How big a problem is spam (Page 2 of 3)

my spammers never used the same ip address.  I'd get about 10 spams a day on my site, and it would be the exact same messages from 10 different ip addresses. I had added a spam ban script that would automatically htaccess "deny from ip" based on message content but it didnt do much good at blocking them unless I banned on the first octet of the ipaddress.

hankwang, the problem with blacklists is that they become a chore to keep updated.

We were using a blacklist to combat spam in Nucleus and the traffic being generated to the blacklist caused the maintainer to drop support for it.

I think it will come down to a simple solution that takes into account all those visiting our forums. Captchas are out but there are others working on solutions as we speak, I think a spam extension is in order as soon as PunBB 1.3 comes out.

Some available solutions:

THaCAA - http://system-x.info/?pageid=18&menutree=47
HumanAuth - http://www.gigoit.org/humanauth/

I'm trying to explain that it is trivial to update my blacklist automatically due to the access patterns used by bots (no session keys, user agent, probably headers as well). Although I'm not sure I want to be serving out such a blacklist to all forums on the WWW.

THaCAA is trivial to beat automatically. Just download the package and you have a list of all questions. HumanAuth suffers  from the same accessibility problem as distorted text. Moreover it is a huge investment to create the image library and -relatively- easy to write a program that uses this same library to solve the questions.

I agree it is somewhat annoying. But it is the best trade-off up to now between how easy it is to generate them with a computer, how hard it is to solve them automatically, and how easy it is to solve them for a human.  And you only need to use it for new user registrations and anonymous posts. The alternative to me would be manual removal of those 800 spam posts I got over the last 6 weeks.

I've been working a lot with SOLR (which an online version of the lucene search engine) here at work lately.  its written by c|net, and for a java app, is actually pretty nice .  you update its index (in this case a blacklisted ip address) and query it over http / xml so it would be a really good candidate for a blacklist server.  our instance has like 100 million documents stored and runs at google speeds.  it would actually be a pretty negligible addition performance wise assuming the blacklist server stayed up.

Or how about this:

Hot Captcha: http://www.hotcaptcha.com/

Yeah, that's where I heard about it.

I've also had a problem where editing the Guest permissions so they can't post comments doesn't work.  I'm doing this in Administration -> User Groups -> Edit - Guest -> Post replies: No.  Is this correct?

I have guest posting turned on for my forum.  Three days ago I got hit by a spambot that posts 8 links per post.  I added a quick-fix for that particular bot with a counter, and the next day, my counter showed that 1,503 guest posts had been blocked!  I've been refining my blocker, and now prevent any hard links (that don't use the BBcode "url" tag) from working with guest accounts.  I'll see how that works.  If anyone is interested, I could post the code I have, as well as any other things I find out about the bots attacking my site.

Of course, this is only for bots, not people. 

Cool, but   it could keep people busy for hours.
Plus:
I just did 10 rounds on that  site and I failed only 3 times.
Is that good or bad?

I failed about 6 times before I was hailed as a human, maybe I've been out of circulation for too long

Close that thread, it's very common for bots to target a specific url.

My spambot visitor always tries to spam topics 10 and 12. As far as I can tell it never watches the result page because it has already tried some 1400 times in 2.5 months. All attempts were blocked by the captcha.

Would you be able to give me the links to thoughs mods.