Question about dealing with forum spam

riverbirch · #1 (**permalink**) 03-15-2007, 08:37 AM

Hi,

I created a forum for my site using YaBB. Its fairly new and doesn't have any posts yet other than SPAM (porn, viagra, etc...). I check as often as I can and delete those posts. If a search engine picks up those spam links before I can delete them could my site be penalized? Also, Any oponions on the best forum software?

Thanks in advance,
T
www.gardenlistings.com

kgun · #2 (**permalink**) 03-15-2007, 11:12 AM

I use phpBB on my forum and starfoxtj with the ability to delete multiple users and all their posts with a single mouseclick.

Some points:

Require image code and email verification. That blocks 90 % of the spamBots.
Block IP's (in severe cases IP ranges using .htaccess).
The phpBB Admin toolkit if you switch to that forum software has other filters to block spammers, bad words, emails etc.
Use DNSstuff if you are unsure whether a member is a spammer. IP lookup on country different from registered country is one example. Delete members with, redirections, broken links and pop ups in their sigs and write about it in your TOS.
You can copy (part of my) .htaccess here.

riverbirch · #3 (**permalink**) 03-15-2007, 06:49 PM

Thanks for the useful information.

kgun · #4 (**permalink**) 03-16-2007, 02:45 PM

If you switch to phpBB, remember this:

You fintune the forum in the Administration panel.
Forum Admin + Permissions are very important. There, look up the forum in Advanced mode, and only let registered users be able to post and comment posts.
Do not have too many subforums at the start. Extend later. It is done in a few minutes to add a new forum with subcategories.
User admin is also very important. There you can (un)ban user names, host names, IP addresses etc, disallow names set permissions etc.

kgun · #5 (**permalink**) 03-17-2007, 10:59 AM

Starfoxtj is excellent.

You can sort users on different criteria, descending on data joined, gives you an easy way to check the latest members that have joined.
Only joining (with a fake or a valid email address) without activating the account, a visiting date registered in Starfoxtj is another nearly 100 % secure sign of a spammer. I check their names and delete them all after a while with a single click with the mouse. It takes me seconds, together it takes them minutes / hours.
Only joining, confirming the signup with the email link and only visiting the date of joing is another indication that this is a spammer. I think that is a spemmer in 99 % of the cases. I check them with tools menitioned above and delete them after a while.
Be sure that you install the latest version of Starfoxtj. It has a lot of other options, among them checking for spam posts on all the forums with a single click with the mouse. Green on all forums indicates no problem.
Googling a member is another way to detect a spammer. I googled a member, and at once I saw from the hits (first on my forum) that (s)he was a spammer.
I have about 65 members. Without these and other measures, I would have had more than 1000 members. Note, I block IP's in .htaccess, since that is on a lower level. I don't block IP's in the Admin tools.

kgun · #6 (**permalink**) 03-20-2007, 01:39 PM

Today I changed my forum rules. I think MSN Bot liked the new rules, since there were three of them at once on different IP's.

Look at these rules. They are written to ease spamfighting and similar.

Now it is really simple even if thousand spammers should sign up at once.

Step 1: Spam posters (by registered members).

These are the most serious members. Open your .htaccess file in notepad and copy this line

deny from

as many times as there are forum spammers. Then look up the post and paste in the IP(ranges) that is there for you as admin. You find various details of IP ranges connected with an IP in the CIDR/Netmask field at DnStuff. IP ranges are used if you get returning spammers from the same range. When finished upload .htaccess. In forum permission, don't let unregistered members be allowed to post. That will block the spam bots from posting.

Step 2: Delete what you define as unserious members

Log into StarFoxtj. Sort descending on time joined. Check all identified as spammers in step 1 and members without visit status (that is those that have not confirmed the email sent to them - you can wait some days depending on what you write in the forum rules). Then scroll down, write delete and check the box "Clear Posts." Then click delete and all of these members are deleted and their posts deleted indicated with the KW DELETED on the forum. You clean up / delete the posts with status DELETED, when you have time (once a day, week or month).

Step 3: Check the profiles (especially links) of the remaining new members that has joined (Visit status in Starfoxtj)

Delete those members that have names, sigs and home page that do not apply to your written forum rules. Since it is obvious that they are spammers or have not read the forum rules, they are deleted. They are deleted until they sign up according to the forum rules. There may also be a small percent of serious members in this category, so do not think of looking up their Ip and block it.

Step 4: Optional

The above three steps should have eliminated most (all?) spammers and trouble makers. If there are some advanced or returning spammers without posts, you must identify their IP in the forum log to block their IP(range).

Note: It is much faster to block IP(ranges) in .htaccess than in the phpBB admin toolkit. After some time you can remove the block, especially for IP'ranges, only by commenting it out by inserting # in front of deny from. It is also much faster to delete multiple members in Starfoxtj than in the Admin toolkit.

Conclusion:
By using the above steps, you have reduced the work with forum spam considerably. The only category you need to delete daily are those with spam posts. The other categories can be deleted once a week or month.

Shane · #7 (**permalink**) 04-05-2007, 08:43 PM

There are a few other techniques worth mentioning in the fight to stop the spam.

It was mentioned once but is worth mentioning again: force your users to activate their account via email. Most spammers don't want to be the target of spam and will use made up email accounts to avoid it. This will stop a large percentage of the would be spammers.

Another proven method that I have currently employed for a client working on a global care circle community is to remove the ability to enter any information during registration outside of the username and password. I have found the website url field is the most effective as most of the bots are also looking for that back link to their warez.

The next step requires some web programming knowledge (I've seen a phpbb mod published to explain this step by step). Basically when the registration form is submitted, you check to see if any of those fields you removed have been filled in. If they have this is obviously an attempt to register a spam bot, no human user has the option to pass along their url information. If a removed field has information being passed we abort the registration process effectively stopping the bot from registering.

I even have the program send me an email when it catches these bots with their details so I can then ban their IP address in the Admin section of phpbb.

While it doesn't stop all the spam as their are still plenty of non automated spammers out there, it has reduced their spam issues by over 80%.

Truth be told, there will still always be some level of human moderation that needs to take place on a regular basis in your forums. There will always be humans looking to spam their own agendas where ever they can.

~Shane

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode