If you have ever run a blog, forum, or any other interactive site on the internet, then you probably already know about the great spam problem that there is. Not only do spammers bug us over e-mail, but also on interactive forms – where they post false topics, comments or replies, where the sole intent is to spread a website, or get google to rank a website higher in it’s search engine.

Stopping automatic registrations is easy enough. You can use CAPTCHA to make sure a remote user is a human. Also, confirming that an e-mail address is valid will pretty much ensure that you only have humans registering on your site.

But what about that person who is sitting at their computer, registering on your site, and submitted spam in an input area? Not only is it hard to detect when a person is spamming or not even if you are manually policing your site, imagine how a server would try to determine this.

The only sure-fire way I have found of keeping manual spammers out of your forum is a 3 step process.

  1. Use CAPTCHA to ensure remote user is human
  2. Confirm E-mail Address before allowing posting of comments/topics
  3. Refuse to post links of users under a certain amount of posts

This way, spammers would need to invest quite a lot of time on a forum if they wish to spam it. The general idea is that if a spammer needs to spend too much time working at a location, they will move on to another site. Some administrators also think that adding a NOFOLLOW tag to links of all users who do not have a certain amount of posts helps as well. However, this still allows the posting of nefarious links.

An alternative to the “no link rule” is using a service to check all posted links, and see if they match the links that spammers have been reported as using. This system is used by wordpress in Akismet very successfully. However, in this case you need to rely on a 3rd party system to filter spam messages. Other blogs rely on plugins to perform these same tasks.

Does anyone have other methods they like to use to defuse spammers?

  1. I do not use CAPTCHA because visually impared persons have trouble using captcha. The images are not easy for their braille readers to interpret.

    I have made great success against the spammers by modifying my forums using php. I have added logging and reject users based on IP and other criteria I have found to be common to spammers.

    I would always think twice about using CAPTCHA.

  2. That is true – but sometimes CAPTCHA is necessary to block spammers. On smaller sites, such as this one, I do not have CAPTCHA – WordPress’s Akismet spam filter catches about 99% of the spam that people submit, and I just delete the rest manually.

    As a site becomes popular, you get more and more spammers and that 1% can be a significant number.

    CAPTCH algorithms can be set to also use audio, for those who are blind. See http://www.captcha.net/.

  3. Hello Everybody

    Just wanted to share my new experience.

    If your system denies to run due to an error corresponding to lost HAL.DLL, invalid Boot.ini or any other critical system boot files you can fix this by using the XP installation CD. Just boot from your XP Setup CD and enter the Recovery Console. Then launch “attrib -H -R -S” on the C:\Boot.ini file and delete it. Run “Bootcfg /Rebuild” and then Fixboot


  4. Hi. I on numerous occasions be familiar with this forum. This is the oldest together undisputed to ask a ridiculous.
    How multifarious in this forum are references progressive behind, disingenuous users?
    Can I depute all the advice that there is?

Comments are closed.

You May Also Like

Postfix queue tools

Here are a few handy items for Postfix email server users: 1.…

How to Stop an Apache DDoS Attack with mod_evasive

The first inkling that I had a problem with a DDoS (Distributed Denial of Service) attack was a note sent to my inbox: lfd on server1.myhostname.com: High 5 minute load average alert – 89.14 My initial thought was that a site on my server was getting Slashdotted or encountering the Digg or Reddit effect. I run Chartbeat on several sites where this occasionally happens and I will usually get an alert from them first. A quick look at the Extended status page from Apache showed that I had a much different kind of problem.

Printing to a shared printer from DOS

If you or your client is using an old-DOS based program to…

HOWTO: Installing ZFS and setting up a Raid-Z array on Ubuntu

Readers should note that this applies to Ubuntu 8.10 Intrepid Ibex only!…