topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 5:19 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: How to stop forum spam ?  (Read 11067 times)

ecaradec

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 410
    • View Profile
    • Blog & Projects
    • Read more about this member.
    • Donate to Member
How to stop forum spam ?
« on: June 21, 2011, 04:39 AM »
I run a forum at work and we are constantly spammed, I've put a recaptcha, but still got a lot of annoying messages. DC is almost free of any spam, I've never seen one actually, so I was wondering how you guys handle it ? If you can't publicly explain the measures, I'll be happy to learn about that in PM if you have special tricks. I promise to use this for goods.
Blog & Projects : Blog | Qatapult | SwiffOut | FScript

eleman

  • Spam Killer
  • Supporting Member
  • Joined in 2009
  • **
  • default avatar
  • Posts: 413
    • View Profile
    • Donate to Member
Re: How to stop forum spam ?
« Reply #1 on: June 21, 2011, 04:48 AM »
I don't know how they do that but spam messages get immediately deleted as far as I understand, but not before the notification system sends a notification about the new topic, if you have that board on the notification list.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: How to stop forum spam ?
« Reply #2 on: June 21, 2011, 05:31 AM »
I think it's just that it's so active here - I've ofen seen (& reported) spammy posts, even if I dont report they seem to get removed pretty quickly.

I thought this (ways of avoiding spam) was discussed here lately but could only find this about "StopForumSpam"
https://www.donation...ex.php?topic=26942.0

StopForumSpam works, and is a very useful service  :up:
Tom

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: How to stop forum spam ?
« Reply #3 on: June 21, 2011, 06:00 AM »
Forum member Wordzilla made a little tool awhile back that some of us moderators use to keep an eye on the forum. We see each and every post made within seconds and can quickly click the link to the profile from it and ban any spammers.

In the event that nobody running this app is at their computer and paying attention, the feed is posted by mouser's IRC bot into our IRC channel and anyone noticing any spam through there usually alerts a moderator by typing the word "spam" repeatedly till someone in the channel goes and deletes it.  ;D

Moderators also get email alerts when new members make a post, and we get alerts whenever anyone edits an existing post (some spammers will come back a month later and add their spammy links to what otherwise would have been an innocent looking post).

Mouser has also modified the forum slightly to make it less attractive to spammers, including nofollow links in posts made by new members, no signatures for new members, and no profile info visible on new members (we got tired of cleaning up profile spam on people that register just to make a profile of spammy links and never making any posts)

If you would like to see just how much post spam DC really gets, take a look at my commenting history on WOT, where reporting forum spammers has gained me gold member status: http://www.mywot.com...user/148822/comments


jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: How to stop forum spam ?
« Reply #4 on: June 21, 2011, 06:04 AM »
I help with deleting spam, but mostly on reported posts, and clearly not enough to contain the hordes of spam that charge against DC every day. I'd say it's mostly mouser (who never sleeps, BTW) that has a direct brain-to-server connection and scans every new post on DC. I (and the few other people who can delete posts) only delete those who escape his sight because his cat distracts him :P

[damn, app beat me to it with a better explanation :P ]

eleman

  • Spam Killer
  • Supporting Member
  • Joined in 2009
  • **
  • default avatar
  • Posts: 413
    • View Profile
    • Donate to Member
Re: How to stop forum spam ?
« Reply #5 on: June 21, 2011, 06:07 AM »
escape his sight because his cat distracts him :P

That must be one skillful cat to distract mouser even for a split second. Hurray for the cat then.

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: How to stop forum spam ?
« Reply #6 on: June 21, 2011, 06:14 AM »
escape his sight because his cat distracts him :P

That must be one skillful cat to distract mouser even for a split second. Hurray for the cat then.
Actually, now that I've seen app's WOT profile, I think my post should refer app and not mouser :P So, hurray for app's cat :P

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: How to stop forum spam ?
« Reply #7 on: June 21, 2011, 06:28 AM »
Actually, now that I've seen app's WOT profile, I think my post should refer app and not mouser :P So, hurray for app's cat :P

I report ALL spammers on WOT, not just the ones I ban, so it's not all my doing. I referred to that link only as a way of seeing what actually goes on behind the scenes here. Also, that list doesn't give you any idea how many of them are repeat offenders, since I can only report and rate them once.

I think you were correct when you credited mouser for the bulk of the spam removal. As a forum admin it's a little different when he bans a spammer and removes their posts...when he does it, it's gone forever to a land where nobody can see it, not even us moderators. When a moderator bans and deletes spam, other moderators can still see it in the deleted posts section.

ecaradec

  • Honorary Member
  • Joined in 2006
  • **
  • Posts: 410
    • View Profile
    • Blog & Projects
    • Read more about this member.
    • Donate to Member
Re: How to stop forum spam ?
« Reply #8 on: June 21, 2011, 06:48 AM »
Hey,

The thread is actually more enjoyable that I expected : There is so many people involved in making DC works, that it felt like magic, where actually real people are doing a lot of work in keeping it enjoyable.

Thank you all ;)
Blog & Projects : Blog | Qatapult | SwiffOut | FScript

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: How to stop forum spam ?
« Reply #9 on: June 21, 2011, 09:59 AM »
Only method that has worked for me is a question and answer to complete registration. Even easy question dropped spam big time.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: How to stop forum spam ?
« Reply #10 on: June 21, 2011, 12:40 PM »
My observations:

1. Last year i discovered that some automated bots have been successfully defeating the captcha on the smf forum system we use, and registering 50-100 fake users per day.  I put in place several handmade fixes to the registration page, including a few changes to the captcha to make it harder and use non-standard fonts, and swapping around some of the input fields.  The result being that the automated bots that think they know how to solve smf forum system captchas now fail.  I also save the failed captcha attempts to a db table so i can look at them, and it's quite interesting to watch the bots fail.  for those curious, they also tend to fill in missing fields with the name of a US military branch (air force, navy, army, marines) -- why, i don't know.  So hardening the captcha on the registration page and using some non-standard changes to the default used by your forum system so that you stop spam bots from signing up -- this is your first line of defense.

2. But stopping bots wont stop all spammers, some sign up manually.  For that, integrating a service like stopforumspam can be incredibly powerful in stopping spam.  whatever forum you use, find an addon that can query stopforumspam or something similar -- that's your second line of defense.

3. Then you can try to make your forum less appealing, by doing some of the thing's app describes that i did, making links nofollow so that they don't benefit spammers much.  Personally I don't think spammers pay enough attention to realize this, so it won't discourage them, just deny them the benefits after they do spam.

4. The fourth and final line of defense is the human factor.  Here's what i did for us -- i wrote a custom email notification thing that alerts us moderations whenever someone makes a "suspicious" post OR profile modification.  What qualifies as suspicious is if it's their first or second post, if they are a new member, if they have a url somewhere in what they are changing, etc.  The email includes a summary of the change they made, and a quick link to ban them.  This is our secret for how we keep the tricky spammers from ever surviving for more than a few minutes on our site.. This is what allows us to catch the really sneaky ones who do tricks like make a normal post, then wait a month and edit it to add spam links in their old post.  Many forums will miss this kind of attack because no one notices the change.  So having these custom alerts is a big win.

JavaJones

  • Review 2.0 Designer
  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,739
    • View Profile
    • Donate to Member
Re: How to stop forum spam ?
« Reply #11 on: June 21, 2011, 12:56 PM »
DC is fortunate to have a group of highly active mods. For smaller or less active sites, it's harder to be as quick to react to stuff that does get through. But having deal with this issue myself on 3 other SMF forums recently (due to a massive *increase* in spam starting a week or two ago), I can confirm much of the advice here and add some further specifics *if* you're running SMF.

First off I installed StopForumSpam and httpBL SMF mods. They helped, but surprisingly did not eliminate more than maybe 20% of spammer signups.

The thing that made the biggest impact so far is installing a completely different kind of CAPTCHA. As I understand it ReCaptcha is essentially compromised at this point, so it's not surprising that it doesn't fix the problem for you. I suspect almost any system will eventually be cracked, but switching to something non-standard at least makes you a much more difficult target and they may not bother. Once I installed notCAPTCHA mod, spam registration went down 90+%. Along with the other mods, StopForumSpam, httpBL, and a few of the other top antispam mods for SMF, my forums are doing ok now. I still have to deal with the occasional spam post, but even with only 1 or 2 mods it's not burdensome.

Obviously if you're not using SMF then you need to think more generally about this advice. For whatever forum system you have, look for more unusual CAPTCHAs, not ones based just on weird text warping and noise. Puzzle solving seems particularly difficult for bots, though mass human signups (Mechanical Turk?) it may not help.

- Oshyan

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: How to stop forum spam ?
« Reply #12 on: June 21, 2011, 03:17 PM »
I want to add something rather obvious to the third point made by mouser. In addition to forums I have set up and managed dozens of WordPress sites over the years. It is impossible that every spammer or bot creator doesn't know that akismet works with minimal effort out of the box  yet years into the blogs' existence there are sometimes 100s of spam messages posted and caught by akismet per day.
My point is they just don't think, that's how you should approach spam prevention.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,896
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: How to stop forum spam ?
« Reply #13 on: June 21, 2011, 03:32 PM »
I think the big-picture lessons about preventing spam are similar to good security advice, which is that there are TWO basic threats you have to contend with:

The first is the brain dead drive by automatic attacks by bots.  These will be performed by automated scripts that can and will find your site and use out-of-the-box attacks on you.  If your site is using a captcha that comes standard with your forum, there will eventually be exploits posted for that forum system, and they will get in.  So you need to use non-standard additions to block these.  When you do, you will basically 100% eliminate these attacks.  These attackers don't care about anyone who is doing anything non-standard, it's not worth their trouble.

But then the second is an attack by a determined and human opponent.  You *cannot* prevent these people from spamming your site, or whatever.  You just can't.  The best you can do is set up your OWN human defense to discover them quickly when they do and make remediating their spam/attack as quick and painless as you can.
« Last Edit: June 21, 2011, 04:04 PM by mouser »

JavaJones

  • Review 2.0 Designer
  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 2,739
    • View Profile
    • Donate to Member
Re: How to stop forum spam ?
« Reply #14 on: June 21, 2011, 03:36 PM »
Well summarized mouser, agreed 100%.

- Oshyan

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: How to stop forum spam ?
« Reply #15 on: June 21, 2011, 10:09 PM »
But then the second is an attack by a determined and human opponent.  You *cannot* prevent these people from spamming your site, or whatever.  You just can't.  The best you can do is set up your OWN human defense to discover them quickly when they do and make remediating their spam/attack as quick and painless as you can.

And this is why I report all spammers on WOT. When I get an email alert about a first post in gmail, I can see the WOT reputation rings on the links and if they are red, it's a good sign that they have spammed us or someone else before. I know this without reading a single word of their post.