Forum Spam - Spam Prevention

Spam Prevention

• Blacklists: Services such as Stop Forum Spam keep databases of the IP addresses and e-mail addresses used to post spam or register forum accounts. Forum software can query these lists and either deny posts or registration, or submit the request for human moderation. This is similar to DNSBL services.
• Flood control: This forces users to wait for a short interval between making posts to the forum, thus preventing spambots from flooding the forum with repeated spam messages.
• Registration control:
  • Some forums employ CAPTCHA (visual confirmation) routines on their registration pages to prevent spambots carrying out automated registrations. Simple CAPTCHA systems which display alphanumeric characters have proven vulnerable to optical character recognition software but those that scramble the characters appear to be far more effective.
  • Alternative is Textual Confirmation, where the user answers one or more random questions to prove he/she is not a spambot.
  • Forums have a feature where they send an e-mail to users who registered, either containing the password used to log in or an activation code/link.
  • Some forums have required registration approval where the administrator has to approve accounts.
• Authoritative voice: Using an external filtering service to get a verdict if the data is spam or not.
• Posting limits: Limit posting to registered users and/or require that the user pass a CAPTCHA test before posting.
• Registration restrictions: Applying careful restrictions can seriously impact bogus and spambot registrations. One approach consists in the denial of registration from certain domains that are a major source of spambots, or even domain extensions such as .ru, .br, .biz. Another, more labor-intensive, consists in manual examination of new registrants. This examination looks at several indicators. First, spambots often delay email confirmation by several hours, while humans will confirm promptly. Second, spambots will tend to create user names that are unique, and unlikely to already be used in the forum, preferring "John84731" or "JohnbassKeepsie" to the much more common "John." Third, using a search engine to investigate, one finds hundreds, if not thousands of profiles using the spambot login name, sometimes with the diagnostic spam post, or "banned" label.
• Changing technical details of the forum software to confuse bots — for example, changing "agreed=true" to "mode=agreed" in the registration page of phpBB.
• Block posts or registrations that contain certain blacklisted words.
• Be wary of IPs used by untrusted posters (anonymous posts or newly registered users). A useful technique for proactive detection of well-known spammer proxies is to query a search engine for this IP. It will show up on pages that specialize in the listing of proxies.
• Some forums also have their own "spam subforums" to direct spam off their main site.
• Some forums have the signature option disabled.