We previously examined reasons why unpopular forums require so much effort. One of the reasons we gave is that an unmonitored forum is a haven for spammers and bots. If a forum doesn’t have much legitimate traffic, there is no motivation to monitor the forum 24×7. Spammers love unpopular forums because they are usually unmonitored which means they are free to swarm the community with their rubbish.
What we have learned over the years is that if spammers locate an empty forum, they will do their best to take over that forum. It might be a low-value target but it’s often an easy target. By contrast, we’ve found that spammers are less likely to have success targeting forums with extra security or if they know their content will be removed quickly.
One of the extra benefits of a popular forum is that it’s monitored by users around the clock. This is a huge advantage for a busy site because if (or, more likely, when) a spammer does slip through, legitimate users are on standby to flag and/or remove the content immediately. Unfortunately, unpopular forums lack this extra security “feature”.
It is difficult to defend against spammers because the most severe tactics make it more difficult for legitimate users to participate. That is why we strive to achieve a healthy balance between allowing users to converse freely and keeping spammers away. We welcome the opportunity to do the “dirty work” so that you don’t have to worry about spammers infiltrating your community.
Although spam bots pose a challenge to unguarded forums, the most insidious forum spam comes from human spammers who sometimes blend in at first by making legitimate posts before posting their spam.
Here are some best practices to defend against forum spam:
- Remove spam immediately, ban the offending account, and ban his or her IP address. If your forum is popular, you will attract the attention of spammers. On the bright side, a popular forum will have many active users that can flag and report spam which allows for the situation to be resolved quickly. In other words, eliminate the spam and grab the ban hammer.
- “Unique question” and/or CAPTCHA on registration. This step is less than ideal because it has a affects legitimate users. However, it only needs to be completed once and it is a well-proven method to keep spam bots at bay.
- Settings to prevent flooding. By putting a limit on the number of threads a user can post per hour, you can limit a rogue user’s ability to “flood” the board with his or her junk.
- Check the user’s IP against an IP blacklist. Web services like Project Honeypot and Stop Forum Spam perform a “background check” that can prevent users from IP addresses with questionable histories from joining your forum.
- Institute filter to judge content for spam. Web services like Akismet can examine the content of a prospective post or thread and assess whether or not it contains spam.
- Hidden field on registration form, only visible to bots. Spam bots that blindly submit web forms can be trapped by a form that contains hidden fields.
- Probationary period for new users. We avoid this step because it’s so detrimental to legitimate users but this option could be employed by a well established forum. In this case, a moderator could be required to approve the user’s first threads) and/or post(s). Alternatively, new accounts could be subject to a 24-hour waiting period before they’re allowed to create threads of their own.
- Application to join the community. Asking users to explain why they wish to join your community will help weed out spammers. This step will no doubt inconvenience new users but could be appropriate for a well established forum.
- Examine country-of-origin. In our experience, most forum spam comes from India, China, and Indonesia. It is possible to identify new user registrations from these countries based on their IP and ask these users to provide additional verification before activating their membership.
In summary, we believe the ideal approach to stop spam is to gather feedback about the user before he or she joins your forum. This feedback can come from the user’s behavior (Does it behave like a bot?), the user’s reputation (is his or her IP blacklisted?), or the user’s country-of-origin (Has this country sent spammers to you before?). If the nature of this feedback raises any doubts, then the prospective user should be subject to a more rigorous registration process. If a spammer does manage to slip by your security mechanisms then prompt removal of the content will dampen the spammer’s effectiveness.