Topic: How big a problem is spam

I was just curious about how big a problem spam was on people's punbb forums, esp the larger boards.

Is it an admin headache one should really plan for in building a pun forum, and does the conventional punbb registration process provide a sufficient obstacle to spam bots? Or is it really a non-issue.

What's the current conventional wisdom around here on the topic?

Re: How big a problem is spam

I have no problem with forum spam, but I don't admin big boards. However I don't see how PunBB could be less or more secure than any forum software.

Re: How big a problem is spam

If you turn on "Verify registrations" it shouldn't be too big a problem. Basically it means the user gets their password in an email.

Re: How big a problem is spam

Aha. So far so good.

So I guess no one has had experience of spambot attacks on a punbb board then, injecting 'pill link' posts etc.

If that is the case, that's reassuring.

5

Re: How big a problem is spam

I've never had problems with spam on my punbb forums either.

Re: How big a problem is spam

I doubt you'll have any problem as long as you don't allow Guest posting.

Re: How big a problem is spam

I had a couple problems with people thinking it'd be funny to "crack" peoples usernames (brute force attack using programs such as access diver), but it was easily solved with image verification on login. This is a very rare problem though, and not specific to punbb either.

One thing I would suggest is either adding image verification to password resetting, or make a limit so a user can only request a new password once a day. I had a problem with people auto posting a users email in the reset page, resulting in them getting mail bombed with reset requests (not good for the user, or for my server).

Re: How big a problem is spam

Reines wrote:

One thing I would suggest is either adding image verification to password resetting, or make a limit so a user can only request a new password once a day. I had a problem with people auto posting a users email in the reset page, resulting in them getting mail bombed with reset requests (not good for the user, or for my server).

That would be something for 1.3 or a mod/plugin?

Re: How big a problem is spam

lhffan wrote:
Reines wrote:

One thing I would suggest is either adding image verification to password resetting, or make a limit so a user can only request a new password once a day. I had a problem with people auto posting a users email in the reset page, resulting in them getting mail bombed with reset requests (not good for the user, or for my server).

That would be something for 1.3 or a mod/plugin?

I think 1.3 will deal with it, until then it's easy enough to do with a mod.

10

Re: How big a problem is spam

There is not much chance of image verification being a standard feature, not if I have anything to do with it.

11 (edited by Denver Dave 2006-05-16 15:40)

Re: How big a problem is spam

My experience with forum spam is radically different !  I noticed that several of the boards that I visit are using PunBB, so I thought I'd pay a visit.  I run several boards with another popular BB system.  Until this year, I would have had similar opinions to those expressed about forum spam.  However, this year things have changed.  My boards, like many others have had constant spamming. 

I encourage you to incorporate robust anti-spam measures into PunBB.

Current anti-spam measures that I have in place now on my boards - some requiring modifications:

(1) Image verification for registration - helps some, would like one that is harder to crack.  Also would like the option for image verification on posts.

(2) Memberlist does not list members with 0 posts.  If you have an option to sort by joined descending, you may find that spammers are in under your radar and using their website links in the memberlist to advertise porn sites, etc.  We do not list members with 0 posts and plan on deleting all members without posts once a month with a script.

(3) I have never allowed Guest posts.

(4) Tried user (email), none and admin authorization - user (email) seemed to work the best in my situation - admin would be better if you know the registrants.

(5) Admin notify on all new posts (probably should also have on replies) - each new post generates an email to 3 admins - the first one to be available checks out the posts and either replies if they have something to say or deletes the post if spam - we try to be fast and get the spam off as quickly as possible.  Would prefer to have an option to only notify for posts if a new or non-trusted member, but have not implemented this yet.

(6) Considering banning all registrations with .ru address, but have not done this yet.

(7) I really want an Easy De-Spam button where with one click on a post, an administrator can delete the user and all posts for the user.

With the above, we have made a definite difference in reducing spam, but I would have to say that automated and real people spammers are better at adjusting and getting on boards than I am at defending the boards.  Any additional ideas greatly appreciated.

If your message board has much traffic and does not have a problem with forum spam, consider yourself lucky and I can't help wondering if you and I must be on different planets - or maybe spam is on its way.

12

Re: How big a problem is spam

not all user with the .ru is spamming. i have serveral friends in russia.. so why block .ru?

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

Re: How big a problem is spam

As I indicated, I haven't blocked .ru and I'm trying the best to not to because I value participation from Russia.  However, with user (email) registration activation, I and others have noticed that many of the Spammers have .ru email addresses.  I do know that if very many boards block .ru that the spammers will just use another extension.

14

Re: How big a problem is spam

that kewl, just asking.. i know that spamming is becoming very bad... i go thru my list of user and ban or delete them..
im thinking of going back to the days of the old bbs system...lol. or just do a regular mail with a 35cent stamp....lol..newsletter system
hum... punch cards would not be a bad idea....

My stuff or my style might sux, but atleast I'm willing to help when I can.
Don't be stupid and help ! We are the stupid one's !!!

15

Re: How big a problem is spam

Denver Dave wrote:

(1) Image verification for registration - helps some, would like one that is harder to crack.  Also would like the option for image verification on posts.

The problem is that any such system has to be accessible including being accesible to those who cannot see the picture. That means it has to be backed up with a sound file and the whole thing becomes very complicated. While this my not be of any interest to those deploying PunBB on a hobby site it will be increasingly important to those using it in a commercial setting where accessibility is a legal requirement.

Re: How big a problem is spam

Good point on the accessibility.  Perhaps we could have trusted and non-trusted users where only the non-trusted get the image.

17

Re: How big a problem is spam

Denver Dave wrote:

Good point on the accessibility.  Perhaps we could have trusted and non-trusted users where only the non-trusted get the image.

Or maybe another non-image based approach to authenticating users and posts would be to use a form based approach where the input form buttons are randomised and the user has to then input a verification code using those form buttons.

Akin to the login page here:

https://olb.westpac.com.au/esis/Login/SrvPage

except with randomised key assignments on the 'keyboard' every time the page was generated, instead of standard QWERTY.

Someone applying to be a new forum user would get a confirmation email saying login to page X, using randonly assigned password punched in via the randomly assigned keys of the form-based 'keyboard'.

Would be reasonably accessible too, I expect, although I am not sure exactly how screen readers etc handle web forms.

Re: How big a problem is spam

If deterring forum spam was easy, we wouldn't be having this discussion.  The initial question was "How big a problem is spam"?  In my opinion the problem is huge, to the extent that as it continues to increase in volume and sophistication, spam will be fatal to boards like I run, which are open to the general public.

The solution is 2 steps:
(1) Totally eliminate the effect of the members without posts spam by not listing members without posts in the member list or in the newest member display.  This approach should be the default and should put an end to the member list spam problem.

(2) The spam battle will be in the area of posts with #1 above in place.  We certainly will do all the image verification, activation hurdles, required registration to post, moderator and admin post reviews which will keep a lot of spam out.  However, in the end, as with email spam, the spammers will post.  As in spam email, forum spam on my boards now exceed non spam posts.  I think a popular email spam approach may work with forum spam.  Have white list posters (have gained our trust), black list posters that we ban now, and we need a grey list poster designation.  There needs to be an option for Posts by grey list members who have not yet gained our trust to be placed in a pending file, hidden from the public, that can be reviewed by moderators and admins. The admin or moderator would then either allow the message to be made public or delete the member and all of their pending posts (hopefully with one click) if they are not appropriate for the board.

Comments?

Re: How big a problem is spam

So far I have not had any spam from bots, only the odd idiot here and there. But I am still quite new with punbb. I own vbulletin and get pretty regular spam on it.

!

Re: How big a problem is spam

I have a lot of spam in my forum. I have emailactivation validated...

I don´t know what to do anymore.. spammers are very active.. I ban and ban, but they sign up with new ip/email all the time. Wonder how they do it.. For me, it looks like robots.

21 (edited by hankwang 2006-06-25 22:53)

Re: How big a problem is spam

I thought my forum, being relatively low-traffic, and using the relatively obscure punbb, would stay spam-free for a while. No offense to punbb, but a quick google shows only some 624 sites with punbb having 12 or more threads (search punbb inurl:viewtopic inurl:id=12). Hardly a big target for spammers, I would say.

Too bad, after six months, I got a spamflood: 43 posts with links to medicine websites, each from a different ip address, all unregistered users. And two days later, again 43 posts. I put in a home-brewn captcha for anonymous posts and new user registrations, which successfully blocked another 158 messages over three spamfloods. All this within about 2 weeks.

So to answer the topic question: yes, I suppose spam is a problem.

I have a question about the claim that captchas hinder accessibility, and that that can become a legal problem. I put in a message that anyone having problems reading the captcha can contact me by email. Wouldn't that be enough?

Is there a place where I can report offending IP addresses?

Update 26 June: the counter is now 610 successfully blocked spam posts, in one month after installing the Captcha.

22

Re: How big a problem is spam

hankwang, spam is picking up, I've been getting hit lately also.

I had to disallow guest posting on one of my boards until I decide what measures to take.

23

Re: How big a problem is spam

Hi all,

until now , my punbb forum only had spam posts (only in answer) pretty often.
Since yesterday, i receive too topic spams from a guy using proxy to hide his ip adress to sell ringtones and viagra hmm

i'm going to install "Forbidden word spam blocker" mod with hope it will help ...

Good luck to board admins !

Re: How big a problem is spam

Spam is probably the biggest admin headache on my site (currently phpbb, switching to punbb soon).

Image verification on registration and using non standard variable names on submit forms does seem to stop the bots. However, some spammers do seem to have time to do manual registrations.

The most effective solution I've found is to have an active community of moderators who can quickly and easily move spam messages to a quarantine forum. When you're up against people and not bots, you need people to spot them!

To summarise, YES spam is a serious problem on big boards.

--Alan

25

Re: How big a problem is spam

Funny, I'm running quit a big vbulleting forum and have almost no problem with spam. Maybe because it's in Croatin with a Croatin TLD .hr or vBulleting just does a great job.

BTW, switch fast, I had the same problem with PhpBB, svitching to PunBB was a great thing. No more spam on my board...

http://www.info-mob.com/forum/ - Croatian forum only, don't bother if you don't speak Croatian :)