powered by Jive Software

Dealing with Spam

So now that the spammers have figured out how to hit this fourm, is Jive considering any options to deal with it?

Capatchas are popular, but anoying to real people. A one time thing for account signup wouldnt be too bad, though- would it?

What about DNSBL? I dont know if fourm spammers are using the same netblocks as the email spammers, but it might be worth considering.

Filtering? It would be interesting to see some sort of filtering done. Even the basic word filters could catch a lot, using a score based system like SpamAssassin would be better (it would be cool if you actually put real support in for SpamAssassin).

How about a “Report this as Spam” button and let majority rule? If more than 60% of the views of a message report it as spam, delete/remove the post. Or some other metric determined with imperical testing.

Of course, using a range of technologies makes the most sense. Since the spam problem has been tackled fairly well for email (though not universally implemented) I think you could employ some of those methods here.

I like the idea of a user having a spam score (not just the message, but the user). The spam score can be calculated like the Bayesian method with a common database, so the number of posts a user has is relevant. If your first post talks a lot about the stock market, those words weigh quite heavily agaisnt your spam score. But if after a few hundred posts you mention some stock item it only marginally changes your score. And for efficiency you could stop worrying about the score after a certain number of posts and just “whitelist” the user.

How are other public fourms dealing with this problem?

Hi Jay,

as far as I can tell other forums require a valid email address.

Other forums also have a policy which prohibits to post spam, this forum does not have one.

Other forums have more than one forum admin which care about the content.

“Report this as Spam” would be only a switch to turn it on, so it should be quite easy to enable.

I thought of a captcha and review before publish option similar to the blog replies for new users and the first n posts. If one could add normal forum users to the review group (some users which are often online and somehow trusted) and display this post for them then these users could mark the post as spam or legal, after three positive or negative reviews the thread should be made public or deleted.

LG

How are other public forums dealing with this problem?

I run a fairly popular public forum and there is no single thing that can be done. Most of the time a spam account doesn’‘t get reused so most measures should go to blocking the creation of new accounts. Please note that I use different forum software but I’'m just talking about techniques in general here.

  1. Capatchas for account signup. The better spam bots can usually figure these out but it helps a little.

  2. Requiring a valid email address for new accounts. Doesn’'t help by itself but cuts a lot of spam when combined with number 3.

  3. Email verification. When signing up a user must click on a link or enter a pass phrase that they receive in email. Some spam bots can overcome this but often the spammers get greedy and the inboxes get too full.

  4. Email ban lists. When combine with numbers 2 & 3 this can be very effective. Basically have the ability to ban email address or email domain and use regex/wildcards as part of the ban entry. Several free email providers that claim to offer free email accounts to help users avoid spam by having unlimited anonymous email accounts are actually mostly used by spammers. If you find the domains these sites offer and just ban them all you’‘ll see a drop in spam. And I know it won’'t be an option for all times but banning entire top level domains such as .ru really help a lot.

  5. Dynamically swapping the form input field names. Many spam bots just send in the HTTP POST for filling out the new account form without ever reading the form itself.

  6. Require Javascript and Cookies. A lot of spamming software doesn’‘t support Javascript at the moment so having the account creation require Javascript stops a lot of spams. This one really stopped a lot of spam on my forum and I didn’'t have to require existing account to have Javascript.

  7. Mods, mods, and more mods. No matter what you do some spam is going to get through. Appoint moderators that can deal with the spam. It hasn’‘t been a problem for me but make sure there is always a way for normal users to report moderator abuse, I’‘ve seen mods go a little too crazy with their privileges on other sites. If a site doesn’'t have active mods there will always be a spam problem.

Looking at the amount of spam in the forum the I come here to visit (smack) I’'d say that #7 just needs to be done. There are only a couple of pieces of spam, sometimes less then 1 per day but no one is deleting it.

I wish that more forum software was capable of running posts through spamassassin because I think that would help tremendously.

I’‘m not sure if it would work with the Jive forum, but what I did with our PHPBB install, was to add a session variable when the user loads the registration page, a timestamp is set. When the user submits the form and the page begins to process the form data, it compares the session variable to the current time’‘s timestamp. If the form took less than a given amount of time (ours is set to 5 seconds), then the registration is dropped. Since most bots submit data directly to the page and never actually fill any form fields, they never get the session variable. At the same time, their registration submission will generally be instantaneous. So far I haven’‘t had anymore bot signups on 3 different forums on which I’'ve added this to. Before there was an average of 4-5 daily…

I am a member of another developers forum, and run my own forum. The methods we have used to block spam to nearly 100% are:

  1. require activation of the account

  2. add cookies that expire with the end of each browser session, and require navigation from the main page.

  3. ask a random math question that needs answered before the submit button becomes active

With these three features my forum has gotten 1 spam in 3 years, and the developer forum has not had any.

  1. add cookies that expire with the end of each browser session, and require navigation from the main page.

This is not a good way, because it is not user friendly. Many users (like me) are always logged in, so they don’'t have to log in each time they want to take a look into this forum. You want to scare spamrobots, not users…

I have good experience with customization of a capatcha. We added some graphic filters (gauß, blur, …) to the standard phpBB capatcha. Just a few simple lines of code and we are spam free since two years.

A capatcha will only be hacked if it protects many forums. So if you are the only one who uses it, no one will give trouble to hack it.

Coolcat

You can several cookies per domain or site or whatever. I have one specifically to access the forums that requires you going to the main page of my site. The authentication cookie is completely separate.

Hi,

I don’‘t visit the main page to access the forum and I see no need to expire cookies at the end of a session (while I use this setting within my browser some users may don’'t like it).

Asking a random math question may be quite useless and will annoy users, one can always teach a bot to solve it.

As the spam problem exists as far as I can tell only for new users the registration process and post of the first threads should be taken care of. I see no need to apply the same anti-spam rules for well-established users.

LG

I don’'t visit the main page to access the forum

me too, I bookmarked the forum directly.

Coolcat

so attach the cookie to the main forum page. still stops the bots. all cookies have an expiration date I just set mine to expire with the browser session. many sites will not work without cookies enabled. how do you “teach” a bot to answer a random math question correctly?

The other option is creat a hidden field in the submission form. if any data is entered into the field the message is ignored. no human will see the field but the bot would and will try to fill it. But you need to combine measures to truely be effective.

Hi,

not sure if also other users report spam threads to JiveSoftware but I have the strange feeling that these reports are lost or ignored. From my point of view it’‘s very easy to delete an account and all his threads, so I wonder what’'s going on.

LG

Something surely needs done as there has been a significant increase in SPAM threads.

Currently 9 from the first 10 threads in Openfire Support are Spam! One of the admins should at least delete spam threads several times over day.

Coolcat

Seriously do something about the spam. At the very least this reflects badly on your forum software. You seriously need to enable spam controls.

Hi,

I hope that they fix this within the new community but currently it’‘s no fun to read through the available topics, so I’'m quite sure that the active usage and acceptance of the forum is already dropping.

LG

This is a classic case of negative advertising for the product Jive Forums. What is truely ironic is that it is their own product. You would think that they would be more proactive about eradicaating the spam. The spam issue would convince me to look elseware for a forum product.