Blocking Forum Spam

Submitted by michael on Fri, 02/02/2007 - 15:00.

On several sites I visit with forums, including one I developed, there seems to be a rising problem of spammers posting on the message boards. Now, obviously these can be really annoying as they'll often contain links to porn, illegal software, viruses, or other crap you would rather not have to deal with. To combat this problem on my own boards I am looking into different ways to block this malicious content.

There are a couple fairly basic and non obtrusive ways to start. First, much of the spam is posted via robots. Many of these robots target specific forum code, such as phpbb or phpNuke. Removing the "powered by" info and link from the footer foils many of these simple bots.

Another process I use that is mostly transparent to the user is blocklist. By banning IPs of known spammers (either from what I discover on the forum or from security sites) I can keep out the repeat offenders. To catch them quickly, I check an RSS feed pretty regularly and jump on any spam I find.

All this keeps things to a minimum, but some still gets through and seen before I can catch it. I am going over a couple options right now for even tighter security. First, while users are required to activate their account via an emailed link, I am considering adding post confirmation as well. This technique is popular on many blogs such as AutoBlog, but I would find it tedious to have to verify every single post.

The second option would be for a turing test. A Turing test is designed to make sure the user is a human and not a computer and most often takes the form of those obscured text boxes that you have to squint at and then enter the text you find, also known as a captcha. These can be difficult for even a savvy internet user with great eyesight. A fun alternative is KittenAuth, where the user has to click 3 images of kittens to continue.

While a captcha is probably the best way to go these days, I'd like to hear about alternatives. Part of the problem is that lashing these kinds of functionality onto existing forum code can be a rather large undertaking. I've been working with phpbb for a while, and making any sort of change, other then cosmetic, is always a week long project. That's something I'd like to avoid.