Introduction

There are many different ways to combat professional forum spammers and each board admin has to decide which method of dealing with them is best suited to his purpose.  All boards are different.

Never the less, there are a few basic mistakes that I see admins making over and over again, and these fall into the category of "Don't Give Them What They Want".

This page attempts to cover that category and explore some of the simpler ways in which we can fight back (without having to install loads of board modifications).  For far too long we have been on the defensive from these professional spammers, it's time we went on the offensive.

At the same time we have to be realistic about all this.  Spam is big business and we'll never stop them from attempting to attack our boards.  Whatever way we find to combat them, they'll find another new way to counter our defenses.  What we CAN do is make life hard for them, or better still, render their efforts futile.

This may seem like a silly heading, but from what I've seen on some boards, it's not so obvious.  Spammers are not just those who make lots of pointless posts, they often never post a single word.  They just register, put links to their websites in their profiles and signature, and then never return.  They may even have dozens of accounts on your board already.

Regular User:  This is the annoying little brat who posts regularly on your board, but posts a load of rubbish just to get his post count up.  To be honest I'm not interested in him.  It's up to the individual admin to decide what to do with this type of spammer, and it's not what this site is about anyway.  We're about professional and serial spammers.

Link Spammers:  These are the spammers who post simply to place links or images into their posts, usually pointing to porn or other offensive sites.  They are "usually" easy to spot and, more often than not, end up being banned.  Again it may seem obvious but the damage may already be done.   Their links have already been inserted into their profiles and signatures, which is all they want, so banning them has given them just what they want, links on other sites for better SEO results in the search engines.  There are thousands of banned spammers still sitting in board databases like this, and they are indeed happy little bunnies.  They've fooled you.

All an admin has to do to combat these is to strip out any links before banning them.  It's that simple.

Silent Spammers:  These are the sneaky ones, and are a little more difficult to spot.  They join the board just to place links in their profiles, but they never post, so often go undetected by the admins.  They don't always place their links straight away either.  They sometimes leave the profile "clean" to see if the admin has detected them, then come back about a week later to add their links.  If the account hasn't been deleted in a week then it's likely to stay there for a very long time.

Invisible Link Spammers:  The three examples above are pretty obvious, but I recently had a very devious spammer and it took me a month and about 50 posts to "cotton on" to what he was doing.  Even though I knew he was up to something on day one, it was still very difficult to spot just what.

One day while checking new members I noticed someone had registered three new accounts all with the same IP.  I immediately became suspicious, especially as they were all within an hour of each other and each one claimed to have come from a different part of the world.  Anyway, I decided to "let this one run" just to see what he was up to.

The next day he started to post and over the next month the three accounts had about 50 posts between them.  The profiles remained clean of links too, but something still wasn't right.  He never started a new thread but frequently answered other people's questions.  Now it's a "specialist subject" board so you need to be quite knowledgeable to answer questions.  His answers were always on subject, although often not very useful.  It was almost as if he was Googling the questions and pasting what he found as the answers.

Then one day I noticed there was something a bit odd with the formatting of his posts, so I checked one out.  And there they were, two transparent, 1 pixel by 1 pixel .gifs, with links back to his porn site.  Over the month he had managed to invisibly spam about 100 porn links on the board and I never saw them.

I had to give this guy 10 out of 10 ingenuity, but I still deleted his links and banned him.

Incidentally, the same effect can be achieved with smilies or even punctuation marks.  Spammers can link to offsite (or even onsite) smilies, instead of invisible images, and make them links to other sites.  Likewise, they can use something as small as a punctuation mark to create their links.

Did you know, a spammer never needs to make a single post in your forum in order to spam it?

Many forum administrators and moderators are all too familiar with the problem of blatant spamming by hit and run visitors to their boards.  However, most are completely unaware that they are also being "Silently Spammed".

The simplest way this happens is for the spammer to register as a member, and simply add links to their website inside their member profile.  The end.

If the forum is spidered by search engines, then the profile link will show as a backlink to the site in question.  That means that it benefits the spammer and helps promote their site.

That may not sound terrible in itself – until you realise that these links often go to any range of porn sites, incest sites, drug sites and penis extension sites.  Member profiles could even be linking to child abuse sites, and your forum could be being manipulated to promote them.

The scale of the problem should not to be underestimated either.

Many Silent Spammers have multiple web sites, and therefore will repeat offend on the same site, creating a string of membership accounts under various free and easy e-mail addresses, simply to create a myriad of backlinks to their main index pages, internal pages, sub-domains, etc.

Plus they also likely have more than one domain, and do precisely the same for each of them - even if these domains only exist as redirects.

And once your forum is used for Silent Spamming you can be assured that word will get around.  Likewise, if your forum renders their efforts useless, word will also get around, and this is where the next section "Don't Give Them What They Want" becomes important.

How Do They Do It ?

Although "real people" do sometimes sit there and register with forums in order to post spam links, these only account for a very small percentage of the total problem.  The vast majority of the problem is caused by a relatively small number of people using automated software.  Arguably, the most extreme of these is a software program called XRumer.

XRumer is a Windows program that posts forum spam with the aim of boosting search engine rankings.  It has been claimed that the program is able to bypass techniques commonly used by many websites to deter automated spam, such as account registration, CAPTCHAs, and e-mail activation before posting.   The program makes heavy use of a database of known open proxies in an attempt to make it more difficult for administrators to block posts.

In addition, the software can avoid the suspicions of forum administrators by first registering to make a post in the form of a question which mentions the spam product ("Where can I get...?"), before registering another account to post a spam link which mentions the product.  The side effect of these innocent looking posts is that helpful forum visitors may search on a search engine (e.g. Google) for the product and themselves post a link to help out, thus bolstering the product's Google stats without falling foul of forum posting policies.

According to The Register, the latest version of XRumer can defeat CAPTCHAs of Hotmail and GMail.  This enables the software to create accounts with these free email services, which are used to register in forums that it posts to.

Click Here to watch the video (created by Panda Security) of XRumer in action.  The video shows the program registering with over a 1,000 forums in less than 15 minutes.

Firstly.  As the Admin you owe it to your regular board members to take as many precautions as you can not to subject them to the abuse of these spammers.  As well as the obvious porn risks, these links often point to sites containing malicious code, viruses, spyware, malware and other nasties.

If your visitors catch a virus from one of these sites, all they will remember is they caught it from YOU.  After all, it was your site they visited last.

Think Like the Spammer

You'll never stop spam on your board until you understand what the spammer wants.  You have to think like the spammers to beat them.  What do they want?  Well that's simple, they want to place links into their profiles on your forum.  It doesn't matter to them if they do that as a Validating Member, a Full Member or even a Banned Member.  As long as they've posted the link, it can be read by search engine spiders and they've won.  Remove the ability for them to place those links and 90% of your troubles are over.  Again, the solutions can be remarkably simple.

1)  Don't allow "Guests" to post, or if you really must allow them to post, don't let them post links or images.

2)  Use a "Captcha" during the registration process.  I know many will say that modern bots can read Captchas, but it still stops a lot.

3)  Use "Email Verification" during the registration process.  Many spammers try fake emails first and won't be able to answer the verification mail.  This stops a lot more.

Now for the ones that do get through registration.

4)  Don't allow them to enter links into their profiles during the registration process, especially while they are in the verifying stage.  Remember, if a spammer has entered his link even BEFORE he has answered his verification email, he HAS STILL entered the link.  It doesn't matter to him that he isn't (or never will be) a member, he has already achieved what he set out to do.

5)  In fact, don't allow them to have ANY access to their profile during registration.  Check to see how much freedom you do allow them during registration.

6)  Put all successful registrations into a special "Newbie" group and don't allow that group to post links or have any access to their profile until they have posted 'x' number of proper posts.  Once the Newbie has posted the number of posts you chose as a buffer, he can be automatically advanced to the normal member group with all the permissions you normally attribute to that group.  If a new member is genuinely interested in your board, he won't be put off by this small precaution.

Personally, I use:

Newbies (totally restricted) for the first five posts (not even access to their profile).
Members (semi restricted) for the next fifteen posts (more relaxed posting, but still no access to the profile).
Advanced Members who have proved themselves and have full posting rights and profile access.

And if you add "posts must be validated by a moderator first" to the Newbies group, then you will have conquered pretty much ALL of your spam.

Banning Members and Deleting Offensive Posts

This has already been covered but it's worth a final mention.  If a spammer has already managed to place a link into a post or into his profile, it doesn't matter to him if you move his post to a hidden spam forum or if you ban him.  A banned group is still a member group of your forum and a hidden spam forum is still a forum (even if the public can't see it).  His links can still be read by search engine spiders so he's achieved what he set out to do, which basically is to fool you.

All you need to do to beat this final hurdle is to strip out any links from his profile before banning him.  The same applies to posts you want to keep, strip out the links.

Conclusion

An admin who leaves links in the profile of a banned spammer is as bad as the spammer himself.  Firstly, you can be sure that word will get around that your board is an easy target, which will only increase the number of spammers you have to deal with.  But worst still, by not stripping out the links you are helping to make it harder for the rest of us.

Admins have the ability to completely stop these link spammers and I have no sympathy for those who don't use that ability.  Link spamming will never stop all the time that you hand them what they want on a plate.

Comments