PCPartPicker

  • Log In
  • Register

Temporary removal of manually specified custom parts

Forum Search

Guidelines

  • Be respectful to others
  • No spam
  • No NSFW content
  • No piracy or key resellers
  • No link shorteners
  • Offensive content will be removed

Topic

philip 2 months ago

UPDATE 11/28/2017: Manually added custom part support is back, but only for logged-in users.

Hi everyone,

I come with some bad news - today we had to temporarily turn off manually specified custom parts. Basically if you click "Add Custom Part" and then wanted to manually enter details of the part, price, name, etc - that is no longer available right now.

Spam.

We're doing a full unroll of data here to understand the breadth of it, but starting about a day and a half ago we had a monumental surge in spammy traffic. That traffic was generating accounts, and then in those accounts generating saved part lists. In those saved part lists, they then created custom parts saying "watch some movie XYZ that recently released online", and linking to a url in the custom part for that movie content.

If you just tweeted the link to the movie content on twitter they'd shut you down quickly for spam. So instead they tweeted the link to the user saved partlist permalink, which in turn contained the link to the movie content. Or they linked to us via other avenues to redirect to their sites.

In the past few days, we saw thousands of accounts generated for this purpose. This is a bit of internal details, but between active accounts and banned accounts we have a middle step - comment-banned accounts. They can log in, but are not able to produce forum topics, comment on posts, etc. We do this for most of our spammy IP ranges. However, there was a loophole that comment-banned user accounts could create and link saved part lists. That's fine, except that those part lists could also include custom parts, with spam titles and urls. We had flagged most of the spammy part lists as comment-banned, but the comment-banning didn't help. Custom parts with spam still leaked through.

So what we intended for good, got repurposed for spam. As is what happens with everything on the internet... The short term solution was to remove manual custom part support. We hope to re-add it at some point, but it'll have to be a careful and thoughtful way of doing it. We've also made it so that comment-banned accounts now list all saved part lists as private, so their spam content cannot be propagated.

The lesson here though is this - you can't allow any feature that allows anonymous user-generated content and remain spam-free.

We've had a couple of exciting days development-wise countering this source of spam. It's a battle that never stops - we get hit, we implement countermeasures, and then they adjust. Rinse, repeat. In the end though, we continue to grow stronger. Every time we get hit by spam like this, new tools to autodetect and remove it get implemented and rolled out. We did it for the first big spam wave in 2012, and every big instance after that. (Just one of those things you know you're going to spend dev time on, but never know exactly when.)

Again though - once we feel we've done analysis on past saved part lists, then we'll work toward implementing a spam-safe solution to this. But I don't want to start on that until we've removed all the spammy content that we may missed during the past few months.

UPDATE 11/23/2017: Analysis complete. We banned a bunch of spam accounts. And it appears that the spammers have since moved on to other sites. I have code changes ready to go live that will restore manual custom parts for logged-in users. Right before Black Friday is literally the worst time to deploy code though. I'll try to deploy that later tonight post-turkey, assuming I can do so without breaking anything. (What could possibly go wrong?)

UPDATE 11/25/2017: To reduce risk of breaking something during Cyber Monday, I'm holding off on the custom parts re-enable until Tuesday 11/28.

UPDATE 11/28/2017: Manually added custom part support is back, but only for logged-in users.

Comments Sorted by:

ewhac 1 Build 21 points 2 months ago

My sympathies, sir. This site remains a valuable resource; I hope it's still well within your "worth the hassle" threshold.

TheOfficialCzex 3 Builds 11 points 2 months ago

RIP custom parts 2K17. May spam be destroyed.

Seaw33d 7 points 2 months ago

Can you guys add the capability to put EKWB Products into the auto URL Custom part system?

Phoneboy101 2 points 1 month ago

yeah

DynasticTech 2 points 1 month ago

That's exactly what I was using it for too

Vinyl_Scratch_ 7 points 2 months ago

Well this sucks... RIP all the watercooling and specialized custom parts... Oh well

At least it plans to be complimented, all the more power to you guys to keep fighting the spam fight and try to improve this forum.

yasinmaster 4 points 2 months ago

i just wanted to create a new part list after like 1 year and this happens at the exact same day. nice luck.

lily_anatia 3 points 2 months ago

why not just remove the url field?

philip staff submitter 10 Builds 5 points 2 months ago

It still allows for anonymous user-generated content in the part list - someone could just inline the URL in the custom part title.

whocouldguess 1 point 1 month ago

What if you just had to fulfill a captcha every time you try to add a manual custom part?

philip staff submitter 10 Builds 5 points 1 month ago

We use captchas during registration - they don’t stop spammers (just prevent some forms of automation). Non-spammers are a much much larger portion of our users than spammers, so forcing a captcha would just end up punishing our regular users for a few spammers (and wouldn’t effectively stop the spammers either).

whocouldguess 1 point 1 month ago

Ah, okay. Thanks for the response!

JCMsergox 2 Builds 3 points 2 months ago

That sucks, but its the nature of the humans. We get a nice, cool feature but it has to be revoked due to people abusing it.

Hope it comes back soon.

TVinyard 3 points 2 months ago

Understandable. Wish it didn't have to happen though. The manual entry feature was handy for adding parts like Fan splitters and whatnot. As someone who is still planning their first-ever build, it was nice to be able to keep track of those weird parts that aren't in the standard segments.

Edit: Dummy fixed his spelling

acs590 2 points 2 months ago

Well, I hope you fix the problem soon, thanks for the notice!!!

philip staff submitter 10 Builds 10 points 2 months ago

We should have it back up pretty soon (complicated by holiday craziness). When it returns it’ll only be available to registered users though.

X3n0M0rph 3 points 2 months ago

How many people do you have working at Pcpp? You guys seem to be on top of everything

acs590 1 point 2 months ago

ok, that will fix a lot of problems

Captaincow285 0 points 2 months ago

registered users

Umm.... I would like a bit of clarification.... Is that those who confirm their e-mail addresses, or are you creating a register of users? I am thinking e-mail verification.

philip staff submitter 10 Builds 1 point 2 months ago

By registered users, I'm talking about users who have created an account on the site.

Captaincow285 1 point 2 months ago

Ah. Ok.

cobbleking 2 points 2 months ago

The day I decide to update my part list.......

Got a timeframe for when it'll return?

RainRP 2 points 2 months ago

when can i expect it to be back?

Timelord0 2 points 2 months ago

Some simple stuff like requiring account be one month old and tied in via Google Identity Platform could put a very nice dent in it. Perhaps custom parts are only able to be seen by registered users (masked otherwise) on top of that? Inconveniencing the users of the pirate spammer's links is what you need to do to end up a not ideal host for the spam pirate.

tragiktimes101 2 points 1 month ago

It finally affected me! I went to go throw up an optiplex build and BAM! XD

I have noticed a lot of Arabic spam now too...this is just weird.

mongoliahero 2 points 1 month ago

That sucks but thank you guys for taking action, without this site I have no where else to build my imaginary rig.

_haru 2 points 1 month ago

Patiently waiting for the new code :)

Captaincow285 2 points 1 month ago

Yoo-hoo! Custom parts back!

Captaincow285 1 point 2 months ago

Umm.... That's bad.

Piracy + spam. Bad.

Prince45 1 point 2 months ago

Aww I was planning on doing a build involving custom parts. Do you know when you'll have it back up?

tragiktimes101 1 point 2 months ago

I don't know if it's related at all, but I noticed a lot of spam in the "Other" category yesterday. But these were involving the sale of illegal counterfeit currencies. So probably a coincidence?

philip staff submitter 10 Builds 1 point 2 months ago

Almost certainly related, yes.

tragiktimes101 2 points 2 months ago

Criminal innovation...smh

Thanks for all the work you all do to limit this kind of abusive material.

XPGeek 1 point 2 months ago

Thanks for the update! I was looking for that feature today and was wondering where it went! :) Appreciate the communication, and hope it's back online soon!

Cicero_ 4 Builds 1 point 1 month ago

I’m sure you’ve probably thought about this and there’s got to be a good reason against it, but wouldn’t you be able to stop this spam by increasing the perameters of a “comment ban” to also include the inability to make custom parts? That way normal users can still make them, but spammers are unable because they are, as you said, within comment banned IP ranges.

philip staff submitter 10 Builds 1 point 1 month ago

That will happen for sure. Previously though you could add custom parts to a part list even without an account. Comment banning, at least from how we’ve implementing it, is tied to the account. We may auto comment ban from abusive ip ranges, but our list of ipa is far from comprehensive.

Cicero_ 4 Builds 1 point 1 month ago

So the plan then is to make custom parts a privilege for only users that have accounts that aren’t comment banned? Or is there more you plan on doing?

philip staff submitter 10 Builds 1 point 1 month ago

That’s the plan. Though I don’t know if I call it a privilege, but rather adopting a strict policy of not allowing anonymous unregistered visitors to post user-generated content. I’m surprised it survived this long without being a spam vector.

hypergalaxy8 1 Build 1 point 1 month ago

Maybe you could add an "Allowed website" list that many people on this site can contribute to. Idk.

Tyki7125 1 Build 1 point 1 month ago

May I suggest putting in a known vendor's list, which would allow custom links from vendors that you trust like Performance PCs, EKWB, etc. It's a bandaid solution, but I feel that this would work for the most part.

Ideally it would be able to create a new product like Amazon and NewEgg do already, but that would take more work.

philip staff submitter 10 Builds 3 points 1 month ago

Custom parts should return very soon for logged-in users.

LoneCrusader 1 point 1 month ago

Awesome news! Just a suggestion, you could have a pre-approved URL domain name. If it's not in the list of names we could ask for it in the additions section. Then again you would need to disallow URL shorteners though.

Nymical 1 point 1 month ago

Link shorteners are already banned

LoneCrusader 1 point 1 month ago

It'll be nice once they bring this feature back, I'm tired of using Excel for my custom parts.

Captaincow285 1 point 1 month ago

Cool! Thanks for doing all this!

cristiancl 1 point 1 month ago

So that is why i've lost my list. I got an empty list on the main page instead of my build list that i was slowly creating. Is there any way of recovering it?

philip staff submitter 10 Builds 1 point 1 month ago

This change wouldn’t remove parts. If your part list went blank, it was likely because you accessed the site from a different computer, cleared cookies, or did something else to clear your session.

cristiancl 1 point 1 month ago

Is there any way to recover that list?

SaschaCory 1 point 1 month ago

There wouldn't be, no. Just a recommendation for next time, whenever you finish editing your primary list, save it under "Save Parts Lists", just override that save every time you edit it, and then edit it from the "Saved Parts Lists" section every time. This is just a good habit to get into, prevents stuff like this from happening, makes it accessible on any computer, and allows you to work on more than one list at a time.

cristiancl 1 point 1 month ago

I did it on the first time i started my build, i thought there was some kind of auto save feature.

pianoplayer88key 1 point 1 month ago

That gets me thinking...

Instead of the default URL always being just https://pcpartpicker.com/list/ (which is generic, and you lose your list when, as @philip said, you clear cookies, use a different PC, etc), maybe there'd be a way of automatically saving the specific parts list URL in browser history (like https://pcpartpicker.com/list/6RPLhq ) so that if you close your session accidentally, you can easily restore your parts list. :)

Hey Philip is there a way to resize the comment window width? It's only taking about 1/3rd of my screen's width. (I was about to reply to cristiancl's comment and it was taking about 1/10th then.)

Also I have a multilogin plugin on Chrome, which allows me to be working on several parts lists at once from the same browser, I think it uses a separate session cookie for each group of tabs. Sometimes I've had several dozen lists in progress at once.

When the browser crashes, though, those sessions get lost, so it'd be nice to a way of restoring the lists like I outlined above. (Sometimes I'll get lucky and copy the permalink URL and navigate to that before it crashes, but sometimes it crashes before I can do anything.)

Also, often when restoring a session with a lot of PCPP tabs, or even when I just mousewheel-click down a list of parts to open them in new tabs, I often get things like https://pcpartpicker.com/ratelimit/?marker=pl______&timestamp=1508838441&target=%2Flist%2FRDxR6X&verify=7e9ee68ece892fadf2b7a7c73b4ea18972d4112d&periods=60%2C300 which slows me WAY down. :( Any way I can fix that at my end so I can work faster with things on here? :)

I hope the custom part configurator is reimplemented soon. :) (I don't see it up right now even though I'm logged in.) I was gonna try to create some parts / price build lists with some older LGA1366 / LGA771 / Socket F dual or quad socket server motherboards that don't exist on the main site, for example. (A couple I have open in other tabs, just not on PCPP, are the Supermicro X8DT6 and H8DAE-2; last I looked on ebay they were $100 and $70 respectively.)

philip staff submitter 10 Builds 2 points 1 month ago

When the browser crashes, though, those sessions get lost, so it'd be nice to a way of restoring the lists like I outlined above.

Gives me an idea - when I get some time post-Cyber-Monday I'll see if there's something I can do here.

Hey Philip is there a way to resize the comment window width?

Not currently. :(

Custom parts should get readded soon. I had planned on today, but we're still above typical on traffic due to Black Friday. From a risk standpoint, I'm going to wait until after Cyber Monday to roll it back out.

pianoplayer88key 1 point 1 month ago

Gives me an idea - when I get some time post-Cyber-Monday I'll see if there's something I can do here.

Ahh, that might be interesting, hope you can come up with something to add the perma URLs in history or something like that.

Speaking of which, I just noticed the history button which shows the list of changes you've made, along with a visibly-truncated link to each permalink URL. (I'm sure it's been there a long time, I just noticed it though.)

Maybe there'd be some way of reviewing that history even after closing a session? :)

cristiancl 1 point 1 month ago

The history is based on your session. If it is cleaned, your history is cleaned as well.

Philip, would it be possible if those who are logged had a way to track every list they create? regardless of session, cookies etc? I don't know how your DB is designed, but if there is a way...

I think i've losted my list because my Firefox automatically updated to Quantum while i was traveling (and the computer was 24/7) and then it cleared everything or some extension messed it up. I tried to restore a previous version of the profile folder, recovering the cookies, but that didn't help at all.

ClairaOswald 1 point 1 month ago

Please add Vengeance® LPX 32GB (4 x 8GB) DDR4 DRAM 3866MHz C18 Memory Kit - Red (CMK32GX4M4B3866C18R) http://www.corsair.com/en-gb/vengeance-lpx-32gb-4x8gb-ddr4-dram-3866mhz-c18-memory-kit-red-cmk32gx4m4b3866c18r

Wi1dCard 1 point 1 month ago

not the place to put this

MannyPCs 1 point 1 month ago

:(

Hope it can be added again soon.

Bobsanderz 1 point 1 month ago

Likewise

mauriciomdea 1 Build 1 point 1 month ago

Nice response! Transparent and fast, congratulations!

[comment deleted]
[comment deleted by staff]
[comment deleted by staff]
philip staff submitter 10 Builds 1 point 1 month ago

We did that for commenting originally, and it only served to make it harder to catch spam. We've reinstated custom parts for registered users - so far it's been fine.

[comment deleted by staff]