FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


Spammers on my Site





GoldenEagle
Hi guys,

I have a coins, collectibles, and antiques phpbb forum that is getting ridiculously spammed each day. Every day I have to ban about 3 accounts for spamming and it got to the point that I'm losing real members because they cannot handle the spam. I'm not really sure where it's all coming from, but is there any somewhat reliable to prevent people from spamming. I removed my link in my signature from here since I thought they were originating from this site, but I'm still getting them.

Most resources I have seen to help with spamming have been modules that make it easier to ban people, but I'm looking for something that can prevent the spam.
Bondings
You should use a custom (not-widely-used) CAPTCHA and change the url of the register page to something different than the default phpBB register page (this might have to be done manually and is not that easy).
GoldenEagle
I'm very certain these are manual spammers. At the very least, I just set up a mod to have 5 posts in order to accept the post with a URL tag. So far it's worked on the 5 spammers that have come today. Very Happy

I saw a pretty cool captcha mod with a simple math problem. That sounds cool.
deanhills
Aha ..... I was wondering what had happened to your signature? Do you think it could be the name of your domain that attracts spammers, i.e. treasures? This is just off the top of my head.

I was thinking and don't know whether it would be easy for you to do. I remember with Yahoo Groups that some groups got you to apply first and then after x days would come back to you as you had to be approved first before you could join the Group. I would imagine the beauty of that would be if it were a spammer that they'd have lost interest by the time they were accepted. So is it possible to do it with your Forum? Also, I've been posting at Freewebspace.net and noticed that some of the posters are being supervised before their posts are published .... they are designated a little red dot instead of a green dot on top of their names. Their posts only get published once a Moderator has had a look at it. That is usually for a duration of their first 20 posts. For some or other reason mine were not supervised (he he ...) but I guess one has to go to extreme measures and with Freewebspace.net I think the name has to attract a horrific volume of spammers. By the way, I could only get an Avatar and signature after post 50. I'm still battling to get my review on Frihost up in the Website's Freewebspace Directory. Which is my objective for posting there in the first place. But I'm getting there ... cross fingers. In the meanwhile it is interesting to post there and I'm certainly learning different stuff.
IceCreamTruck
It's an uphill battle. What you do to kill robots accessing your site will be bypassed by manual spamming.

Deanhills, I think the number of PHPbb references on his site now is probably bringing more spammers than anything else. Make sure you are not listed on PHPbb's website has having the forums installed on your domain because that's going to be the avenue that most spammers come from after they've developed their new tricks for phpbb.

The options are to make your phpbb very different in login, as suggested by bondings, than any other phpbb site, so other hacks for those sites don't work the same on your site. Changing the name of the login file will help you with most of the spammers.

Another good trick is that on phpbb the spammers usually select a default timezone which is set to somewhere out over the ocean with VERY low population, so you can get most of them right at the door. Especially the robot spammers who don't have time to customize attacks on every site they are trying to spam often overlook the time zone field and leave it to the default. The patch for this presents a warning that you know they are a spammer, and you don't appreciate the attempt to create an account on your system. It should be included in the group of patches you use to keep your forums clean. It's pretty cool that the default timezone is over the ocean, in this case.

The patch above made the spammer problem VERY manageable on my server back when I was trying to keep them out and build a user base. This should keep most of the spammers at bay... definitely not five a day with this patch in place.

There are other patches... new image check programs for login that also help limit your users to actual people instead of computers. Still can't stop everyone from spamming though.
GoldenEagle
9 new registrations today, all with 0 posts.

Looks like the anti-spam mod is working so far.... :-0
IceCreamTruck
GoldenEagle wrote:
9 new registrations today, all with 0 posts.

Looks like the anti-spam mod is working so far.... :-0


Except that I like to prevent them from ever logging in. I work so that I don't have to do anything to get rid of them because they are so numerous that they will still pound you to death and waste a bunch of your time.

It seems like my time zone patch and your patch would work well together. My patch would prevent most from getting in, and yours would prevent most that got in from posting. Then once every few months you can delete the users with no posts. Or set it to auto delete the users without posts once a month. Whatever makes it so you don't have to do anything is best.
truespeed
Thetre are about 4 different captcha options in phpbb3 now,you can also enable the question and answer module,you can set any question with a unique answer. This will stop the bots but not the manual spammers.

The only thing you can do with the manual ones is to keep deleting them,they will give up in the end if they see their accounts and links being deleted and target someone else. You may still get the odd one or two,but hopefully it will reduce the numbers.
medesignz
Just increase your moderators... spamming is a way of life for internet unfortunately.
Nameless
medesignz wrote:
spamming is a way of life for internet unfortunately.

Spamming is a way of life IRL as well. Junk mail, advertising everywhere ... next time I get asked if I want to upside my fast food meal I'm going to ask the server to fill in a captcha. Razz
GoldenEagle
Well, only one even got a single post through and the only reason (mistake?) was that he broke the URL code so the error never flagged.

Now I'm on the problem of how to get real people to start registering!
deanhills
GoldenEagle wrote:
Well, only one even got a single post through and the only reason (mistake?) was that he broke the URL code so the error never flagged.

Now I'm on the problem of how to get real people to start registering!
Maybe you need to contact real people and invite them to join up? You've got really good members posting, I can imagine you've already asked them for suggestions? Alternatively, check up other forums that are similar to yours and invite people to check out your Forum.

By the way when I visited it last night the Forum was really working great. Effortless posting. The time before, I think it was three or four days ago, I had to log-in every time I submitted a post. That must have been the stage where you had been in the thick of working on different solutions to get rid of spam posts?
Bondings
By the way, I'm pretty sure that your signature here has no effect on the spam registrations. The signature doesn't show to guests and hence also not to bots unless they registered to crawl these forums (very unlikely).
GoldenEagle
Bondings wrote:
By the way, I'm pretty sure that your signature here has no effect on the spam registrations. The signature doesn't show to guests and hence also not to bots unless they registered to crawl these forums (very unlikely).


Yeah I figured as much when I removed my signature and the rate of spammy sign-ups did not deciease. Back it comes! Thanks, Bondings.
medesignz
I agree with Paul Boag, it is not the users problem that spammers are on the site.
IceCreamTruck
Spammers find you in web search, come to you from phpbbs website, and their goal is to get their ads in as many forums as possible. They want to set up having their bot access your website once, and you're really just trying to make it so difficult for them that they choose to go somewhere else.

I deleted phpbb because there are just too many search terms that spammers can use to determine if you are using phpbb or not. That's what they've figured out tricks to, so they browse the web for other people using the same forums. If you keep phpbb, then you will always get attention from spammers unless you go through and get rid of every reference to phpbb which I'm pretty sure is against the terms of use, so you are screwed into dealing with their spammers, and they even offer to list your website as using phpbb which really only builds a good solid list for the phpbb spammers to go on. it's not like there are TONS of people browsing to your site from phpbb anyway, so do not opt to be included in any phpbb directories otherwise you are both causing your spam problem as well as fighting it.

I looked back through the thread because I was going to give you active examples of things on your site that are really just collecting more and more spammers for you, but the links to your site are in signatures. I will go to your site and let you know what I find. I'll also browse the web for external links coming into your site, and advise if you should keep them or not. It's really not hard to know if you should keep a link or not... does it give you time/money or cost you time/money?

PS. I looked at your site... it says it's powered by phpbb in the google search results... this is not good! It needs to say something like "it's a forum site to discuss this interest" not "this is a phpbb site, so if you have tricks to use on phpbb, then please come spam me." Why are you wondering where the spammers are coming from? Fix this. Either that or put out a welcome mat for spammers. Try to ensure that companies like google have proper titles, descriptions, and other search materials that exclude reference to phpbb. That's where you should start. From now on out phpbb is a bad word on your site... use generic "forums" instead.

PPS. Please note that removing phpbb references is popular in attempts to get rid of spammers, so some search for popular phpbb phrases like "who's online" and "Users browsing this forum:" ... change these to something like "Users Online" and "who's browsing this forum:" as this makes you different then everyone else as well. It's all about being unique... if they can't tell what software you are using, then they try a series of hack attempts, so it's best to just keep trying to not alert them to your presents. BTW, keep a backup admin user on your system just in case your main administrator account gets locked out. They hijacked my forums like this once.

PPPS. Did I mention not using phpbb... that's the best way to not get spammers.

PPPPS. Use "robots.txt" and don't allow google, yahoo, or lycos to spider your forums. It's likely that, like frihost, a lot of the content is not made available to unregistered users anyway, so don't let the spiders return a bunch of phpbb hits which doesn't help you at all. Sure, this will hurt your search results because most of your active and changing content will not be spidered. The way to fix this is to create static pages from the best content on your forums. If someone posts a good bit of information that you want to use elsewhere as a search tool, then pull it out of your forums and drop it on it's own page that is not spider restricted. Call it your reference section, and you can even add a forum to discuss the reference section. Your forums don't seem to be so huge that this would be an overwhelming task. For better search results you should have some extra materials outside your forums anyway.
medesignz
Great post IceCreamTruck... Good insight
deanhills
medesignz wrote:
Great post IceCreamTruck... Good insight
Totally agreed. I guess when I finally get my Website up, I'll have to ask ACT to give it his sharp eye lookover.
Applause
_AVG_
I had had a similar problem on one of my web sites. There were these spammers who would continuously post illicit content; I made it difficult to register, limited posting (and eventually as a desperate measure to stop them, temporarily disabled registering!) ... still they somehow made it to a guest forum! You could consider blocking their IP addresses otherwise.

In any case, what Bondings said is also an extremely practical method, albeit taxing.
IceCreamTruck
_AVG_ wrote:
I had had a similar problem on one of my web sites. There were these spammers who would continuously post illicit content; I made it difficult to register, limited posting (and eventually as a desperate measure to stop them, temporarily disabled registering!) ... still they somehow made it to a guest forum! You could consider blocking their IP addresses otherwise.

In any case, what Bondings said is also an extremely practical method, albeit taxing.


The nerve of spammers is insane. I remember doing the same thing on my site, and having them still bypass normal registration and do the guest account thing. The problem is there is no recourse against them. It's a war and we're not fighting it, so they are just doing what ever they please.

I figured the spamming would slow down if I showed signs that it was bothering me and made attempts to make it harder for them. They don't care... it's almost like they think it's a challenge if you make it difficult for them.

Another problem is on the other side of that coin. Why are people clicking these links? If it's spam then don't encourage it. I'm pretty sure most on frihost know not to click on spam links, but it's the billion or so people out there clicking spam links that encourages spammers. I just had an idea to put up a few links around that are obviously spam for fake products, and then when you click on it the resulting page tells you that you are the problem for encouraging spam. I will definitely do this on my sites, and I may post a couple in the frihost forums. It's time to start teaching people what the real problem is, and that lies with the consumer.

Another problem is that searches like google and yahoo give sites better rankings for the more listings around the web that they have, so some of the spammers don't care if they get people from the direct links they provide, but they know the spiders translate that into higher ranks in the search results. So their site gets more hits from the spamming they do, but not directly.

Any ideas on how to wage war back at them? It's not all foreign companies doing the spamming. If they are local I think we should take the problem to their front door. I hear a lot of it is coming from Belgium these days because the laws are so light on the subject there. Maybe we should petition the government of Belgium to tighten the noose ... basically it will be hard to convince them as the number of businesses moving to Belgium as a result of the lack of legal deterrent has been booming and money talks to most governments.

Thanks for your nice followup comments. I am genuinely trying to help here, and would like to help everyone who has this problem with their site as there is nothing more frustrating in web development then watching your hard work get destroyed with pron spamming and privilege abuse. I went through a large period where no one real posted on my forums, so I have stopped battling the spammers myself by taking my forums down. I will not use anyone else's software to make forums ever again, and will most likely add forums as an overlay for my user system that is still in development. Creating custom software does not work well if you have a day job... it's slow going.

PS. At what point is free ware not worth it? How much time an energy would you spend rewriting someone else's forums to be more secure before you realize you could have just developed your own? That's where I am at! I'm upset that I didn't write my own at the beginning of this process... no, I don't like phpbb. They wasted my time because I got a huge problem with the free forums they gave me. They even offer to make the problem worse by listing you in a directory that appears to have been written for spammers. bummer thought: phpbb written and released by spammers -- that explains a lot.

PPS. Another thought: what about paying for secure forums. Not everything in life is free! Maybe going with one of the guaranteed secure forums that you have to pay for would help this problem as well. Maybe someone out there has this stance: it would be free but we customize security so that our forums work well for you. That would be money well spent. I'll try to do some research this weekend and see if anyone is advertising paid forum software that is guaranteed spam free -- wouldn't that be a find. I'll let you guys know.
Ghost900
I have made it so that I have to approve the people that register, the main reason is that I just use mine for testing mostly. The problem is that most people that sign up for something want instant access so this will drive some people away. Also if you think your spammers are real people then they will make more logical user names to sign up so you will end up accepting them anyway whereas most bots can be detected from the user name.

It sounds like your modifications are working pretty well which will eventually drive the people to stop bothering you once they realize it is a waste of time, though new spammers are new born every minute.

I will have to play around with some of these mods to see how they work and such.

PS: Thanks IceCreamTruck for your insight on the bot searching for the Google and other search engine spiders.
IceCreamTruck
Ghost900 wrote:
I have made it so that I have to approve the people that register, the main reason is that I just use mine for testing mostly. The problem is that most people that sign up for something want instant access so this will drive some people away. Also if you think your spammers are real people then they will make more logical user names to sign up so you will end up accepting them anyway whereas most bots can be detected from the user name.

It sounds like your modifications are working pretty well which will eventually drive the people to stop bothering you once they realize it is a waste of time, though new spammers are new born every minute.

I will have to play around with some of these mods to see how they work and such.

PS: Thanks IceCreamTruck for your insight on the bot searching for the Google and other search engine spiders.


I'm happy to help. You seem to have a good idea for forums that may really take off for you, or will be very enjoyable for those that use it and share with it. This is why I wanted to give you all the knowledge I had learned because although I can now put up a pretty good forum that will remain spam free for the most part I've never had a good draw to get people in my forums. Turns out the struggle was not worth the prize for me, so I deleted the problem.

If you have specific questions then I'm always happy to help, and good luck!
metalfreek
One way to prevent spam will be to manually approve every account by moderators so that bots cannot post new thread on the forum. I have no clue on how to do that but its my idea.
Helios
metalfreek wrote:
One way to prevent spam will be to manually approve every account by moderators so that bots cannot post new thread on the forum. I have no clue on how to do that but its my idea.


How will the moderators tell apart the spammers and potentially good users?
Bikerman
On another forum that I moderate, we use a little tool to check the main spammer-reporting sites.
http://www.sciencefile.org/spamcheck/
IceCreamTruck
Bikerman wrote:
On another forum that I moderate, we use a little tool to check the main spammer-reporting sites.
http://www.sciencefile.org/spamcheck/


Thanks, Bikerman! I found this thread to be really helpful: http://temerc.com/forums/viewtopic.php?f=71&t=8539&sid=d827a38dcbaebf30dfaf39af03fb3057

Here is the excerpt that may help everyone updating their own phpbb, but also this will help people like me who just write necessary tools from the ground up...

Code:


<?php
if(isset($_POST['myform'])){
    // get vars
    $sName = $_POST['name'];
    $sEmail = $_POST['email'];
    $sIP = $_SERVER['REMOTE_ADDR'];

    // Check against spam filter
    $sReturn = file_get_contents('http://yourdomain.com/path_to/check_spammers_plain.php?ip='.$sIP.'&name='.$sName.'&email='.$sEmail);
    if (strpos($fspamcheck, 'TRUE') !==False) {
      // Reject it
    }else{
       // Allow it to go through
    }

}else{
    // Display form
}
?>

deanhills
Helios wrote:
metalfreek wrote:
One way to prevent spam will be to manually approve every account by moderators so that bots cannot post new thread on the forum. I have no clue on how to do that but its my idea.


How will the moderators tell apart the spammers and potentially good users?
I think Metalfreek's idea could be a good idea as TreasureTrades Forum is very much a specialist forum trading in specialist items like coins, antiques, special cards and metal detecting. I'm sure those who are genuinely interested in those fields would not mind to wait for their application to be approved. But maybe that could slow down the traffic to the site?

Right now however GoldenEagle must be doing something right, I've just visited his Site and have not seen a single spam posting. It looks really clean. Very Happy
GoldenEagle
My spam went to 0 IMMEDIATELY when I added:

1. A mod to prevent posting urls unless you had 5 or more posts. If you do not have 5 posts, it throws an error and will not accept the post.

2. Changed the bot check to "simple math" mod, where it gives a combination of numbers, numerals, and Roman numerals and asks the user to do some math. It's a common bot check (being common is not good) but it seems to be working 100% now.

Thanks for all of the help guys!
metalfreek
Helios wrote:
metalfreek wrote:
One way to prevent spam will be to manually approve every account by moderators so that bots cannot post new thread on the forum. I have no clue on how to do that but its my idea.


How will the moderators tell apart the spammers and potentially good users?


One way of finding bot signup is to see the username and email. Their username are somewhat random and makes no sense at all.
mahirh
for the manual spammers, keep some sort of filter to filter all registration with temporary email addresses and check for multiple registrations from a single ip or you could even let google do the hard work for you. let them verify their account with google authorization api (its kinda like Facebook connect but everyone wouldn't want a Facebook account)
deanhills
GoldenEagle wrote:
My spam went to 0 IMMEDIATELY when I added:
Great news! The Forum looks great as well. Just imagine, it's barely one month old.
Very Happy
GoldenEagle
Yeah, right now I'm at the point where I'm working on getting more members now that some semblance of a community has been developing. I'll be adding more and varied topics as time goes on and if there's interest in other hobbies.

Because of this, I haven't gone out metal detecting in a while!
medesignz
How about spammers to comments? What do you think the remedy is to this?
deanhills
GoldenEagle wrote:
I'm working on getting more members now that some semblance of a community has been developing.
Would there be mailing lists of people that you could get hold of, like for example antiques? Or even checking up discussion groups in Yahoo? This one for example looks interesting. If one could join a group like that one may find people who you would like to join your discussion group and ask them maybe:
http://metaldetecting.meetup.com/ or
http://metaldetectingforum.com/group.php?do=grouplist&sort=pictures&order=desc&page=3
Smile
_AVG_
medesignz wrote:
How about spammers to comments? What do you think the remedy is to this?


What exactly do you mean by "spammers to comments". If I got what you were trying to say correctly, a similar situation for me (for one of my web sites) was: spammers got hold of my Guestbook (they started leaving lewd comments and links, etc.) I had to delete my entire Guestbook!
IceCreamTruck
GoldenEagle wrote:
My spam went to 0 IMMEDIATELY when I added:

1. A mod to prevent posting urls unless you had 5 or more posts. If you do not have 5 posts, it throws an error and will not accept the post.

2. Changed the bot check to "simple math" mod, where it gives a combination of numbers, numerals, and Roman numerals and asks the user to do some math. It's a common bot check (being common is not good) but it seems to be working 100% now.

Thanks for all of the help guys!


Excellent... I wouldn't cut your luck by saying 100%... but I'm cool with 99.999999 percent spam free! Smile Someone will always manage to get under your skin by bypassing your security checks, and that day will come, but here's to hoping that you get a much needed break from the spammers!

Good work!
Related topics
site theme
What's Your site About
Does anyone know how to get your site to appear higher ?
Site under construction?
the best driver site ever
Php-Nuke Site -- How likely is it going to be hacked?
Verify your site's design on a mac (Safari, IE, Mozilla)
MS Accepts Korean Site Attack
De quoi parlent vos sites?
Sued for Spam
Linking from a high page rank site
[GUIDE]Testing Out Your Site Without Uploading It
My forum keeps getting swarmed by spammers
Printer prints different content
Reply to topic    Frihost Forum Index -> General -> General Chat

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.