October 3, 2006

How to combat spam on vbulletin forums

by Brian Turner

Forum spam – the problem

NOTE: This article was originally written for Security Watch: How to Fight Forum Spamming

Forum spam isn’t simply a problem for forum admins – it’s a rapidly expanding industry for spammers, and scammers.

Forum spamming can be done by human users – often cheap labour from developing countries – but more worrying has been the big increase in automated scripts abusing forums.

This article will deal with common ways to fight, block, and overall, conquer forum spam

Types of forum spam

Forum spam can come in many different shapes and forums. The most common include:

1. Advertising by new members

This can be a very grey area, but ultimately these members seek only to take from a community and give nothing back. The aim is to simply treat the forum as a free advertising board.

This can either be as direct marketing to existing members, or simply to drop links on the forums for Search Engine Optimization (SEO) purposes.

Sometimes you won’t even notice it – some forum spammers hide their promotional links in the punctuation marks, and others can link directly to an invisible gif from their website, which still helps funnel link juice to it.

2. Fake member registrations

These are very common and are motivated by the ability to include links to a website from the member profile. This again is for SEO purposes, as links form a significant part of search engine ranking algorithms.


Methods for combating forum spam

Now we’ll detail some of the key methods for combating forum spam.

NOTE: These should be applicable to most forum software platforms. However, we’ll especially focus on optimising vbulletin as it’s the more secure and serious forum platform.

1. CAPTCHA

Ensure you have a CAPTCHA on your registration form – in other words, a random string of letters and/or numbers that must be typed in to complete the registrations.

This is the first step in blocking forum spam.

Pros: This stops most simple bots from registering, and is a great first block on common forum spamming methods.

Cons: It won;t stop human forum spammers.

Also, there are forum spamming scripts out there that have been configured to beat them. How? The numbers and letter in CAPTCHAs often have unique file sizes, so a script with this information coded in can beat them.

Another con is an accessibility one – the visually impaired may especially have problems with CAPTCHAs. And let’s be frank – sometimes they can be difficult for ordinary surfers as well.

2. Email verification

Email verification ensures that members can’t post on the forum unless they use a real email address.

Pros: A huge number of bots can and do register on forums, but recently the majority of them have been tracked to use random email addresses. Therefore if they can’t verify the email address they register with, they can’t post to the forums.

Cons: It still isn’t a deterrent against memberlist spamming for link purposes, and won’t stop human forum spammers.

Also, ISP’s such as AOL are infamous for blocking email verification emails. So ensure you have a clear point of contact on the forums for members who find their email verification going astray.

3. Prevent new member links

An excellent plugin for vbulletin prevent new members from posting links according to a specific parameter, usually post count.

In other words, if you set the parameter on the plugin to “20 posts”, it means that new members cannot post a link until they’ve made 20 posts.

You can find the plugins here:
Forbid Users from Posting Links or Images if They Have Fewer than 15 Posts (NOTE: Only for vbulletin 3.5+)
Prevent Users With Low Post Counts Posting/PM’ing URLS (NOTE: Only for vbulletin 3.0.x)

Pros: This is an excellent way to prevent new member registrations simply to post link advertising on your forums.

Cons: It can be annoying to genuine new members linking to genuine third-party websites.

Additionally, some forum spammers add the URL without the http://, hoping they can get traffic from members pasting in the URL.

Worse still, some forum spammers will make “me too” posts in order to reach the required link count, then drop their ads. Combat this by ensuring a long delay between posts (ie, vbulletin Admin > vbulletin Options > Message Posting and Editing Options > Minimum Time Between Posts > 60) to make it least worth their while to do so.

4. Limit post edit time

Some of the more sneaky forum spammers will appear to post entirely normally.

Then, when the threads they posted in are no longer active, they return and then insert their links.

Prevent this by setting a time limit on the post editing function.

In vbulletin, this can be found here:

vbulletin Admin > vbulletin Options > Message Posting and Editing Options > Time Limit on Editing of Posts

Pros: Prevents backwards editing of posts by forum spammers.

Cons: If you make the editing interval too short, you can annoy welcome forum members looking to tidy up their typos. So try and make the time limit reasonable – ie, 30 mins.

5. Usergroup permissions

A few years back, forum signatures were really worth something for SEO purposes. They were extensively devalued in the fall of 2004.

However, for those looking for simple and easy links, forum signatures are easy tempation. So you end up with members joining and posting, and thinking only on the signature link benefits they may gain.

There are a few different options for dealing with this:

i) Disallow signatures entirely

To do this, go to:

vbulletin Admin > vbulletin Options > User Profile Options > Allow Signatures > No

Pros: Addresses the issue instantly

Cons: Some users are more active because they see signature links as getting something back – you could lose these people.

ii) Allow signatures only conditionally

There are a couple of different ways to allow signatures conditionally:

a) Method 1

Install the vBSEO Conditional Signatures – Search Engine Optimization Plugin
.

This will only display a signature when a member posts more than a set number of characters.

In other words, those who contribute most to discussions get their signatures with their posts. Thos who don’t – don’t.

Pros: Kills “me too!” posts for links.

Cons: Members may feel confused about what qualifies them to have a signature, creating a poorer user-experience.

b) Method 2

Use the powerful vbulletin member groups and permissions system to create two member groups – one for brand new members, and one for established members. Disallow signatures on brand new members.

NOTE: Membergroups and permissions are a very powerful but intimating aspect of vbulletin, so here’s how you do it:

Create a usergroup for brand new users who can’t use signatures:

- vbulletin admin > Usergroups > Add New Usergroups
- set permissions as “Registered Member”, but ensure “Allow signatures” is disabled.
- save

TIP: For the new member usergroup, disallow user of PM’s. This will stop PM spamming by new members.

Create a usergroup for established users who can use signatures:

- vbulletin admin > Usergroups > Add New Usergroups
- set permissions as “Registered Member”, but ensure “Allow signatures” is enabled.
- save

Now set up a Promotion – we’ll assume 15 posts required to have a signature link:

- vbulletin admin > Usergroups > Promotions
- Add New Promotion
- select user group as the first custom usergroup you set up
- Reputation Level: 0; Days Registered: 0*; Posts: 15
- Promotion Strategy: Posts
- Promotion Type: Primary Usergroup
- Move User to Usergroup: (select the second usergroup you created)

* Add a value here to require a post count AND a number of days registered before allowing signatures. WARNING: Can be very annoying for new members with a time limited involved as well.

That may seem like a lot of work, but it’s a more controllable and powerful method of limiting what newer members can do.

Pros: An effective way to reward active members with active signatures (with or without links), while preventing forum posting simply for signatures.

Also, can prevent advertising abuse of the PM system – such as by Nigerian scammers – by disallowing them access to the PM system.

A general more powerful method of addressing the issue.

Cons: Can again be annoying to new members if they expect to see signatures. Expect to have to answer member queries explaining why you’ve limited signatures, and how to enable them.

5. Conditionals to combat memberlist spamming

A number of scripts sign up to forums simply to place an active link in the member profile field. This is memberlist spamming.

Again, there are a couple of different ways to address this:

i) Remove Home PageLink from the Member Profile

To do this:

vbulletin admin > Style Manager > Style Manager > Expand Templates (click the << >> button) > Member Info Templates > MEMBERINFO

Delate the following section:

Pros: Removing this removes all benefits sought by memberlist spammers
Cons: It punishes regular members by not allowing them to link to their own website/blog, etc.

ii.) Block search engines from reading member profiles

This is a simpler method that allows human users to view member profiles – but blocks the search engines from seeing them.

To do this, create a file named “robots.txt” in your forum root folder, then add the following:

User-agent: *
Disallow: /memberlist.php

Pros: This completely invalidates attempts at memberlist spamming

Cons: It doesn’t actually stop it

6. Block common offenders

Some forums spammers – whether advertising in the main forums, or memberlist spamming – use the same email addresses and IP.

You can keep track of commonly observed ones at Security Watch’s Forum Spamming alerts, which provides details on email addresses and IP’s being used in major forum spamming campaigns.

7. Censor common offenders

Sometimes you’ll find certain forum spam campaigns involve multiple users promoting the same website.

Accoona and SubmitYourArticlesNow are particularly good examples of aggressive forum spamming campaigns using multiple new registered users to advertise/link drop a service.

Simply add common offending domains to the list of censored words on your forum:

vbulletin admin > vbulletin Options > Censorship Options > Censored Words

then add the domains in question to the box.

Additionally, there is an increasing amount of forum spam coming from electronics scams.

This involve a new member posting offers (often across multiple boards) for electronic goods – commonly mobile phones or XBoxs – far cheaper than normal retailers.

Free email addresses are usually offered as a contact point.

The point being, hand over money and you’ll never see the goods.

In which case, it’s worth considering censoring the following email domains commonly used by these email scammers:

@hotmail
@yahoo
@gmail

6. Human moderators

Ultimately, whatever options above you implement, you will always face some degree of forum spamming in your forum.

While the options above can help prevent, block, or invalidate attempts to forum spam your boards, there’s no better substitute than active moderators on your forums.

The fact that you have trusted people on your forums regularly means that forum spam posted to the public boards can be quickly and easily dealt with.

Of course, building a good moderator team isn’t always easy, but a number of tips and recommendations were posted previously on Platinax: Choosing Forum Moderators.

Discuss this in the Internet Business forums

Story link: How to combat spam on vbulletin forums

 

Leave a Reply




 

Previous: «
Next: »

Visited 159317 times, 124 so far today

Posted in: Webmaster