homepage Welcome to WebmasterWorld Guest from 54.204.67.26
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Accredited PayPal World Seller

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
Spam postings
macca34




msg:3957972
 10:23 am on Jul 23, 2009 (gmt 0)

I have just started a discussion forum and am just about to promote it. I am getting lots of overseas postings about the usual vulgar stuff you get in spam emails.

What can I do to stop it. I have set all the parametres on PHPBB and although reduced they still get thru. Is there anyway to block IP from certain countries (as they would have no business or interest in my forums anyway)

Any help gratefully appreciated.

Thanks in advance

Cheers

 

martinibuster




msg:3957995
 11:21 am on Jul 23, 2009 (gmt 0)

Bots can defeat many captchas. Fortunately there are a number of phpBB mods to that can defeat the bots. A simple mod that asks a question of your choosing is enough to defeat the bots.

Blocking IPs is doable but it's possible to accidentally block Australia and Britain. Blocking the bots should eliminate 99% of your problem. The rest can be blocked as they show up.

There are sites with lists of IPs to block,and software/mods that auto-update according to lists as they're generated by reports submitted by people. I'm not a fan of blacklists because imo all blacklists contain errors. I would rather deal with a trickle of spammers on a case by case basis, banning IPs safely than accidentally block innocent site visitors because a newb submitted a block of legit IPs to whatever blacklist you're relying on.

piatkow




msg:3958028
 12:06 pm on Jul 23, 2009 (gmt 0)


Blocking IPs is doable but it's possible to accidentally block Australia and Britain

I have come across several cases of people blocking themselves from their own forums. IP blocking needs to be dome with great care.

You will probably always get some manually entered spam, often from people with their first web site who don't realise that this is unacceptable. Requiring forum membership will cut down some of this.

Frank_Rizzo




msg:3958129
 3:08 pm on Jul 23, 2009 (gmt 0)

Forget setting up a block of IPs to ban. They will always find a proxy somewhere else. Only block if you have some kind of automated tool which you can leave running else you will be going round in circles.

How many registrations do you get a week? If not many then change to admin authorisation mode.

Do you allow guest posting? Turn it off.

Install one of the captcha mods or wait for phpbb 3.0.6 as this has better captcha options.

Turn off memberlist browsing for guests - this is mostly how the spammers find you in the first place.

martinibuster




msg:3958154
 3:36 pm on Jul 23, 2009 (gmt 0)

>>>If not many then change to admin authorisation mode.

One consideration in the case of a slow forum is that it's better for growth to allow speedier registration. Making users wait can cause people to never return and post because it's easier to find their joy on someone else's forum than sit around waiting for an admin authorization.

I agree about the memberlist and go further. I can't justify a memberlist. In terms of spam reduction and SEO, it's best imo to remove all links to the memberlist then remove the memberlist file altogether. One part of Forum SEO is to remove links to as much as possible that is not rank-worthy content.

Frank_Rizzo




msg:3958350
 7:33 pm on Jul 23, 2009 (gmt 0)

I don't think making them wait is that much of problem compared to viewing a forum full of spam postings.

If a site is riddled with spam and offensive postings users are not going to register in the first place.

Besides, with admin authorisation a new user may have to wait a while but they should return when they get an account confirmation email.

How many users sign up, get instant notification and don't visit again. And how many users sign up, forget the site for a few hours or a day and then return when they are 'invited' via a nicely worded confirmation email?

Obviously if a board has dozens of registrations a day then it could be a problem. But if a board has dozens of registrations a day it should have a sufficient team of admins / mods to check registrations.

thecoalman




msg:3959776
 1:03 pm on Jul 26, 2009 (gmt 0)

I can tell you phpbb takes the issue of forum spam seriously, the image captcha in phpbb3 held up for a good year or more and still does to some degree because it can be tweaked. As with any captcha system most are broken eventually because they are always the same.

3.0.6 will implement a captcha plug-in system which will allow authors to make their own captcha system. This will greatly expand the captcha capabilities as there will be numerous options for forum owners and what captcha they want to use. If it gets broken you can plug in a new one that is more effective.

More here: [phpbb.com...]

As far as phpBB's current image captcha make sure you have enabled the GD version. Try tweaking the settings a little.

You don't have to enable admin registration necessarily in phpBB and frankly I don't find it very useful anyway. The better option is to enable the "Maximum post count for queued posts" under post settings. When you set this to X amount all their posts automatically go to the moderation queue which have to be approved before they become public until they reach X amount of posts.

The user can register and make their post, any moderator with permissions can approve it and the user gets an approval or disapproval email. The disapproval email is at the moderators option.

I agree about the memberlist and go further. I can't justify a memberlist. In terms of spam reduction and SEO, it's best imo to remove all links to the memberlist then remove the memberlist file altogether. One part of Forum SEO is to remove links to as much as possible that is not rank-worthy content.

This can be set by permissions in phpBB, by default profiles and the memberlist are denied to bots and guests. They still get a page if they go to the URL but it's "You do not have permission". Bots are in a special group, standard links for profiles the memberlist and search page are parsed as plain text or don't even exist. You're actually cloaking to some extent but no one has had any trouble with it as far as I know. I modded my own forum so if they do find a link somewhere they get the correct header whether it's 403 or whatever.

If you want to remove the memberlist or any of those features there really is no sense hacking it out because you can do it through permissions.

macca34




msg:3967364
 10:19 pm on Aug 6, 2009 (gmt 0)

Thanks for all your replies. I will look into the options.

When I first started the forum I got hundreds of spam postings. Now it can be about 10 per night. I am not sure how these spammers found the forum it as I haven't publicised it at all and the other forum no longer gets any spam.

Thanks again

sidney1310




msg:3968942
 11:35 pm on Aug 9, 2009 (gmt 0)

The single best tactic I've found for stopping almost all of he bots is to require javascript be enabled for registration. Almost no bots have a javascript engine built in. In fact, I think that the very few that get through that block are not bots at all, but are people in poor countries who are working for "get paid at home to post in forums" sites. There is little you can do to block them, but they are a tiny fraction of the problem compared to fully automated bots.

If you are running PHPBB2 then the easiest way to do it is to install the hashcash mod from [phpbbhacks.com...]

That mod forces the browser to compute a javascript function called "hashcash" to get through registration. The details of the task are not as important as that it fails if javascript is not enabled, and it is good about telling a real human who has javascript turned off that they need to enable it to register on your site.

I found that it stops every spam bot that is able to get through the CAPTCHA, and it is invisible to a human, requiring no interaction.

JS_Harris




msg:3976290
 10:06 am on Aug 21, 2009 (gmt 0)

Add a hidden box to your signup page too, visitors won't enter anything in it and you can insta-ban any bot that does.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved