How to fight forum spamming

[brian]

Forum spam isn't simply a problem for forum admins - it's a rapidly expanding industry for spammers, and scammers.

Forum spamming can be done by human users - often cheap labour from developing countries - but more worrying has been the big increase in automated scripts abusing forums.

This article will deal with common ways to fight, block, and overall, conquer forum spam

Types of forum spam

Forum spam can come in many different shapes and forums. The most common include:

1. Advertising by new members

This can be a very grey area, but ultimately these members seek only to take from a community and give nothing back. The aim is to simply treat the forum as a free advertising board.

This can either be as direct marketing to existing members, or simply to drop links on the forums for Search Engine Optimization (SEO) purposes.

Sometimes you won't even notice it - some forum spammers hide their promotional links in the punctuation marks, and others can link directly to an invisible gif from their website, which still helps funnel link juice to it.

2. Fake member registrations

These are very common and are motivated by the ability to include links to a website from the member profile. This again is for SEO purposes, as links form a significant part of search engine ranking algorithms.


Methods for combating forum spam

Now we'll detail some of the key methods for combating forum spam.

NOTE: These should be applicable to most forum software platforms. However, we'll especially focus on optimising vbulletin as it's the more secure and serious forum platform.


1. Human Validation

While humans make up a significant propertion of forum spammers, there is a vast traffic in automated bot traffic - forum spamming scripts - for forum spamming.

To beat this you need to apply a system to validate humans and stop the bots.

There are a couple of options here:

a. CAPTCHA

Ensure you have a CAPTCHA on your registration form - in other words, a random string of letters and/or numbers that must be typed in to complete the registrations.

This is the first step in blocking forum spam.

Pros: This stops most simple bots from registering, and is a great first block on common forum spamming methods.

Cons: It won't stop human forum spammers.

Also, there are forum spamming scripts out there that have been configured to beat them. How? The numbers and letter in CAPTCHAs often have unique file sizes, so a script with this information coded in can beat them.

Another con is an accessibility one - the visually impaired may especially have problems with CAPTCHAs. And let's be frank - sometimes they can be difficult for ordinary surfers as well.

b. Custom human validation

Generic CAPTCHAs supplied with software such as vbulletin is known to have been cracked.

The flaw in CAPTCHAs is that the alphanumerical characters in CAPTCHA's often have very slightly different file sizes - something a well-planned script can exploit.

As scripts usually work by the law of averages, they're not interested in any single forum - just hitting many, and fast.

The best way to protect your forum in this instance is to apply a custom human validation script.

Luckily, the modders at vbulletin org already have a plugin prepared: NoSpam! - an alternative to CAPTCHA images.

This script allows you to set up a custom question of your choice - defeating the game of numbers forum spamming scripts work on.

Pros: Highly effective solution against automated registrations from forum spamming scripts,

Cons: Will not stop human spammers.


2. Email verification

First of all, NEVER allow guest posting to your forum. It's an open invitation to spam because there are no safeguards in play to stop automated scripts.

Secondly, don't allow members to post as soon as they've sent their registrations details.

Instead, use email verification to ensure that members can't post on the forum unless they use a real email address.

The reason for this is that a large number of bots use random email addresses. Cashette bots are a good example of this. This aims to stop them..

Pros: If a bot can't verify the email address they register with, they can't post to the forums.

Cons: It still isn't a deterrent against memberlist spamming for link purposes, and won't stop human forum spammers.

Also, ISP's such as AOL are infamous for blocking email verification emails. So ensure you have a clear point of contact on the forums for members who find their email verification going astray.


3. Prevent new member links

An excellent plugin for vbulletin prevent new members from posting links according to a specific parameter, usually post count.

In other words, if you set the parameter on the plugin to "20 posts", it means that new members cannot post a link until they've made 20 posts.

You can find the plugins here:
Forbid Users from Posting Links or Images if They Have Fewer than 15 Posts (NOTE: Only for vbulletin 3.5+)
Prevent Users With Low Post Counts Posting/PM'ing URLS (NOTE: Only for vbulletin 3.0.x)

Pros: This is an excellent way to prevent new member registrations simply to post link advertising on your forums.

Cons: It can be annoying to genuine new members linking to genuine third-party websites.

Additionally, some forum spammers add the URL without the http://, hoping they can get traffic from members pasting in the URL.

Worse still, some forum spammers will make "me too" posts in order to reach the required link count, then drop their ads. Combat this by ensuring a long delay between posts (ie, vbulletin Admin > vbulletin Options > Message Posting and Editing Options > Minimum Time Between Posts > 60) to make it least worth their while to do so.

3a. Moderate posts by keyword

A more recent and excellent anti-spam plugin for vbulletin:
Prevent Spam Posts - vBulletin.org Forum

This allows you to set common spam keywords. Where a new member makes a post containing any of these potential spam keywords, the posts are sent to a moderation queue, rather than posted to the public forums.

TIP: Add the following as keywords, commonly used in Nokia/iPod spam (Mobile phone/ringtone/xbox/ipod spam info): @yahoo @gmail @hotmail


4. Limit post edit time

Some of the more sneaky forum spammers will appear to post entirely normally.

Then, when the threads they posted in are no longer active, they return and then insert their links.

Prevent this by setting a time limit on the post editing function.

In vbulletin, this can be found here:

vbulletin Admin > vbulletin Options > Message Posting and Editing Options > Time Limit on Editing of Posts

Pros: Prevents backwards editing of posts by forum spammers.

Cons: If you make the editing interval too short, you can annoy welcome forum members looking to tidy up their typos. So try and make the time limit reasonable - ie, 30 mins.


5. Usergroup permissions

A few years back, forum signatures were really worth something for SEO purposes. They were extensively devalued in the fall of 2004.

However, for those looking for simple and easy links, forum signatures are easy tempation. So you end up with members joining and posting, and thinking only on the signature link benefits they may gain.

There are a few different options for dealing with this:

i) Disallow signatures entirely

To do this, go to:

vbulletin Admin > vbulletin Options > User Profile Options > Allow Signatures > No

Pros: Addresses the issue instantly
Cons: Some users are more active because they see signature links as getting something back - you could lose these people.

ii) Allow signatures only conditionally

There are a couple of different ways to allow signatures conditionally:

a) Method 1

Install the vBSEO Conditional Signatures - Search Engine Optimization Plugin.

This will only display a signature when a member posts more than a set number of characters.

In other words, those who contribute most to discussions get their signatures with their posts. Thos who don't - don't.

Pros: Kills "me too!" posts for links.

Cons: Members may feel confused about what qualifies them to have a signature, creating a poorer user-experience.


b) Method 2

Use the powerful vbulletin member groups and permissions system to create two member groups - one for brand new members, and one for established members. Disallow signatures on brand new members.

NOTE: Membergroups and permissions are a very powerful but intimating aspect of vbulletin, so here's how you do it:

Create a usergroup for brand new users who can't use signatures:

- vbulletin admin > Usergroups > Add New Usergroups
- set permissions as "Registered Member", but ensure "Allow signatures" is disabled.
- save

TIP: For the new member usergroup, disallow user of PM's. This will stop PM spamming by new members.

Create a usergroup for established users who can use signatures:

- vbulletin admin > Usergroups > Add New Usergroups
- set permissions as "Registered Member", but ensure "Allow signatures" is enabled.
- save

Now set up a Promotion - we'll assume 15 posts required to have a signature link:

- vbulletin admin > Usergroups > Promotions
- Add New Promotion
- select user group as the first custom usergroup you set up
- Reputation Level: 0; Days Registered: 0*; Posts: 15
- Promotion Strategy: Posts
- Promotion Type: Primary Usergroup
- Move User to Usergroup: (select the second usergroup you created)

*Add a value here to require a post count AND a number of days registered before allowing signatures. WARNING: Can be very annoying for new members with a time limited involved as well.

That may seem like a lot of work, but it's a more controllable and powerful method of limiting what newer members can do.

Pros: An effective way to reward active members with active signatures (with or without links), while preventing forum posting simply for signatures.

Also, can prevent advertising abuse of the PM system - such as by Nigerian scammers - by disallowing them access to the PM system.

Cons: Can again be annoying to new members if they expect to see signatures. Expect to have to answer member queries explaining why you've limited signatures, and how to enable them.


6. Conditionals to combat memberlist spamming

A number of scripts sign up to forums simply to place an active link in the member profile field. This is memberlist spamming (Memberlist Spamming).

Again, there are a couple of different ways to address this:

i) Remove Home PageLink from the Member Profile

To do this:

vbulletin admin > Style Manager > Style Manager > Expand Templates (click the << >> button) > Member Info Templates > MEMBERINFO

Delate the following section:

<blockquote>
<if condition="$show['homepage']">
</blockquote>

Pros: Removing this removes all benefits sought by memberlist spammers
Cons: It punishes regular members by not allowing them to link to their own website/blog, etc.


ii.) Block search engines from reading member profiles

This is a simpler method that allows human users to view member profiles - but blocks the search engines from seeing them.

To do this, create a file named "robots.txt" in your forum root folder, then add the following:

<blockquote>
User-agent: *
Disallow: /memberlist.php
</blockquote>

Pros: This completely invalidates attempts at memberlist spamming

Cons: It doesn't actually stop it


7. Block common offenders

Some forums spammers - whether advertising in the main forums, or memberlist spamming - use the same email addresses and IP.

You can keep track of commonly observed ones at Security Watch's Forum Spamming alerts, which provides details on email addresses and IP's being used in major forum spamming campaigns.


8. Censor common offenders

Sometimes you'll find certain forum spam campaigns involve multiple users promoting the same website.

Accoona and SubmitYourArticlesNow are particularly good examples of aggressive forum spamming campaigns using multiple new registered users to advertise/link drop a service.

Simply add common offending domains to the list of censored words on your forum:

vbulletin admin > vbulletin Options > Censorship Options > Censored Words

then add the domains in question to the box.

Additionally, there is an increasing amount of forum spam coming from electronics scams.

This involve a new member posting offers (often across multiple boards) for electronic goods - commonly mobile phones or XBoxs - far cheaper than normal retailers.

Free email addresses are usually offered as a contact point.

The point being, hand over money and you'll never see the goods.

In which case, it's worth considering censoring the following email domains commonly used by these email scammers:

@hotmail
@yahoo
@gmail


9. Human moderators

Ultimately, whatever options above you implement, you will always face some degree of forum spamming in your forum.

While the options above can help prevent, block, or invalidate attempts to forum spam your boards, there's no better substitute than active moderators on your forums.

The fact that you have trusted people on your forums regularly means that forum spam posted to the public boards can be quickly and easily dealt with.

Of course, building a good moderator team isn't always easy, but a number of tips and recommendations were posted on Platinax: Choosing Forum Moderators.

[SageMother]

I had never heard about the plug ins you have mentioned until reading about them here. I will have to suggest them to a few friends!

[vicki2]

Is there a way to put the limit of posts at like 5 before a person can put in a link or is that set at 15 with vbulletin???

[Mike Weber]

Over on one of the sites that I Admin we've got the limit set to 10 posts before a newbie is allowed to post links or pics to the site. A live spammer posting manually could get around this simply by posting a bunch of "smiley's" and "Me Too! posts" However most of the spam attempts we have been seeing are the result of "spam bots" Automated software programs that register and automatically create a spam thread once their membership and posting privileges are approved. We run dual Bot traps to catch the bots long before their registrations can be approved. Our first Spambot trap is a visual "CAPTCHA". Some bots are able to get around these so our second trap is a "Test Question" that requires a newbie registering to fill out the "questionbox" manually. So far this has been working for four months now and we haven't had a single spammer who has been able to become approved and post on our board since we instituted these measures.

[Spiderden]

Quote:

Originally Posted by vicki2

Is there a way to put the limit of posts at like 5 before a person can put in a link or is that set at 15 with vbulletin???

You can set this number to anything you like. You also have the option to set the minimum number of days that a member has been registered for before he/she can access certain features of a VB forum. I've found that 10 posts and 7 days tends to deter most undesirables.

[freshthinking]

Yes forum spammers, the ones that just come to the site and register to leave links in ther sigs are the worst!!

[aarathi]

Thanks for these informations. I never heard about this.

[Joeychgo]

Great article. I reposted the blog post on vBulletin FAQ

[tadalis]

Buying cialis. seek tadalafil. Where can I get cialis order tadalafil online without prescrption?