Stopping spam

Worker Joined: Dec 08, 2005 Posts: 107

Over the last week couple of weeks we have been spammed quite a bit.

There are two basic forms these spams take and each have links to other sites. The first one is very obvious with loads keywords for the particular site, advertising things like purses and jewelry.

The second type does not appear to be spam at first. It can be identified by being a very short post which often says little or nothing. For example, "nice post" or "great site" or "thanks for the tip". In these cases there is an extra line (or more) at the bottom of the post that is invisible because the font color is the same as the background color. You can see the text simply by doing CTRL-A to mark the entire page.

I am trying to figure out a way to at least reduce the amount of spam, and I am looking for advice at two levels. First, I need a kick in the right direction in terms of modules or whatever to help reduce the amount of spam. I saw some add-ons that block spam by IP, but if the attackers are dial-in the IP can change from one minute to the next. Is that really a useful approach?

The second issue is what to do with the users and posts once I am spammed. The simplest approach is to remove the user, but it seems that the posts are still in the database even if they are not visible. I had one spammer that posted 40+ times in one day and removing each post individually was a pain in the backside.

Any and all help is appreciated.

regards,

jimmo

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Hi Jimmo,

One of my sites and my father's site were also hit by an onslaught of forum spam. Over a 7-day period, one site received over 1000 spam posts.

Typically, I remove the post and suspend the user account. But given the high volume of posts, I needed an easier solution. It appears that they manually register, then post using an automated script (i.e. there weren't that many accounts).

So here's the plan:
- First, I created a new option for the user profiles (both active and suspended) that allows me to delete all forum posts for that user. I have tested it on one of the sites (an older site running an old version of Nuke with NSN-YA - a predecessor to CNB-YA and RNYA). I tested first on an RN 2.3 development instance (local on my PC), and only needed a few modifications to make it work with the older site. I was able to clean up the site with 1000+ spam posts in less than 30 minutes.
- Given that most of the spam is coming from people registered with .ru and .ea addresses, I may block these domains from registering. Unfortunately, much of it is coming from gmail addresses, too.
- Finally, to remove the incentive to post forum spam, I'll search for and add the mod that hides links from non-members. This will prevent search engines from finding the links and eliminate the majority of the benefit spammers get from posting.

What would REALLY be nice is to implement the dynamic spam detection utility that Guardian2003 has been testing (I can't remember the name right now).

If there is sufficient interest, I can make a download available of the changes I made to enable deleting all forum posts by user via RNYA. But it's really bad timing as I am trying to wrap up the development on nukeSEO DH and nukeNAV for the next release of RN...

Regular Joined: Aug 12, 2008 Posts: 58

well i have found to mods both from clanthemes the first is a prune users posts floppy made it work for RN i have hosted it on my site for now but you can find it here http://www.clanthemes.com/club-download-file-760-prune-user-post-120-for-phpnuke.html if you dont have the points it is here http://phpnuke-install.com/prune_user_post_1.2.0(2).zip

and the Hide-Links mod which i updated with the correct code to find is here in a txt file http://phpnuke-install.com/Hide-Links-For-RN.txt

and screen shots
Registered

UnRegistered

[/img][/code]

Posted: Fri Jul 24, 2009 9:46 pm

Thanks. There is a newer version of the hide links mod which adds more configuration options, but for many that will do fine.

I'm not sure which Raven used on this site, but I believe it should hide images, links in at least:
- forum posts
- forum signature
- user profile (signature)

Technically, those links could be displayed in distributed feeds, but less likely to have any desired search engine impact for spammers...

registered · Posted: Fri Jul 24, 2009 10:26 pm

Personally, I doubt any spam bot cares whether you have hidden links or not. They aren't going to spend the time to check, they are going to post and go onto another site Smile

Posted: Fri Jul 24, 2009 10:32 pm

True, but that assumes a spam bot registers. That's possible, but it does not appear to be the case.

Posted: Fri Jul 24, 2009 11:08 pm

A nice small Anti-Spam-Addon for the phpbb2 is Only registered users can see links on this board! Get registered or login! from Truden (also available for phpbb3). Smile

Coldcut aka Coldy Cool

Posted: Sat Jul 25, 2009 1:28 am

evaders99 wrote:

Personally, I doubt any spam bot cares whether you have hidden links or not. They aren't going to spend the time to check, they are going to post and go onto another site Smile

While my biggest concern is the fact that I have spam posts, I also do not like the idea that they get any benefit at all, including the boost in their rankings. So I see a benfit there from hiding the links.

On the other hand, the site is free and as with this site, people like to content on my site in response to questions posed in the forums. Should I force them to register?

I cannot image that it would be too hard to modify the PHP code to say that if URL contains the local domain, then display it, otherwise hide it. One could also have a list of OK sites to link to. In my case there are a handful of sites that are frequently referenced and these could displayed for everyone.

Posted: Sat Jul 25, 2009 1:28 am

Thanks, Coldy. That's very interesting because it uses cookies set by JS, which the bots won't read...

Posted: Sat Jul 25, 2009 1:32 am

kguske wrote:

True, but that assumes a spam bot registers. That's possible, but it does not appear to be the case.

I get that feeling, too, but I cannot really say why. I bet it would be cheaper to hire a group of people in Cambodia or Indonesia to add the links manually than it would be to actually program spam bots.

On the other hand, maybe a person registers, but once registered it's a spambot.

AAAAA!!! Why are there so many jerks in the world?

( Yes, Raven, I know I can be one from time to time. Wink

)

Posted: Sat Jul 25, 2009 1:45 am

Coldy wrote:

A nice small Anti-Spam-Addon for the phpbb2 is Only registered users can see links on this board! Get registered or login! from Truden (also available for phpbb3). Smile

That threw me for a second! I can recognize a few cyrillic letters, but I never learned Bulgarian.

My assumption is that it would only work if it was a spambot and not a worker in a "spam shop". Is that right?

I was just hit with an idea regarding cookies. If a group of sites defined a code and stored it in a cookie that everyone could read, you could theoretically "mark" machines as spambots. The next time they try to log into a machine in this group, it sees the cookies and does "something". Granted this does not work for new sites once the cookies are removed. However, if a site sees the cookie it automatically marks the current user as a spam bot for the next time.

My swiss cheese brain seems to recall seeing something about a IP based spam blocker. I have one set up on my mail server looking for both invalid sender domains and know spamhauses. It seems to work pretty well. What experiences do others have with things like this for forums?

Posted: Sat Jul 25, 2009 8:50 am

Here's an example:

Looks OK, but if you highlight the post, you'll see the payoff (highlighting hides the link, but it's there):

Hiding links and text with colors to match the background:
- does NOT help the linked site
- HURTS the linking site

This is because search engines are aware of these games and treat this crap harshly. We need better tools to eliminate this - and it does appear that this was manually entered, unless bots have gotten smart enough to detect CSS and post accordingly. The people hired to do this must have no self-respect... Evil or Very Mad

Posted: Sat Jul 25, 2009 9:26 am

kguske wrote:

We need better tools to eliminate this - and it does appear that this was manually entered, unless bots have gotten smart enough to detect CSS and post accordingly. The people hired to do this must have no self-respect... Evil or Very Mad

That's exactly what I was getting. I really don't see how hard it it would be to read the CSS. But then again, it might be cheaper to pay someone from a third world country.

Self-respect is for people who can pay the rent and can feed their children.

Posted: Sat Jul 25, 2009 9:46 am

jimmo wrote:

Self-respect is for people who can pay the rent and can feed their children.

Drug dealers, hit men, prostitutes, and child pornographers pay the rent and feed their children, but that doesn't make them respectable. And there are respectable jobs that pay as much as this or less.

Posted: Sat Jul 25, 2009 10:03 am

OK, as soon as RN 2.4 is out the door, this will be my top priority.

Posted: Sat Jul 25, 2009 10:13 am

Thanks! It's taking time away from 2.4 to clean up this mess...

Posted: Thu Aug 13, 2009 7:58 pm

search for a phpbb 2 hack called post remover you can remove all posts from a given username

Posted: Thu Aug 13, 2009 8:09 pm

I modified that for use with RNYA. It's integrated with the user search / maintenance function. Not sure if we should add it to RN, but if there is interest, we can.

registered · Posted: Fri Aug 14, 2009 9:08 am

This is probably a stupid idea, but since it just came to me and I have very control over my "tongue" today, what if we enforced something like a captcha for posting in the forums and after enough posts or points or ____ the captcha goes away? Or, maybe a moderator/admin gets to "promote" you if you are a good boy or girl. Just more thoughts.

Posted: Fri Aug 14, 2009 9:22 am

Not a stupid idea! See how something similar is implemented on clanthemes.com...

Posted: Fri Aug 14, 2009 9:44 am

Since a long time Captcha for forums posts exist. The problem in my opinion is people avoid such site. I also hate it to answer questions from the spam mod before I can post. So with such a mod installed you can really loose members.
I don´t need such things.Of course I don´t show profile, use the hidde mod and my site is clean since years. Thank you god! Smile

Posted: Fri Aug 14, 2009 1:17 pm

Susann wrote:

Since a long time Captcha for forums posts exist. The problem in my opinion is people avoid such site. I also hate it to answer questions from the spam mod before I can post.

That is definitely something I want to avoid. I already had people complain about certain NukeSentinel aspects, so I am really hesitant about making it worse. Plus, as Susann points out, people will avoid sites where it is hard to post. That adds insult to injury.

Gruß aus Coburg,

jimmo

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Jimmo wrote:

Yes, Raven, I know I can be one from time to time. Wink

Really? One of the advantages of memory loss is, well, memory loss Laughing

. To understand your comment I would need to review past posts and I just don't want/need to do that. From time-to-time we all can have a bad hair day Wink

. Btw, is the book any good?