Documentation

Fighting Spam

Introduction

Forum spam is a problem common to all popular forum software. Forum spam is caused by automated software (referred to as “spambots”) that visits forums with the sole purpose of registering many user accounts and/or posting massive amounts of messages. These messages often contain links to commercial websites, phishing websites or even malware.

There are two ways in which spammers will try to promote their website through your FluxBB forum:

  • Messages: the spambot will try to post messages throughout your forum with commercial or malicious contents, often with links to a website. Sometimes the content of the message will actually seem like a some-what valid response, however a link to a commercial or malicious website is always included. The goal of the spammer is to trick your visitors into clicking through to their website, and thus sell products.
  • Profiles: each forum user can specify a website in their profile. This information is visible on the user profile page. Some spambots create user accounts without ever post messages, yet add a website url to the user profile. This type of spam is not directly aimed at having your visitors visit their website. Instead its goal is to improve the relative importance of a website as perceived by search engines by creating many incoming links to their website. While this form of spam is relatively unobtrusive, it will pollute the system with unwanted user accounts and may actually decrease your website rank in some search engines.

Counter-measures

In almost all cases the spamming process is completely automated. Most counter-measures therefore add functions to FluxBB that make it easier to distinguish human visitors from spambots. Below we will describe a number of counter-measures that you can take to prevent spam in your forum.

Forum options

There are a number of options within FluxBB that can significantly reduce the amount of spam on your forum.

Require registration

The most obvious measure is to require visitors to register a user account before they are able to post messages. This is the default in FluxBB.

Require validation of e-mail address

Many spambots are able to fill out forms, making it fairly easy to create new accounts. However these bots will often fill in an invalid e-mailaddress during registration. By requiring confirmation of the e-mailaddress before activating the user, the spambot will be unable to post messages. To enable verification, log in as administrator and:

  • Click 'Administration' in the top menu
  • Click 'Options' in the left menu
  • Scroll down to the section 'Registration'
  • Select 'Yes' for the option 'Verify registrations'

Setup group auto-promotion

There is a feature in the core that will promote users to a new group after a certain number of posts. This means that a “new member” group can be set up, and they can be promoted to “member” after a certain number of posts (for example five). There is also a feature to disable links in posts and profiles for specific groups, so new members can't post links.

By combining these two features, you can create a system that prevents new users from posting links, essentially taking away the primary motivation to engage in spamming activities.

More details on the setup guide.

Modifications

Bad Behavior

The Bad Behavior mod uses Bad Behavior, a HTTP fingerprinting technique. It analyzes the requests coming to the webserver and blocks users that appear to be malicious.

Project Honeypot

The Project Honeypot mod uses the Project Honeypot blocklist to block users that are known to spam.

reCAPTCHA

The reCAPTCHA mod offers an easy way to integrate the Google reCAPTCHA service into your forum. reCAPTCHA leverages CAPTCHAs for good: it offers CAPTCHAs as a way to block spammers and uses the user input to digitize books and newspapers.

StopForumSpam

StopForumSpam maintains a database of known spammers and their information. This database is especially useful for human spammers, since these can't be blocked by the other methods described on this page. Although there is no official FluxBB modification that supports StopForumSpam, code for integration into FluxBB is available.

Very Simple Anti Bot Registration

The Very Simple Anti Bot Registration mod offers a very simple solution to block spammers: it asks simple math questions as a way to separate spambots from human visitors.

Anti-SPAM tool

The anti-SPAM mod puts a hidden password field on the registration page, and blocks all registrations that put content into that field.

Frequently Asked Questions

How did the spammer find my forum?

Often spammers will use search engines to find their target websites. Many search queries are possible to find specific forum software. Some examples are queries for parts of urls or standard headers and footers (like “Powered by FluxBB”).