Dealing with Forum Spam


Over the years we'd been lucky with very few SPAM messages. Lately we been on sombodies list with hundreds of accounts created for the purpose of SPAMMING our forums.
To fight back, I switched our registration to Admin Approved, not ideal but you do what you have to do. CAPTCHA is on of course. I went through the Banned permission set and set it to display nothing. I set the custom error message for the permission set when they try to view a forum to read.

"Thank you for submitting your user and network details. We've added them to our database of SPAMMERS that we share with our family of Forums"

Every account that is created then has the account credentials checked to see if they've ever been used by a SPAMMER. If it has they get added to the Banned user group and I switch them to the skin created just for them.

Questions for everyone,

Have you had problems with SPAMMERS?

What efforts do you take to deal with SPAMMERS?
InstantForum Question

Hi Eddy.

Thanks for sharing your tips. Unfortunitly spam can be an issue if you have a popular community or they just decide to target you. We do have features bujilt in at the moment to help prevent spam (moderation thresholds, banning IPs) but these are very much a manual process. You can expect to see going forward more automated ways to filter out those pesky spammers and more targeted tools within the Admin CP to allow you to have additional validation steps for new accounts from specific geographical locations. We have a number of ideas how to tackle this and you will see this improving in our 2014 release. I've recently been looking at the StopForumSpam API to at least provide this as an option you cfan enable.

Rest assured Eddy we'll have some annoucements to share here once we feel we've got this right.

http://www.instantasp.co.uk/images/line.gif
Kindest Regards,

Ryan Healey



ryan@instantasp.co.uk
www.instantasp.co.uk
Blog | Community | Docs

http://www.instantasp.co.uk/core/assets/images/email/facebook.png http://www.instantasp.co.uk/core/assets/images/email/twitter.png http://www.instantasp.co.uk/core/assets/images/email/google.png http://www.instantasp.co.uk/core/assets/images/email/linkedin.png

I've found several sources to validate users and weed out SPAMMERS and Stop Forum Spam is one of my favorites

Eddy Lucast (4/28/2014)
I've found several sources to validate users and weed out SPAMMERS and Stop Forum Spam is one of my favorites

Yes, StopForumSpam.com is definitely one of the best ways to keep spammers away from a forum.

Scotty


Ryan Healey (4/10/2014)

We have a number of ideas how to tackle this and you will see this improving in our 2014 release. I've recently been looking at the StopForumSpam API to at least provide this as an option you cfan enable.

Rest assured Eddy we'll have some annoucements to share here once we feel we've got this right.

While using systems like the StopForumSpam are helpful they only stop larger spam sources. I would like to see more options for a captcha system for admins to choose from, I personally really like the reCaptcha system that google runs. From talking with some people it seems to do a good job of weeding out bots. I think a combination of a more robust captcha system and ban lists like the StopForumSpam would go a long way in preventing spam.

@Eddy,
 On my little known forum I see a lot of traffic from spammers (I think it is my URL that gets them). What I have done is turned on the captcha system and also email verification. I have never had a spammer verify an email and usally once or twice a month I will go into the list of users waiting verification and just do a bulk delete of anything older then a week just to clean up the list and the DB a bit.


I'm not a fan of captcha systems. There's just too many of them that no longer work. Confirmation emails are a good idea, they'll weed out the bots but not the user sitting behind a keyboard.. Of all those who have successfully made it to our forums to post spam, all replied to confirmation emails. We've also had a problem with the names used when creating accounts being suggestive and NOT something you'd want displayed in your activity panel. We also decided we didn't want dozens of banned user accounts showing up in the list. Our solution for this has been to change passwords so they can't log in.

If you want SPAMMERS to get a different page than a normal user take a good look at the permission set options for your banned user group.


Eddy Lucast (5/6/2014)
I'm not a fan of captcha systems. There's just too many of them that no longer work. Confirmation emails are a good idea, they'll weed out the bots but not the user sitting behind a keyboard.. Of all those who have successfully made it to our forums to post spam, all replied to confirmation emails. We've also had a problem with the names used when creating accounts being suggestive and NOT something you'd want displayed in your activity panel. We also decided we didn't want dozens of banned user accounts showing up in the list. Our solution for this has been to change passwords so they can't log in.

If you want SPAMMERS to get a different page than a normal user take a good look at the permission set options for your banned user group.

Nothing will ever completely stop the spammer sitting behind a keyboard. If the spammer is sitting behind a keyboard they can easily make fake emails accounts to confirm from, they will be able to proved the right answers to captcha/math problems/etc., and will be able to bypass IP blocks via proxies and IP spoofing. If you give me any system of protection against real person spamming I can give you at least half a dozen ways to bypass it.

Captcha systems are designed to help stop bots and, in general, they do a good job at them but like any system as bots grow the system needs to grow with them. Adding a confirmation email requirement on top of captcha systems adds another layer of protection as most bots don't confirm emails.

I make the suggestion of the reCaptcha system as it is an ever growing system. The current captcha system is old and give the users no control over distortion and static (the higher the level of both the harder it is for bots), what ever captcha system is used in 2013-3 I would really like to see it based off an adaptive system with user control on distortion and static.

I have just started administration on a forum that is in bad shape, they are continuously being spammed and there is very little being done to block it. Today I have enabled capture in the sign up process and minimum of 3 posts with administrator approval to try and reduce the amount. Obviously this is not ideal as we now have to authenticate every post which is pretty much a full time job.

I have created a new user permission set only allowing new users very basic functionality on the forum to try and block it. Can anyone tell me if there is a way of automating permissions sets to move from one set of permissions to another once a user has made a set number or posts or by approval rating? Currently it is manual process which is not ideal as it requires constant attention.

If anyone can suggest any other methods of blocking spammers it would be greatly appreciated. I have looked at StopForumSpam.net but I'm certainly no web admin and I'm not quite sure how this is integrated into the forum, its all a bit of a steep learning curve.

I have volunteered my help to the forum until they have fixed the issues and got some decent moderators that can pay closer attention to it. Please be as descriptive as possible as I am still getting to grips with the Admin_CP and how the forums work.

The forum is running version InstantForum.NET v4.1.4 © 2014. I'm not sure how old this version is, if anyone could point me in the right direction that would be grand.

Hi noodlemctwoodle,

I hope your very well. The quick answer is to make all of your forums moderated (Select the Moderate All New Posts & Replies from within the Edit Forum page within the Admin CP). Once you've made your forums moderated next I would suggest setting the "Skip moderation if user post count meets" option within whichever permission set you allow users to post from. I would set this option to 2.

This will require you or a forum moderator approve the first 2 posts from users within the permission set. Once you've approved the first 2 posts it's safe to assume the user is geninue and to safe you further work in the future further posts will be automatically approved on the users post count meets the "Skip moderation if user post count meets" value

The "Skip moderation if user post count meets" setting will not take effect if you've selected 'Yes' to either Always or Never moderate posts within the same permission set. 

Whilst this works well most of the time we are certainly aware of  further improvements we can make to help combat spam. This is the primary focus for our forthcoming InstantForum 2014 update - we'll be sharing more news soon. If the problem continues or I can assist fruther please don't hesitate to respond,

http://www.instantasp.co.uk/images/line.gif
Kindest Regards,

Ryan Healey



ryan@instantasp.co.uk
www.instantasp.co.uk
Blog | Community | Docs

http://www.instantasp.co.uk/core/assets/images/email/facebook.png http://www.instantasp.co.uk/core/assets/images/email/twitter.png http://www.instantasp.co.uk/core/assets/images/email/google.png http://www.instantasp.co.uk/core/assets/images/email/linkedin.png

Hi All,

I just wanted to confirm we are making progress with the automated SPAM protection. This is a top priority for us so please expect further news soon.

You can read a little more here...

https://blog.instantasp.co.uk/InstantForumNET/The-improvements-coming-in-InstantForum-2014
https://community.instantasp.co.uk/18520/A-quick-InstantForum-2014-Update

UPDATE: StopForumSpam.com integration was introduced several releases back to help automatically combat SPAM so this topic will now be closed. Of course if we can assist further we'd love to hear from you. Don't hesitate to start a new conversation here within our community.

http://www.instantasp.co.uk/images/line.gif
Kindest Regards,

Ryan Healey



ryan@instantasp.co.uk
www.instantasp.co.uk
Blog | Community | Docs

http://www.instantasp.co.uk/core/assets/images/email/facebook.png http://www.instantasp.co.uk/core/assets/images/email/twitter.png http://www.instantasp.co.uk/core/assets/images/email/google.png http://www.instantasp.co.uk/core/assets/images/email/linkedin.png
GO

Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....







InstantASP Forums


Search