If you have ever run a blog, forum, or any other interactive site on the internet, then you probably already know about the great spam problem that there is. Not only do spammers bug us over e-mail, but also on interactive forms - where they post false topics, comments or replies, where the sole intent is to spread a website, or get google to rank a website higher in it’s search engine.

Stopping automatic registrations is easy enough. You can use CAPTCHA to make sure a remote user is a human. Also, confirming that an e-mail address is valid will pretty much ensure that you only have humans registering on your site.

But what about that person who is sitting at their computer, registering on your site, and submitted spam in an input area? Not only is it hard to detect when a person is spamming or not even if you are manually policing your site, imagine how a server would try to determine this.

The only sure-fire way I have found of keeping manual spammers out of your forum is a 3 step process.

1. Use CAPTCHA to ensure remote user is human
2. Confirm E-mail Address before allowing posting of comments/topics
3. Refuse to post links of users under a certain amount of posts

This way, spammers would need to invest quite a lot of time on a forum if they wish to spam it. The general idea is that if a spammer needs to spend too much time working at a location, they will move on to another site. Some administrators also think that adding a NOFOLLOW tag to links of all users who do not have a certain amount of posts helps as well. However, this still allows the posting of nefarious links.

An alternative to the “no link rule” is using a service to check all posted links, and see if they match the links that spammers have been reported as using. This system is used by wordpress in Akismet very successfully. However, in this case you need to rely on a 3rd party system to filter spam messages. Other blogs rely on plugins to perform these same tasks.

Does anyone have other methods they like to use to defuse spammers?

There appears to be an exploit in the wild which is automating the Cacti Command execution and SQL Injection Vulnerability [see Secunia alert 23528]. Via this exploit, any server running an older version of Cacti from before December 28th.

Of course it’s always best to keep your software up to date. Other tricks to keep your system secure:

• Do not use default directories. Instead of /cacti/, use /somethingcacti/. This will foil any scripts which find based on server IP and default location (scripts can still find via a search engine search).
• Run apache using mod_security - this will try to catch SQL injection and remote command execution
• Mount your temporary directory (usually /tmp) with NOEXEC flag. This will prevent any script kiddies who are able to exploit a vulnerability from running other programs from the /tmp directory that PHP usually dumps things to.

Let me know if you have any other tips like these!