Sam Trenholme's webpage
Support this website

Forum spammers


September 4 2013

Even though the forum has only been up since Sunday, and only linked to since Monday, I have already had seven spammers attempt to register accounts. Here is how I stop forum spammers:

I have, from the get-go, set up the forum to not allow anyone to post unless I activate the account by hand. I started off handling the spammers by sending them emails asking for their real name. They did not reply to me, so I just deleted the spam accounts.

I turned on reCAPTCHA, but that didn’t stop them. It would appear there are spammers sitting in little sweatshops in front of a computer screen answering reCAPTCHAs all day so they can spam to forums.

So, the next step was to install the registration security module and put in a few custom common sense questions like "Name the president of the United States". That still didn’t stop them. Again, spammers are sitting in little sweatshops filling out these registration forums by hand eight hours a day, five days a week. (Note: If using this plugin, use the updated version I posted at the MyBB community.)

Finally, I added another defense: The Stop Forum Spam plugin. What this plugin does is check new registrations against a black list of spammers and block anyone who looks like a spammer.

A few minutes after installing this plugin, it already stopped spammers in their tracks; I saw in the logs a blocked registration.

I verified the filter worked by testing it from a Tor exit node, which was (not surprisingly) blacklisted as a spammer. The only issue is that there’s a bug where, in MyBB’s admin control panel, it says “Install and activate this plugin” even though the spam-blacklister has already been installed.

I will see how well these protections work over the new few days, but, so far, I am ahead of the spammers.

To post a comment about this blog entry, go to the forum (self-signed https). New accounts may post once I approve the account.