tags:

views:

159

answers:

5

I want to avoid spammers putting advertisements and curses [into a forum]. What is the best way to do it? Is a 'captcha' a good way to do it with 100% reliability? Is blocking IP addresses a good way?

+3  A: 

There is no 100% way. Your only hope is to combine a bunch of methods, and monitor your site manually because somebody is going to find a way around all your methods.

Paul Tomblin
A: 

There are plenty of automated tricks; enter "forum spam prevention" in Google and you'll get lots of reading material. But Paul's right: there's simply no substitute for human moderation. The best the automated tricks can do is keep the volume of spam down to a manageable level for your moderators.

BlairHippo
+1  A: 

Implement the feature for other users to report abuse. After maybe 10 reports hide the message, after 50 reports in common block the user. Only allow proven users (maybe registered for 30 days) to file reports.

The only way to deal with that kind of abuse is human intelligence combined with a critical mass of participants to overcome "bad guys".

User
A: 

One subtle method to layer on top of message blocking is to not block the message for the original poster. The poster will think the vandalism/trollery is getting through, but that nobody really cares.

Jim Ferrans
+1  A: 

I have found that a combination of the following works well:

  • Moderation. You will likely never be lucky enough to prevent 100% of undesirable content
  • Moderated account activation. Although this requires input from you or another moderator, it prevents opportunistic hackers from doing 'drive-by' defacements. You can also review their profile to see if they've included marketing links as their homepage/signature etc. I've caught a number of spammers attempting to register in this manner
  • Replace built-in (vulnerable) captchas with recaptcha
  • Disallow disposable email addresses. There are quite a few of these domains from companies like 10minutemail. If you're looking to attract repeat visitors, nobody should be using a disposable email account
  • Ban IP addresses, not usernames. If you encounter a spammer, ban their IP address to prevent re-registration. There is support in phpBB and other popular forum software for this
  • Use the keyword censoring facility of your forum if present. This is especially useful for preventing curse words if you're running a family-oriented forum. Again, I know phpBB has this feature either in-built or available via a mod
  • Disallow posting of links until the user has posted x number of messages (usually 1-5). Most spammers are opportunistic and will move on to an easier target. Alternatively, enforce moderation for their first message (and don't tell them this beforehand!)
  • Keep track of your active users. Deactivate old users who haven't contributed for, say, 12 months. You can always reactivate them if they request it

Note that none of the above really tackles the issue head-on, which never really works. I believe it's better to manage the users before they post rather than clearing up after them.

Best of luck with your solution. Moderating a forum can be very rewarding, even if undesirables can make your life hell at times!

Dave R.
If you ban an IP because of one bad user, congratulations, you've just banned AOL's proxy server or something similar and now you've got no users left.
Paul Tomblin
@Paul - AOL uses the X-Forwarded-For header, which includes the actual IP address of the home user. AOL's proxy implementation was widely criticised before this was introduced for just the reasons you mention.
Dave R.
Dave R.