with an iphone to check it and it works fine for him too
could you try these three links and let me know if any of them dont crash for you:
https://lyra.horse/blog/2026/06/reddit-spam-internals/fix1.html
https://lyra.horse/blog/2026/06/reddit-spam-internals/fix2.html
https://lyra.horse/blog/2026/06/reddit-spam-internals/fix3.html
All 3 crash. I have the iOS&macOS 27 dev beta2 FWIW, it crashes on that. Also, curiously, it works inside QuickLook just fine.
ooh i figured out i can actually get the iOS27 simulator if i download the xcode beta from a dev account, and the crash repros there!
thank you for the help, i'll see now if i can fix it in any way ^^
edit: "fixed" it for now by detecting safari and forcing a basic blur filter in css
I think I found all seven (six?) of them (cute pixel art btw), but encountered an issue (not sure if it's related to the scores easter egg).
The blurred post about coins also seems to blur the second line below it about removals adjusting based on mod actions, as well as some of the adjacent scores. Without the scores I probably wouldn't realize the line was even there.
This happens on a slightly outdated version of ungoogled chromium I use on my laptop, doesn't happen on Firefox on my desktop.
I do have a tiny system font size set on my laptop to save screen space, so it may be the post simply expecting more area than it gets.
I wanted to try this on my own account, so I put the string
<pre>UA-49307539-2</pre>on a website and posted a link to it on Reddit. [...] My test account (5 years old!) got banned immediately, and all of its post history got wiped too. RIP /u/popstonia. For this reason, I changed the real number in this blogpost to UA-49307539-, which is in reality a random number - I would rather not put a piece of text out there that can kill people’s accounts through just posting it.
Haha, wow, that's wild—I hope that that account truly was a test account and didn't have anything important on it!
The problem with aggressive anti spam features is that creating new accounts on e.g. reddit is basically pointless these days. I wanted to create a new account recently so that I have a separate identity as my old account names were used in too many places on the internet and wanted to move on. Ok so let's try making a new one; literally all new 2 or 3 accounts that I tried creating got instantaneously shadow banned for unknown reasons, this included stopping me from creating my own private multi-reddits becuase I was "executing too many requests" by clicking around on the site. Ignoring that even if you create a new account successfully most subreddits ban all interaction for new users. At the same time if you go through comment sections on popular subs it's pretty obvious that quite a lot of accounts are bots pushing political narratives. Changing names of old accounts is just not supported of course even though in my eyes there is nothing weird about someone wanting to be called a different name after 15 years of using the website.
All those measures make it overall an unpleasant environment imo. I think the website is effectively dead in it's old form and is just propped up by the inertia at this point. So cool maybe they stop some spam but also made the website unusable and I don't know where the balance is.
That's an interesting effect. Bot account operators can figure out how to age an account safely but humans get shadow banned for reasons they don't understand. Those sort of false positives would prevent or limit humans from joining, increasing the bot ratio.
At least in the subreddit I moderate, most bot account operators are not aging their accounts (why would you when creating a new account is so easy?) and most shadowbanned accounts are violating Reddit's Content Policy in some way. Reddit's enforcement against automated accounts seems to have increased lately, but I think this is a good thing because it means that more obvious bot accounts are being actioned without me having to manually do things.
for anyone curious, the included perspective api key is invalid
The censored consultancy being shown as spam example in bans (2016 - present) being Puppygirl Consulting (they might be good at digging?) should be a hint to dev tool addicts that the censored parts are probably fake / easter eggs :^)
I like reading about forum anti-spam technologies as I developed a few moderation add-ons for XenForo more than a decade ago.
This is a state-of-the art article full of things that I didn't know and in such a great detail, kudos!
trying to open this in mobile Safari (on the newest developer beta of iOS on my iPhone 16 Pro) gives the error “a problem repeatedly occurred on <url>,” so i am unable to view it
yeah, no idea what's up with that and i don't have my iphone with me atm
if anybody wants to bisect the html to see what's causing the crash i would be very grateful