Welcome Guest.   Make a donation to an author on the site November 23, 2014, 04:14:10 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
The N.A.N.Y. Challenge 2010! Download 24 custom programs!
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: How to stop forum spam ?  (Read 4295 times)
ecaradec
Honorary Member
**
Posts: 408



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« on: June 21, 2011, 04:39:19 AM »

I run a forum at work and we are constantly spammed, I've put a recaptcha, but still got a lot of annoying messages. DC is almost free of any spam, I've never seen one actually, so I was wondering how you guys handle it ? If you can't publicly explain the measures, I'll be happy to learn about that in PM if you have special tricks. I promise to use this for goods.
Logged

Blog & Projects : Blog | Qatapult | SwiffOut | FScript
eleman
Spam Killer
Supporting Member
**
Posts: 286

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #1 on: June 21, 2011, 04:48:13 AM »

I don't know how they do that but spam messages get immediately deleted as far as I understand, but not before the notification system sends a notification about the new topic, if you have that board on the notification list.
Logged
tomos
Charter Member
***
Posts: 8,694



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #2 on: June 21, 2011, 05:31:39 AM »

I think it's just that it's so active here - I've ofen seen (& reported) spammy posts, even if I dont report they seem to get removed pretty quickly.

I thought this (ways of avoiding spam) was discussed here lately but could only find this about "StopForumSpam"
http://www.donationcoder....m/index.php?topic=26942.0

StopForumSpam works, and is a very useful service  thumbs up
Logged

Tom
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,326



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #3 on: June 21, 2011, 06:00:59 AM »

Forum member Wordzilla made a little tool awhile back that some of us moderators use to keep an eye on the forum. We see each and every post made within seconds and can quickly click the link to the profile from it and ban any spammers.

In the event that nobody running this app is at their computer and paying attention, the feed is posted by mouser's IRC bot into our IRC channel and anyone noticing any spam through there usually alerts a moderator by typing the word "spam" repeatedly till someone in the channel goes and deletes it.  Grin

Moderators also get email alerts when new members make a post, and we get alerts whenever anyone edits an existing post (some spammers will come back a month later and add their spammy links to what otherwise would have been an innocent looking post).

Mouser has also modified the forum slightly to make it less attractive to spammers, including nofollow links in posts made by new members, no signatures for new members, and no profile info visible on new members (we got tired of cleaning up profile spam on people that register just to make a profile of spammy links and never making any posts)

If you would like to see just how much post spam DC really gets, take a look at my commenting history on WOT, where reporting forum spammers has gained me gold member status: http://www.mywot.com/en/user/148822/comments

Logged

jgpaiva
Global Moderator
*****
Posts: 4,711



Artificial Idiocy

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #4 on: June 21, 2011, 06:04:56 AM »

I help with deleting spam, but mostly on reported posts, and clearly not enough to contain the hordes of spam that charge against DC every day. I'd say it's mostly mouser (who never sleeps, BTW) that has a direct brain-to-server connection and scans every new post on DC. I (and the few other people who can delete posts) only delete those who escape his sight because his cat distracts him tongue

[damn, app beat me to it with a better explanation tongue ]
Logged

eleman
Spam Killer
Supporting Member
**
Posts: 286

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #5 on: June 21, 2011, 06:07:42 AM »

escape his sight because his cat distracts him tongue

That must be one skillful cat to distract mouser even for a split second. Hurray for the cat then.
Logged
jgpaiva
Global Moderator
*****
Posts: 4,711



Artificial Idiocy

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: June 21, 2011, 06:14:43 AM »

escape his sight because his cat distracts him tongue

That must be one skillful cat to distract mouser even for a split second. Hurray for the cat then.
Actually, now that I've seen app's WOT profile, I think my post should refer app and not mouser tongue So, hurray for app's cat tongue
Logged

app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,326



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #7 on: June 21, 2011, 06:28:34 AM »

Actually, now that I've seen app's WOT profile, I think my post should refer app and not mouser tongue So, hurray for app's cat tongue

I report ALL spammers on WOT, not just the ones I ban, so it's not all my doing. I referred to that link only as a way of seeing what actually goes on behind the scenes here. Also, that list doesn't give you any idea how many of them are repeat offenders, since I can only report and rate them once.

I think you were correct when you credited mouser for the bulk of the spam removal. As a forum admin it's a little different when he bans a spammer and removes their posts...when he does it, it's gone forever to a land where nobody can see it, not even us moderators. When a moderator bans and deletes spam, other moderators can still see it in the deleted posts section.
Logged

ecaradec
Honorary Member
**
Posts: 408



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #8 on: June 21, 2011, 06:48:44 AM »

Hey,

The thread is actually more enjoyable that I expected : There is so many people involved in making DC works, that it felt like magic, where actually real people are doing a lot of work in keeping it enjoyable.

Thank you all Wink
Logged

Blog & Projects : Blog | Qatapult | SwiffOut | FScript
rgdot
Supporting Member
**
Posts: 1,663


View Profile WWW Give some DonationCredits to this forum member
« Reply #9 on: June 21, 2011, 09:59:44 AM »

Only method that has worked for me is a question and answer to complete registration. Even easy question dropped spam big time.
Logged
mouser
First Author
Administrator
*****
Posts: 33,692



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #10 on: June 21, 2011, 12:40:18 PM »

My observations:

1. Last year i discovered that some automated bots have been successfully defeating the captcha on the smf forum system we use, and registering 50-100 fake users per day.  I put in place several handmade fixes to the registration page, including a few changes to the captcha to make it harder and use non-standard fonts, and swapping around some of the input fields.  The result being that the automated bots that think they know how to solve smf forum system captchas now fail.  I also save the failed captcha attempts to a db table so i can look at them, and it's quite interesting to watch the bots fail.  for those curious, they also tend to fill in missing fields with the name of a US military branch (air force, navy, army, marines) -- why, i don't know.  So hardening the captcha on the registration page and using some non-standard changes to the default used by your forum system so that you stop spam bots from signing up -- this is your first line of defense.

2. But stopping bots wont stop all spammers, some sign up manually.  For that, integrating a service like stopforumspam can be incredibly powerful in stopping spam.  whatever forum you use, find an addon that can query stopforumspam or something similar -- that's your second line of defense.

3. Then you can try to make your forum less appealing, by doing some of the thing's app describes that i did, making links nofollow so that they don't benefit spammers much.  Personally I don't think spammers pay enough attention to realize this, so it won't discourage them, just deny them the benefits after they do spam.

4. The fourth and final line of defense is the human factor.  Here's what i did for us -- i wrote a custom email notification thing that alerts us moderations whenever someone makes a "suspicious" post OR profile modification.  What qualifies as suspicious is if it's their first or second post, if they are a new member, if they have a url somewhere in what they are changing, etc.  The email includes a summary of the change they made, and a quick link to ban them.  This is our secret for how we keep the tricky spammers from ever surviving for more than a few minutes on our site.. This is what allows us to catch the really sneaky ones who do tricks like make a normal post, then wait a month and edit it to add spam links in their old post.  Many forums will miss this kind of attack because no one notices the change.  So having these custom alerts is a big win.
Logged
JavaJones
Review 2.0 Designer
Charter Member
***
Posts: 2,537



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: June 21, 2011, 12:56:37 PM »

DC is fortunate to have a group of highly active mods. For smaller or less active sites, it's harder to be as quick to react to stuff that does get through. But having deal with this issue myself on 3 other SMF forums recently (due to a massive *increase* in spam starting a week or two ago), I can confirm much of the advice here and add some further specifics *if* you're running SMF.

First off I installed StopForumSpam and httpBL SMF mods. They helped, but surprisingly did not eliminate more than maybe 20% of spammer signups.

The thing that made the biggest impact so far is installing a completely different kind of CAPTCHA. As I understand it ReCaptcha is essentially compromised at this point, so it's not surprising that it doesn't fix the problem for you. I suspect almost any system will eventually be cracked, but switching to something non-standard at least makes you a much more difficult target and they may not bother. Once I installed notCAPTCHA mod, spam registration went down 90+%. Along with the other mods, StopForumSpam, httpBL, and a few of the other top antispam mods for SMF, my forums are doing ok now. I still have to deal with the occasional spam post, but even with only 1 or 2 mods it's not burdensome.

Obviously if you're not using SMF then you need to think more generally about this advice. For whatever forum system you have, look for more unusual CAPTCHAs, not ones based just on weird text warping and noise. Puzzle solving seems particularly difficult for bots, though mass human signups (Mechanical Turk?) it may not help.

- Oshyan
Logged

The New Adventures of Oshyan Greene - A life in pictures...
rgdot
Supporting Member
**
Posts: 1,663


View Profile WWW Give some DonationCredits to this forum member
« Reply #12 on: June 21, 2011, 03:17:51 PM »

I want to add something rather obvious to the third point made by mouser. In addition to forums I have set up and managed dozens of WordPress sites over the years. It is impossible that every spammer or bot creator doesn't know that akismet works with minimal effort out of the box  yet years into the blogs' existence there are sometimes 100s of spam messages posted and caught by akismet per day.
My point is they just don't think, that's how you should approach spam prevention.
Logged
mouser
First Author
Administrator
*****
Posts: 33,692



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #13 on: June 21, 2011, 03:32:18 PM »

I think the big-picture lessons about preventing spam are similar to good security advice, which is that there are TWO basic threats you have to contend with:

The first is the brain dead drive by automatic attacks by bots.  These will be performed by automated scripts that can and will find your site and use out-of-the-box attacks on you.  If your site is using a captcha that comes standard with your forum, there will eventually be exploits posted for that forum system, and they will get in.  So you need to use non-standard additions to block these.  When you do, you will basically 100% eliminate these attacks.  These attackers don't care about anyone who is doing anything non-standard, it's not worth their trouble.

But then the second is an attack by a determined and human opponent.  You *cannot* prevent these people from spamming your site, or whatever.  You just can't.  The best you can do is set up your OWN human defense to discover them quickly when they do and make remediating their spam/attack as quick and painless as you can.
« Last Edit: June 21, 2011, 04:04:31 PM by mouser » Logged
JavaJones
Review 2.0 Designer
Charter Member
***
Posts: 2,537



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #14 on: June 21, 2011, 03:36:30 PM »

Well summarized mouser, agreed 100%.

- Oshyan
Logged

The New Adventures of Oshyan Greene - A life in pictures...
app103
That scary taskbar girl
Global Moderator
*****
Posts: 5,326



see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #15 on: June 21, 2011, 10:09:10 PM »

But then the second is an attack by a determined and human opponent.  You *cannot* prevent these people from spamming your site, or whatever.  You just can't.  The best you can do is set up your OWN human defense to discover them quickly when they do and make remediating their spam/attack as quick and painless as you can.

And this is why I report all spammers on WOT. When I get an email alert about a first post in gmail, I can see the WOT reputation rings on the links and if they are red, it's a good sign that they have spammed us or someone else before. I know this without reading a single word of their post.
Logged

Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.045s | Server load: 0.16 ]