I generally check this forum in the mornings while I am having coffee. I always hit the "view new posts" link.

Lately, 90%+ of the new posts are spam. Most of them obvious enough that I don't even bother clicking on the link. but it is getting to the point that I don't even bother checking everyday. Anyone have any ideas how to better combat the spam.

My understanding is that new users need to be "approved" before they can post anything, although it seems maybe this process has been automated or just "rubber stamped," as a lot of the new user IDs are clearly spammers. Does anyone actually think that reebok8897 has helpful personal finance insight to offer?

I think it would really help if users had to wait a certain period, or have a set number of posts under their belt, before being allowed to post URLs, but I don't know if the forum software supports such constraints.

More admins.

(Reaching minimum number of characters per post.)

So, there are numerous types of attacks through several vectors.

A bot with automated scripts to masquerade as an user is one form, but it's one of the more primitive ones now. Captchas generally do a good job of keeping those out, but it's also the most popular form that most people tend to think of.

A more direct approach is to exploit the database directly, bypassing any and all custom PHP verification process. It isn't as easy as it may sound at first, because it requires finding and exploiting unpatched SQL vulnerabilities. However, once it's found and bots are coded for that exploit, the rest is easy as pie.

The simplest way to counteract this is simply through blanket IP bans. We're talking number.number.*.*. Maybe even number.*.*.* for certain cases, such as China or Russia. The only downside is that you also block out any and all legitimate requests from those networks, and admins tend to be hesitant about such a move BUT if are getting massive amounts of Chinese spams, and if you don't have too many legitimate Chinese accounts in the first place (which typically is the case for US forums), then I say it's a worthwhile tradeoff. But that's something a mod or admin will have to decide.

Another one is to get hardened code. This forum runs on phpBB, and as I've mentioned in the past, version 2.x is about as safe as a slice of swiss cheese. Granted, it's also popular due to its user-friendliness for both users and admins. However, if you want to get serious about security, you will want to ponder the option of rebuilding from the ground up using version 3.x. That's what the folks at ArsTechnica did. Their traffic runs as many as 3000 unique users a day, tens of thousands of posts each month, and have a monetized premium subscription model to protect. Despite its sheer size and volume, ArsTechnica did choose to make the very difficult decision of switching to phpBB 3.x, and though it was a transition years in the making, when it was finally done, they operate today with little to no spam. What little that do come through are, as far as I know, done by the occasional human beings, and at least not giant, automated botnets. Bottom line, if Ars can do it, anybody can. The question will be if it's worth the time and money for smaller boards to make the same switch. For smaller ones, maybe it's enough for mods to comb through it daily....

One more possibility to consider is to change the server's default DNS to something that's more geared towards security. Commercial ones do a good job at proactively screening out trouble IPs for you, so the end server never even have to know they exist. Of course, the downside here is another matter of cost. However, I think it's worth investigating OpenDNS, because their cost is relatively low. There's even a free version for regular users. However, all this depends on server setup, and for many, it may not apply. Either way, I figure it wouldn't hurt to throw that out there.

Last but not least, just hire more moderators. Zap the spams by hand.

Yeah I think more mods would probably be the best solution.



Post like this: viewtopic.php?f=2&t=29672 really make me wonder. There doesn't seem to be any spam link, but it has nothing to do with the topic of the forum at all. Plus it is by someone who signed up in January, but made this their first post today.

Let's employ death squads. We will track the IP address of every suspected spam post then the mods will buy a team of 4 volunteers plane tickets to the poster's location. Our team will hunt them down, interrogate, and administer the appropriate punishment. We will of course employ extraordinary rendition when the culpable parties are within the bounds of civilized nations.

Any volunteers?

I vote DH for captain of the death squad

Accepted. And I did see your hand up, right?

Oh, definitely, I am in..

Awesome. Who else?

Wait until you see the cool gadgets the mods are giving us.

Good thing the technology to spoof IP addresses hasn't been invented. I'd hate to be assassinated because a spammer pretended to be me.

They are going to edit in a spam link tomorrow.

In general, anything off-topic, rambling, or non-human-sounding is likely to turn out to be spam. Part of dealing with spam is learning to recognize it instantly and act mercilessly. If there really was a human on the other side, they can always sign up with a new account and say, "Why was my post deleted?"

I need to revise my previous reply and say instead, more admins with lots of forum experience. When you've been posting on forums for over 10 years (as I have), posts like that aren't even questionable. They're garbage. You nuke them and get on with your day.

Please understand that I am not trying to be obnoxious. I'm trying to help. I don't mean to come off as condescending.

I didn't take that as condescending. I've been on numerous forums for probably 6 or 7 years, but I hadn't encountered that type yet. I assumed it was spam, but the purpose puzzled me.

The link has been removed, so I don't know what it is. Still, it's possible that it was a spam that normally contained certain links or codes, but the forum software automatically stripped it of that particular code before it was posted.

I'm believe the admins may have implemented this part, and would be more appropriate authorities to comment further.