Forum Moderators: rogerd
My reward for this modest success is an steady stream of spam account signups. I have email activation enabled for account signups, and very few of them complete this successfully (say 1 in 10), so I figured this was a script that kept track of throwaway free email addresses and automated account signups. My presumptions were supported I thought by account signups coming from a cluster of IP addresses that belongs to servers at a large hosting company known for cheap dedicated servers. They also used a few telltale domains in their throwaway emails, akaing them easy to spot.
At this point in my quest, I figured that I was needing countermeasures against scripted signups. So the low-hanging fruit was to alter the URL that is associated with signups, so that a script that searches for targets and automates submissions with a hard-coded URL particular to a certain forum software would break (due to intentioanl violation of its assumptions).
So a quick bit of PHP hackery ensued, and I sat back to watch the results. No change. I had previously disallowed the signup page in robots.txt, and was highly confident that page was not indexed by the major engines. So it was not a cached version of the script either.
My conclusion: humans, probably assisted by scripts, are signing up to my forum with the express intent to post spam.
If it's happening to me, it is almost certainly happening to you. I am in no way a high-value target. I get a paltry few thousand page views a day. My topic is a narrow niche, and hte spam is entirely off-topic, consisting of the usual porn, pills, and casinos fare.
I post not seeking tech help (I am formulating further technical countermeasures, and I'll share once I have some sense of their effectiveness), but seeking the benefit of the community's collective experience. I'd like to understand the problem better to fight it more effectively. (Nods to IncrediBILL.)
My questions for the esteemed forum103 audience:
1) Is this happening on your boards? (Maybe at a level beneath your awareness)
2) Did you take countermeasures?
3) Are the countermeasures effective?
Fun metric: my last 50 signups comprised a minimum of 45 spammers. 90% bogus signups since the beginning of the month. One account has not conclusively proven genuine, so I call 90% a conservative estimate. Anyone else got it this bad?
I've been considering a few measures for my own messageboard system, and also for a friends PHPBB. Spammers want to post links, where as normal people will post real messages.
Of late I've seen the following.
1) obscene (and badly spelled) rubbish message with a single link.
2) a member with a url in and 'dating' as interests (the idea is search engine finds the member list).
3) Long posts with dozens or even hundreds of spam urls in one post! Typically posted a a reply to an existing thread.
Deal with 2 and 3, you can manually ban #1 without too much effort.
Ban/moderate anyone posting more than say 5 links that aren't images. Remove the urls from interests or hide the members list.
You may think I've cracked the spamming issue - trust me, I haven't - this is the advantage of having a TINY forum where it wasn't long ago when I could count the number of members on one hand!
I had previously disallowed the signup page in robots.txt, and was highly confident that page was not indexed by the major engines. So it was not a cached version of the script either.
linear: I didn't find it clear from the original post but have you changed the URL of the signup form or the URL to which the signup form submits? Or are they one and the same?
