Dealing with spammers

Hi all,

Since we're fortunate enough to have a lot of visitors to the site, we also get targeted by spammers regularly. These spammers sign up accounts then make posts that either are full of advertising links, or just useless no-comment posts with advertising links in their signatures.

The admins and mods regularly delete these users to keep the boards clean. However, it's difficult to examine every post made to the forum, so sometimes we miss them.

There are a couple of really easy things you can do to help us keep the board clean:

• Report any spam posts. There's a 'report post' option on every forum post - if you spot some spam, click the report button and we'll be notified.
• Don't reply to talk about spam posts: simply ignore them, or continue replying to the rest of the thread as if it wasn't there. Once we find a spammer, we can delete the user and all their posts in one go, saving us having to remove the posts manually. If there are posts left behind by other users talking about the spam, we have to remove these manually otherwise the thread suddenly makes no sense at all.

So in short, report them and don't reply to them, and we can keep the board clean and tidy <img src="smileys/smiley1.gif" border="0" align="middle" />

I haven't seen it for a while, but you still have those "are you human" type things set up? Also, how about restricting sigs and posts with URLs in them until you've made a certain number of posts? It probably wouldn't stop some of the cleverer bots (or any spam account that has at least a minimal amount of human control), but it might help.

There's a captcha on the registration form and I've tried changing it, but I guess the bots are getting pretty good. Also, I suspect actual humans are recruited in some cases to pass the captchas (i.e. semi-automatic bots) so it might not make much difference. I think we're also targeted because we run phpBB, which is a popular forum software and therefore more highly targeted.

Do you know how to limit posting URLs until you have a certain number of posts? I hate modifying phpBB because every time I do it it's a nightmare, it doesn't seem very well designed for it. Besides, it's probably one of those things that will irritate legitimate users (e.g. signing up to post a link to a .cap with a bug or something).

I remeber Soldjahboy talking about how he used to deal with bots something along the lines of restricting posters to a single forum until they are moved to a regular users group. Not an ideal solution....

Too bad we cant do this

<img src="http://imgs.xkcd.com/comics/constructive.png">

I think Ashley's first post is really the best way. Vigilance is a proven method.

What ever you do tho never click on a link if your not sure about it.

Even if its not harmful, it still gives the botter what they want ....page views.

And that will only encourage them.

When in doubt, copy the suspect post's text, and google it.

Chances are it's been pasted verbatim across hundreds of other forums.

Remember bots are only as smart as the guy that downloaded it from the guy that made it.

does phpbb have "a stopforumspam" or "Akismet" plug ins?

Yeah, I had a phpbb forum that wasn't even popular but I got BOMBARDED with spambots. Like 10+ a day. It got so horrible I eventually disabled user registrations altogether...

However, there are some decent anti-spam mods available for phpbb3. You might want to check them out sometime. If anything, they'll decrease the amount of spambots getting past the captcha.

I run a phpbb forum and yeah, all those captchas are pretty useless. What DOES work is the Q&A system. You can define simple questions that deal with the topic of the forum/site and it should be very effective. Like "What is Construct primarily used for?" You can define multiple valid answers. And it's built into the phpBB3 core already.

EDIT: I just noticed I replied to an old thread. Haven't seen any bots spamming, so I assume the situation is under control anyway. xD;;

Don't worry, I decided to sticky this old thread, so I'm responsible for bumping it

I've since put in a new captcha where you have to choose an image that matches. It's not bulletproof, but maybe at least for the fact it's different, it seems to have stopped a lot of the spam.

One good technique is to rename the login field to "hiddenField1" and then create a new hidden field called "Username".

If username hidden field is filled with a value when the form is posted, you know it's a bot.

Browsers use these to fill-in automatically, too.

Chances are the spam posts that do get through are actual people that aren't smart enough to figure out how to use a bot.

Like they say, you cant fix stupid.

Some spammers actually hire real people en-masse to sign up to random forums and make semi-relevant sounding posts by skimming the content of the thread above. So there's a small amount of spam that will always have to be cleaned up by hand.

Wasn't there some clickteam fans who use to attack this site?

No, I don't think that's ever happened. I've read a lot about spammers that literally target random IP addresses looking for servers - it's pretty much a fact of running a website that you'll get automated (or even human-powered) spam being posted. So really it just needs to be reported and cleaned up.