Ideas for Ways to Limit Spam

[Andy]

Maybe this could be a thread to swap ideas on how to defeat the menace of spam?

When you use popular scripts for forums and blogs, there is a never-ending upgrade path to fix security flaws and bugs in the script. Spammers, obviously love these scripts since the code is open source and they know that 1000's of copies of the exact same code will be deployed all over the web. So they only have to crack one piece of software to exploit 1000's of sites.

So this is my suggestion for people using standard scripts:

Try and avoid any default settings such as directory names and thread names. My guess is that a spammer will test your site accepts their spam posts and leaves their script running with hard-coded data for insertion of the posts. So what you need to do is make your site work differently to the standard install and change things occasionally such as the name of the introductions thread or any thread subject to spam posts.

Most spam will be posted to the page that actually puts the post in the database, so if you are a programmer, you could change the name of the script page on a regular basis. Also, you can put your own custom filter code just before the code that updates the database, so it doesn't matter if some spam got past the usual lines of defense in the script. Then, when you block the spam, deliver a page that doesn't really help them diagnose what is going on e.g. an generic error screen or a login screen.

To detect spam, you can look at the status of the poster e.g. unregistered guest, links near the start of the post, repetition of key words.

For email, I tend to rely on online services such as Yahoo! But they seem incapable of detecting many spams even though I keep flagging them up as spam. A typical one is the Nigerian scam which must be easy to detect since it's normally mentioning large sums of money, "the late mr X", lot's of capital letters, Barrister Y etc. Maybe GMail has a better spam filter?

[Menard]

Since the forums I run are freely hosted, I am limited to adding any scripts to fight spam; though the providers usually update the scripts themselves on a current basis and I have access to the latest updates in the configuration.

The worst though is Yabb. The forum service I have is great (no ads at all, and free), but they (I should say he) don't keep up with updates and spam is a daily phenomenon, in multiples. All I can do is to ban ip addresses if there is more than one spam from the same ip, and just delete the rest. I could go to the 'admin approval registration' but that frankly strikes me as lacking any nads and is an inconvenience to any would be members. I just simply believe that if someone wants to run a forum , it is like anything else: it works best when the admin meets the needs of their potential users, and not when admins demand users meet their needs first. I have run across too many forums as of late where yo have to email the admin just to request access to the registration area, which must then be approved after that; no *bleeping* forum is that dang special.

This has been a very tame version of a rant I let off on my own forum which can be read here: http://www.dracoforums.com/thecage/YaBB.cgi?board=internet;action=display;num=1166985896 (Pardon my French)

One thing which would help tremendously is if people were not generally as stupid as they are (and I am not discluding myself from this category). How many times do you have to tell someone not to click on popups, don't open emails from people they don't know, and, especially, don't click on links in those emails.

A few pieces of advice for people in general:

*You are not going to win a lottery you did not enter.
*Warlords in other countries (or even your own) are not going to randomly ask someone in another country to hold their treasury for them.
*If eBay, Paypal, or your bank wants to inform you of something, they will do it when you log onto their sites, not through email.
*And this might hurt: You are not that special (you are receiving the same scams as everyone else and are not the odd man out who is actually going to find that mysterious piece of gold which eluded everybody else; so get over yourself)

Reiterating: the above advice is for those people in general who 'just don't get it' and keep clicking on popups and spam emails and fueling the very people (if we could even call these insects that) who are responsible for all the spam; if it did not work, they would not keep doing it, but there are enough falling for it (time and time and time and....you get the point....again).

One misconception (largely spread by people who have fallen for scams looking to make exscuses for themselves) is that all of these scams are new and new ones keep coming along every day. From the shell game of old (where ever you choose, the pea will not be there) to the latest phishing scheme to get your bank account number, the object of the game is to use misdirection and your money is going to end up in the same place; someone else's back pocket. It has been the same scam for decades and will continue to be the same scam, and the reason why is that people keep falling for it because they keep thinking that it won't happen to them this time. The more they keep falling for it, the more it is going to perpetuate.


Heh...I think I went off topic, at least a little.

Sorry if I got carried away.

[Andy]

Another techinique I use is to use an email forwarder for any subscriptions I make to newsletters etc. Then if my email is added to a spam list it is easy to block. But I think you need paid email/hosting to be able to create unlimited email forwarders. Actually, I get very few spams from emails I created this way so I guess it's not really a solution. The email spam seems to based on my website domain names and possibly from whois information.

p.s. Menard, I was going to post on your forum and got blocked by this message:

To post you must be logged in. If you don't have an account yet, please register.

This is a bit restrictive compared to my blog where people can immediately post/vent etc:

http://www.sitesugu.com/geekzone/47/

[Menard]

p.s. Menard, I was going to post on your forum and got blocked by this message:

To post you must be logged in. If you don't have an account yet, please register.

This is a bit restrictive compared to my blog where people can immediately post/vent etc:

http://www.sitesugu.com/geekzone/47/

Well, it's not a blog Andy, it's a forum. I originally required registration because there is a minimum age requirement to join the forum as adult content is allowed. Yes, I know people can lie about their age, but they can't say I didn't try. Even though the spam is bad enough with registration, it would be ungodly without it.