Skip to main content

Dealing with spammers on forums

I've got a couple forums I help run, and dealing with spammers is a recurring problem. They either want to get an account with a link their site in their profile, or they want to active post spam in the forums - or both.

There's been a bit of an upsurge in the little bastards lately, apparently they're getting through the "image verification" systems more easily now - or they're just going the sweatshop route and having humans make the accounts. Either way, it's a pain.

What I've taken to doing is setting the forums so that the users must be approved before their active. With phpBB I also had to modify the code so that the user list only shows active users - for some reason it showed inactive users by default before! So even if they'd never clicked the activation link, they'd still get the url in their profile on the forum's user list.

So now, when I'm going through the list of new users to be moderated, I follow these steps:
  1. Check their email address and if possible the URL they've put in their profile. Obviously if they've put some porn or payday loans or other crap in either, goodbye. But these days you get a lot more spammers coming from gmail or other legit mail servers.
  2. Check their IP address using a service like IP2Location - if they're from one of the "spammy" countries like China or Russia, they're out - and I ban their IP range.
  3. If the IP location seems reasonable, I next check their email address by googling it. Usually, if they're a spammer they' used the same address on other sites, and you'll immediately see the pattern that indicates a spammer (usually on lots of other forum sites, often with only one post.
  4. If the username is unusual, google that as well - they'll often use the same string of gibberish for a username on other forums.
  5. Finally, google their IP address - they'll often turn up in spam logs or other places and clue you in if there's a spammer operating at that IP address.
It's a pain, but it seems like the best way to filter out the spammers from the real users. If they pass all those tests, then I activate them - but still keep an eye on the forum. Thankfully spammers will usually post their spam fairly quickly after getting an active account, so if you just keep an eye on the most recent posts, you're likely to catch them.
Labels:

Comments

Post a Comment

Popular posts from this blog

Security Tips - Passwords and Logins

Passwords are something we all have to live with. There are other authentication methods slowly coming into use (i.e. two-factor) but it's hard to see passwords going away anytime soon. I assume everyone knows the basics - use "good" passwords, don't share them between sites, don't write them on a sticky note on your desk, don't save them in a file named "passwords.txt" on your computer, etc etc. That's all well and good, but there's so much more you can do! Good Passwords A "good" password is hard to guess, is what we're told. I think most people are unclear about what exactly "guess" means. These days, it means that it needs to be resistant to password cracking attacks that are getting ever more fast and sophisticated. Just making sure that you have numbers, characters, upper/lower case, etc isn't enough. The gold standard most important thing about a password is that it is long . The longer the better.
Post a Comment
Read more

Another VI tip - using macros, an example

God I love VI. Well, actually, vim but whatever. Here's another reason why. Suppose you need to perform some repetitive task over and over, such as updating the copyright date in the footer of a static website. (Yes, yes I know you could do a javascript thing or whatever, just bear with me.) Of course you could just search and replace in some text editor, changing "2007" to "2008" (if you're stupid) - and you'll end up with a bunch of incorrect dates being changed, most likely. What you need to do is only change that date at the bottom. And suppose that because of the formatting, you can't use the "Copy" part of the string in a search replace - perhaps some of the pages use "©", some spell out "Copyright" etc. This is where vi macros come in handy. A macro in vi is exactly what you expect, it records your actions and allows you to play them back. To start recording, press q followed by a character to use to "stor
6 comments
Read more

Debugging a DOS

I'm not a sysadmin, but I end up doing my best now and then when one of my sites gets into trouble. This is a sort of "after action report" of an incident that I just resolved (hopefully). I woke up and happened to check email on my phone (don't always do this, will now) and was greeted with a uptime robot email that one of my sites was down, and had been for about 4 hours. I quickly checked the site on my phone and yup, it wasn't loading. Ran to the office and hopped on my laptop. SSH to the server, and everything seems fine. Very little load on the server (AWS instance). Did a restart of apache/php/mysql and the site is still down. Weird. Running the site's index.php file on the command line works as expected and fast. Ask a few other people to check, and it's down for them. Then I logged into the AWS console and checked on status there - everything is up and running.... WTF? This is a lightsail instance, and then I noticed the outgoing network traffic h
Post a Comment
Read more