How do you fight a forum spammer?

kgun · #1 (**permalink**) 03-28-2006, 07:51 AM

My forum, ForumNorway has been subject to severe spam recently. I have posted a sticky on the IP addresses above the posts. Since IT-security is an important subject for that forum, I will let the posts be there for some time, even if the spammer gets inbound links. I have som questions to you:

1. What would you have done, since it seems to be an international liga, it is not easy to fight?

2. How long would you let the posts stay on the forum?

3. It is done by (a) guest(s) and not (a) registered user(s). Would you let this guest influence my forum rules and block guests from posting?

4. Any other advice is welcome.

cyanide · #2 (**permalink**) 03-28-2006, 09:45 AM

Quote:

Originally Posted by kgun

3. It is done by (a) guest(s) and not (a) registered user(s). Would you let this guest influence my forum rules and block guests from posting?

Yes, this is your problem.
You shouldn't allow Guests to post on your forum.
You are just making it easier for spammers and bots

You should look for a hack that makes the user enter in a random numeric code when registering also.

Make sure you have the latest release of phpbb

Easywebdev · #3 (**permalink**) 03-28-2006, 12:20 PM

Hi Kgun.
I looked at the ip's you posted and I doubt it is more than one spammer using a network of compromised machines to do automatic posting.

How do you fight it? you already know the answer. Disable guest posting. Allowing guests to post in a forum is asking for spam.

The latest version of phpbb has an image verification routine in the registration process that will stop automated registrations.

Once your spammer realises he has to register an account to post and you then delete that account for spamming he/she will move onto easier pickings.

Another upside in requiring users to register (with the image verification turned on) is it renders their network of bot machines useless. They have to use a browser to register so automated scripts on infected machines are defunct.

kgun · #4 (**permalink**) 03-28-2006, 03:11 PM

Thanks for good advice so long. I let the posts stand on the forum for a while.

Another question.

Would you report him (them) or is it my responsibility since I did not block guests from posting?

I am quite new to phpBB.

kgun · #5 (**permalink**) 03-28-2006, 04:14 PM

He (they) continue(s).

An additional question:

In the rules for the forum I say that Norwegian law is used in case of conflicts. Is that allowed on an international forum?

Easywebdev · #6 (**permalink**) 03-28-2006, 04:53 PM

I have no idea about the legalities of running a forum. You really would need to ask a lawyer about that, if the forum is hosted in the US, the administrator is in Norway, what sort of disclaimers are in place for posting rules etc, very murky.

As for reporting them, well I find its a waste of time. Very few ISP's will actually do anything about it. If it is coming from a single domain you could try contact the domains host and informing them and ask them to take down the site. Nine times out of ten spammers are using infected boxes and the owners of the machine have no idea what is going on. All you would really be doing is a favour to the machine owner in allerting them of the infection.

Update phpbb to the latest version, enable visual confirmation and disallow guest posting, spam should slow down but keep an eye on the forum and if they register then delete their account.

kgun · #7 (**permalink**) 03-28-2006, 05:15 PM

Excellent answer.

kgun · #8 (**permalink**) 03-31-2006, 10:41 AM

I let the person still post on my forum as a guest. I use very few resources on the forum now and let him continue in order to identify new IP addresses.

Do you think he will benefit more from inbound links than from the negative message about a forum spammer and the publicity of his IP addresses?

To you who know phpBB?

I know of the following options to delete the posts when that time comes.

1. In stalling a backup from the time it started, since there has been no activity on the forum since then.

2. Deleting one and one post (may take about an hour or two).

Is there a way to delete all the posts by the guest simultaneously without installing the backup?

minorgod · #9 (**permalink**) 04-13-2006, 07:01 PM

I had the same problem as you. I didn't want to disable guest posts because we are still trying to get users to actually use our forum instead of emailing us all their questions, but that's another story. Anyway, I installed the "Post Control" mod for PHPbb and now ALL posts must be approved by me before they show up on the server. Problem solved. I get a notification each time a new post is added and the spammers don't stand a chance! Here's a link to the Mod:

www.phpbb.com/phpBB/viewtopic.php?t=360253&highlight=

And here's a link to a little improvement I made on the mod:

www.phpbb.com/phpBB/viewtopic.php?t=380764&highlight=

It took me about 1.5 hours to apply this mod. It's more tedious than difficult.

Good luck!

kgun · #10 (**permalink**) 04-16-2006, 06:52 PM

Thank you very much.

I relax on this subject. The spammers shall not stress me. I delete all the posts and block them (him / her) for posting when

1. I have free time.
2. I have registered all relevant information.

I have a category uncleared list with 28 subcategories. All their (his / her) sites are put in a subcategory "ForumNorway spammer".

Be sure, none of their (his / her) sites will get a link in my various linkcollections.

Hint: If you put the URLS in an Access database with field type "hyperlinks" you have an effective tool.

Example: Look at the pagerank of 'vividseats' AT 'com'

Look at the Google pagerank (6). I can tell you a story about that site (under the assumption that it was not a competitor hacker) that is one of the worst spam / scam I have met on the internet.