Cheap Shared Hosting

Sunday, December 30, 2007

Dealing with spammers on forums

I've got a couple forums I help run, and dealing with spammers is a recurring problem. They either want to get an account with a link their site in their profile, or they want to active post spam in the forums - or both.

There's been a bit of an upsurge in the little bastards lately, apparently they're getting through the "image verification" systems more easily now - or they're just going the sweatshop route and having humans make the accounts. Either way, it's a pain.

What I've taken to doing is setting the forums so that the users must be approved before their active. With phpBB I also had to modify the code so that the user list only shows active users - for some reason it showed inactive users by default before! So even if they'd never clicked the activation link, they'd still get the url in their profile on the forum's user list.

So now, when I'm going through the list of new users to be moderated, I follow these steps:
  1. Check their email address and if possible the URL they've put in their profile. Obviously if they've put some porn or payday loans or other crap in either, goodbye. But these days you get a lot more spammers coming from gmail or other legit mail servers.
  2. Check their IP address using a service like IP2Location - if they're from one of the "spammy" countries like China or Russia, they're out - and I ban their IP range.
  3. If the IP location seems reasonable, I next check their email address by googling it. Usually, if they're a spammer they' used the same address on other sites, and you'll immediately see the pattern that indicates a spammer (usually on lots of other forum sites, often with only one post.
  4. If the username is unusual, google that as well - they'll often use the same string of gibberish for a username on other forums.
  5. Finally, google their IP address - they'll often turn up in spam logs or other places and clue you in if there's a spammer operating at that IP address.
It's a pain, but it seems like the best way to filter out the spammers from the real users. If they pass all those tests, then I activate them - but still keep an eye on the forum. Thankfully spammers will usually post their spam fairly quickly after getting an active account, so if you just keep an eye on the most recent posts, you're likely to catch them.

No comments: