- From: Long Island, New York
- Registered: 2010-12-30
- Posts: 1,977
I'm New! I'm Being Spammed! Help!
I have a forum. Spamming is a nightmare, I can not believe how many people post spam. When you register, you have to click a link in an email to activate and I also have capthca enabled. But they still spam. Is there anything else I can do?
-- Abbreviated quote from a new forum member.
Welcome! And welcome to all new members who have found their way here hoping to find some answers to their questions regarding spam (and spammers) and what can be done about it! This clear and concise Sticky "Introduction FAQ" (for lack of some catchy name) is designed with you, our newest member, in mind. It's by no means exhaustive or overly complicated (that comes later!), but instead, attempts to offer an outline of steps you may take in an effort to combat your spam problem.
It should be noted that this particular post was written with phpBB3 in mind, but don't worry! Aside from the explicitly noted paragraph, all else should apply to you. For those not using phpBB3, you will find an assortment of other forum software listed at the bottom of this post. Let's get started:
First, collect your API keys from the most commonly used database resources: (What's an API Key?)
• API Key from Stop Forum Spam
• API Key from Bot Scout
• API Key from Project Honey Pot
• API Key from FSpamList
• API Key from IPinfoDB
Note, all above keys may be obtained via FSLC below if desired.
Which can then all be queried by one awesome spam lookup and submission tool:
• Gunner's Forum Spam List Checker
(Mod note: Windows only) Forum Spam List Checker is the Big Gun of choice for seeking out and destroying spammers. Even though it has "Forum" in the name, it can be used on any website that allows posting messages/comments, links or has members. FSLC is a very powerful tool, but, it was designed with a shallow learning curve, which makes it a perfect fit for everyone from the new website owner to the seasoned veteran. Even though FSLC is rather easy to use, you may still have questions or maybe would like to know about the "hidden" features. So, we have broken down each "Tab" into it's own page. You can use the links on the right for more information.
Then, head to Lithium Studios and grab EXreaction's Anti-Spam Admin Control Panel Add-On:
• Lithium Studios PHPBB3 Anti-Spam ACP (phpBB 3.0.6+ ONLY. For other software, see bottom)
(Mod note: the site is gone) Anti-Spam ACP adds many powerful anti-spam features to your forum such as an IP Search tool, Spam Word list, control over profile fields, flagging suspicious users (for logging their actions), and an easy one click ban link from their profile which clears out their profile and posts. Current features include spam Log, IP search, spam word catcher, disabling of certain profile fields, Stop Forum Spam integration, one-click ban and more.
After that has been installed and configured, head over to ZBBlock:
• ZB Block
(Mod note: transferred to new site) This php security script is designed to detect certain behaviors detrimental to websites, or known bad addresses attempting to access your site. It then will send the bad robot (usually) or hacker an authentic 403 Forbidden page with a description of what the problem was. If the attacker persists, then they will be served up a permanently recurring 503 overload message with a 24 hour timeout. ZB Block is Excellent at reducing hacker bandwidth usage, strengthening your site against defacement, preventing PHP script exploitation, ending Remote File Include (RFI) exploits, protecting against directory traversal attacks, stopping MySQL database injection and tampering, removing access from known bad addresses and domain names and blocking access from top level domains, like .cn (China) and .kp (North Korea). ZB Block is Good at avoiding website scraping/content theft, deterring bad user agents, halting referrer spam and impeding some Cross Site Scripting (XSS) attacks.
Lastly, dump Captcha and instead use Question and Answer during the registration process. (Why?)
For software add-on modifications unrelated to phpBB 3.0.6 or higher, please see:
• The SFS Mods and Plugins Resource Center
Currently, anti-spam add-on tools are available for phpBB, vBulletin, Simple Machines (SMF), MyBB, PunBB, PHP Fusion, Xen Foro, Elgg, Wordpress, Symphony, UBB and Pligg. If your software is not listed here, please inquire about the use of ZB Block along with your software's platform and version.
(Note: See here if having API submission issues using an older version of SMF).
Using the above tools and techniques will eliminate the overwhelming majority of your spam (and in the case of ZB Block, dramatically increase your security against potential attack at the same time). The rest of your spam would be that human spammer posting "topical back links" (or similar).
If you would like to discuss the above or have questions or comments, please see this thread to contribute.