The New Sudoku Players' Forum

[David P Bird]

We are suffering from a new swarm of spammers registering on the forum and then swamping our threads with junk.

The best way I've found to identify them is to check their personal profile to see if they new or not and see how many posts they've made on their first days.

Then on the index page for each sub-forum I use the "mark all posts as read" option where only their posts appear as new. However this risks missing some earlier genuine post in a thread.

Is it possible for the forum software to automate such a spammer check or otherwise restrict the number of posts a new member can make in a day for some short probationary period as a damge limitation measure?

[JasonLion]

It is getting to be a major problem in the last few days, quite different from what went before. The simplest thing seems to be to force newly registered members to have their posts approved manually until we confirm they have something to say that is on topic. I'm going to go investigate that setting right now.

[enxio27]

Are these spambots or human spammers? You may already know all of this, but on a form I admin, we stopped the spambots cold with a phpBB mod that requires a security question (that requires human thought to answer and can't be looked up in Google) and an upgraded CAPCHA at forum registration. This is on a forum running phpBB2. (I don't have server access, so I can't upgrade to phpBB3, and the owner apparently isn't inclined to do so.) If you are running phpBB3, I believe it comes with the upgraded CAPCHA already, but there's a security question mod for phpBB3 as well. We went from 200+ spambots PER DAY to ZERO as soon as the forum owner installed that mod. We've had a handful of human spammers since then, but even they seem to have decided it's not worth their trouble, as the last one we had was almost a month ago.

You can also install another mod to configure the board to disallow entries in fields such as Website and Signature, so they can't inject their spam into those. Requiring email authentication (selectable in the Admin Control Panel) helped, as well, but I think you already do that.

On that forum, we made all of the forum sections invisible to guests, which removed most of the incentive for spammers. (I wish we could get rid of the googlebots, as well, but that's not my decision to make.) If you don't want to close the forum to registered users only, putting new members on moderated status (as you mentioned) is a good way to combat human spammers, although it's more work for you.

[JasonLion]

Nearly all of the forum spam these days is hybrid, ie people plus robots. One of the dramatically higher traffic forums I work on has installed all of the anti-spam measures available and still gets plenty of spam posts.

[enxio27]

Nearly all of the forum spam these days is hybrid, ie people plus robots.

How does that work, exactly? A human does it the first time, then provides parameters to the bot?

One of the dramatically higher traffic forums I work on has installed all of the anti-spam measures available and still gets plenty of spam posts.

UGGHHH!!! I wonder how they get by? What software is that forum running? Could it be there's a misconfiguration or even a security hole somewhere?

[JasonLion]

Spamming forums is a fairly large world wide industry. The forum spam software industry has been in an arms race with the larger forums operators for a couple of years. Each time we come up with a new way to block them, they figure out a way around it.

Last I heard they employ people running special spam software, who complete the registration form, and then the spam software takes over from there, posting messages as it pleases. The people are typically in third world countries and get paid some tiny amount for each registration they complete. Some of the better software packages use advanced AI techniques to locate other posters questions, and then ask slight variations on the same question, only to come back later and put links into their signature after the messages are approved. Others simply post dozens of posts filled with links, hoping their links will get indexed by Google before the posts are deleted, thus pushing up their search rating. Some of these systems can be blocked by blocking certain IP address ranges in third world countries, but others forward their requests through virus software running on hijacked computers all over the world, making IP blocking impractical.

We have been fairly fortunate here because our traffic level isn't all that high, so most of the more advanced groups tend to ignore us. Apparently, the current round is about appearing on as many different forums as possible, even if only for a couple of hours, so they are targeting the smaller forums along with the large ones.

[enxio27]

UGGHHH!! Thanks for the warning. I knew it was quite a large industry, but I didn't realize they had the capability to get past every defense a forum could put up.

I've been noticing about 20-25 new registrations per day on the forum I admin. 99% of them never post. I've been wondering whether they were mostly spammers just waiting in the wings. If I have to, I will close the forum to ALL new registrants. I can't install mods myself (no server access), and getting the forum owner to do so is like pulling eyeteeth. I'm not going to babysit people on that forum to make sure they're on the up-and-up when they register. Our users are from literally all over the world, so banning IP ranges doesn't really do any good.

When I became admin (after having been mod for several years), the first thing I did was clean out our user database. I'm hoping that made the forum less of a target. We had almost 25,000 registered users (almost all of them registered before email authentication was required), but only about 3500 had ever posted (forum was started in 2009). I instituted a policy of deleting non-posting registrants after 60 days. I also closed the forum to guests (including viewing/reading), began requiring email authentication, and convinced the forum owner to install the registration security mod.

[evert]

I also closed the forum to guests (including viewing/reading)

... which may discourage genuine readers to get familiar with the content and consider to subscribe.

[enxio27]

I also closed the forum to guests (including viewing/reading)

... which may discourage genuine readers to get familiar with the content and consider to subscribe.

On this particular forum, there is enough "word of mouth" that an open forum isn't needed.