homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

How to prevent spammers from posting
not if they post right away

 1:16 pm on Feb 3, 2009 (gmt 0)

It seems that a lot of times, people create accounts on message boards with the intent to spam, but don't post anything right away.

I'm guessing it's a type of outsourced job. Where someone just provides the list of forums where they registered.

In such cases, most of the time they use the same user id on all boards.

So it's easy to use Google api to run a search on each new registered user. Check the number of estimated results. And if there are a lot of results, just flag them for a possible lock. Or just lock them after a manual review of the search results.

Of course, there are plenty of names like "Mike" or "Jane" that would have serps with a great number of results.

But most of the time, you'll have a clear indication.

Here is one example that just flagged on my board: corpobb

Anyway, if you have a problem with "sleepers" registering in great numbers, you might want to try this approach. It's not hard to automate and get e-mail notifications with links to serps pages for all suspicious new accounts.



 1:27 pm on Feb 3, 2009 (gmt 0)

I am quite wary of this method, when I first started using forums I must have joined 20 on every subject I was interested in with the intention of posting, after a while some were good and some not so much (now there are 3 I post in actively and 1 I check in on from time to time) what sort of numbers would you need to find in order to prevent someone from posting in your forum?


 2:52 pm on Feb 3, 2009 (gmt 0)

Good reporting tools help eliminate this problem. And a good team of mods. I have a page where power users can review the latest comments from any page on the site. You would be amazed at how many spammers my users catch. Then my mods catch the rest. Obviously a few will get through, but I'd say we get 99% of them.


 5:19 pm on Feb 3, 2009 (gmt 0)

Not very effective IMO because you're going to be getting a lot of false positives.

I know phpBB has eliminated the bots at this point as the image captcha has not been broken and there are already plans on how to step it up when it is.

That really leaves humans, I'd look to the forum software for solutions whether they are built in solutions or mods. phpBB for example has a new feature as of 3.0.3 that will kick the first X posts to the moderation queue for new members for review by a moderator before it gets posted.


 6:04 pm on Feb 3, 2009 (gmt 0)

I use a double opt in method. Any one can look. Only registered can post, and to register they have to register first with valid email address and the remaining part of the registration is sent to that email address. Failure to complete those instructions never advances the user account to posting privileges. So far seems to work. On those few that have tried spam after that I have a valid email account to go after... but never have had to go that far (fingers crossed!)


 7:42 pm on Feb 3, 2009 (gmt 0)

the remaining part of the registration is sent to that email address

That's an interesting idea, I'm assuming by that you're not referring to the activation email and you're sending them a form to complete in the email? If the user has HTML disabled?

The image captcha in phpbb has worked so well I've disabled email activation myself. It's only a speed bump for human spammers....


 8:27 pm on Feb 3, 2009 (gmt 0)

They are sent an activation code and URL to insert that code. I don't get that back, they don't get to post. Plain text email. Oh, one other thing, the URl in the email is randomly generated and deleted after 3 days.


 3:21 am on Feb 4, 2009 (gmt 0)

What I've recently switched to with phpBB3 is I ask a question that's required for them to register (a custom profile field only displayed during registration). I give them a Yes/No type question to answer. It defaults to the wrong answer, so you have to change the drop down option to the other option. Then I disabled e-mail activation. We'll see how that goes. Oh, another thing is I block a large number of IPs from countries that have no real need to come to my widget site. It's predominately geared for North Americans so I block russia, germany, etc. as their spambot IPs show up.


 9:30 am on Feb 6, 2009 (gmt 0)

Over the last few days I've used the above Custom Profile method Swanny007 mentioned. But I've used the numbers option - I list seven double digit numbers and ask new registrants to type the second number. Stopped the spambots stone dead so far.


 12:33 pm on Feb 8, 2009 (gmt 0)

A very simple solution that works very good:

<input type="text" style="visibility:hidden" name="email" value="">
(or use a CSS class with visibility:hidden set)
Then in the registration script you check if the email field is set. If it is, you ban that user. Of course you need a separate field for the real email.


 6:57 am on Feb 9, 2009 (gmt 0)

(or use a CSS class with visibility:hidden set)

I believe if the user is seeing impaired most of those browsers throw out the CSS rules and they will see the field?

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved