“Recent uptick in spam”??? OK, I gotta say this: I can’t speak to what Mollom did in the background, but it has done a PISS POOR job of preventing spam, as the site has been inundated with spam for SEVERAL YEARS now.
As a moderator who spends HOURS AND HOURS EVERY WEEK deleting spam, I haven’t noticed any remarkable uptick in spam. The only uptick has been in moderators deleting it, and conversation regarding it. The spam itself has been a problem for a very very long time.
Noted.
Bravo
Warning: there is a new “trend” among spammers to post a reply to an already existing thread, making them harder to spot. But they didn’t know they don’t call me “Eagle Eye” for nothing… I promptly deleted three of them this morning. Be on the watch, moderators!
Mods, are you able to block these users in addition to deleting the content?
Yes, but they’re back in a matter of minutes with the same name but one letter or numeral different.
Delete 50 posts from janedoe007 and delete the account, 5 minutes later 50 new spam posts from janedoe008
The trouble is the mods HAVE to delete this crap, BUT it tells the software (or the man sitting in a cave somewhere) that the forum is live and busy, which tells them its worth trying again! Server level IP block - that’s the way to go if you can, at least as a starting point anyway> Where is JaneDoe? china or russia i would guess, but could be various others. I would ban the whole damn country from registering!
I don’t think IP blocking is the way to go – as spammers can easily spoof IP addresses. I addition, my guess is these are not spambots but rather humans, mainly because you need to validate your email address when you register. I could be wrong there – the bots might be really advanced – but for now I suspect they are human spammers.
If that’s the case, the only defenses are things that make it uncomfortable or restrictive to spammers with the minimum of disruption to normal users. Some ideas:
The no links is a good one.
They are always filled with links.
I’m not all that tech savvy, so not much help to cure the problem.
Could make it a dollar or 50 cents a month to subscribe. Not sure how many active users there are. I believe there are tons of lurkers who don’t post.
I don’t think a time limit to first post would stop them. Most of these spammers are on here several times a day anyway.
Limiting number of posts per time period would slow them down. I suggest one post per hour max until moderators approval.
Domain specific questions on sign up sounds like a good idea.
“Automatically block users who get x number of flags”… heck, one spam and I delete the account. I probably delete about 5 - 20 accounts a day.
I think NO ONE should have the ability to post links, or post more than once an hour, until a moderator gives them that power. Over time all the regular posters would have it, and any new posters with genuine participation would get it, be a lot less work than what we’re doing now.
Any foreign alphabet (foreign alphabet, not foreign language) posts should be automatically rejected - no one understands them anyway.
A moderator’s page showing which posts and which accounts deleted and by whom would be a handy reference for keeping track of how much spam there actually is.
That combination would stop a lot of them, and the few who got past that would get deleted in short order anyway if they started spamming. The moderating “team” isn’t allowing any spam posts to get more than an hour old at this point.
One other feature that might help moderators track down spammers would be if you added another column to that “active” list that gave a shortcut to that user’s most recent post, if any.
will post this further down
Some good points here but you’re definitely underestimating the ability of software approaches. Believe me when I say 99.99999% of spam is automated. I know how it works. I have the software programs and have used them (not to spam) to learn how they work and how to fight them. I also used them in anger a few times to blast some known spammers and get their ISP to kill them off, haha, but that’s another story. And I am talking 8-10 YEARS ago, automated email verification was in full swing then, as was automated captcha filling in, etc etc. Here is the process in very brief…
Use Scrapebox (great tool, for other uses, finding sites for research purposes etc) to “Scrape” the entire internet for either keyword hits, or other criteria. This takes a few hours to get a list of MILLIONS of “target sites”. You then cut and paste that list into a spamming program (GSA SER is one, SE NUKE is another, MANY others). In the spam program, you set up email addresses or just go to fiverr.com and buy pre-verified gmail; accounts to look “genuine” as everyone knows gmail addresses are safe, yeah right!
So the spam program actually has an email program built right into it, so it can emulate the human response. I could even set the time between the email coming in, and how long to click the activation, not too quick as that shows you’re a bot. So I could wait say 15 minutes then hit the activation link (all automatically within the software). I can randomise through many different (thousands) proxy addresses so each one has a different address (Hence I take your point about spoofing IP addresses, which is a valid point, BUT banning certain countries IS still a very good way to chop spam down by a large degree, as most spamming rentable IP addresses are still in those countries).
You can then use a spinning program like TheBestSpinner or similar ones, to create a load of spam gibberish words which it scrapes off other forums you already scraped, it produces a random string of text (can be coherent if needed, its clever stuff) and that waits say 4 hours or 24 hours and then posts to a forum thread on the preverified account, and here comes the big point which JR made a very good comment about below - LINK. It’s all ONLY done for that ONE purpose. Swaylocks has good backlink power, it’s got authority and age in the search engines so a backlink from it can really help push a site’s ranks up. I would say most spam is more about ranking a site, than selling a product (directly from the post anyway).
I did start some research and never finished it, but here was my idea… there is one problem above, WHICH thread to post on? Well it can be set to randomly pull a thread, but the majority of SEO spammers know they want a CURRENTLY ACTIVE THREAD. I wonder if that’s why so much spam is hitting THIS thread, its near the top of the activity for the forum, so maybe thats why. I wondered whether a thread which is entitled “USERS PLEASE IGNORE THIS THREAD, ITS FOR SPAMMER DISTRACTION!” but which had a single character post put on it automatically every hour around the clock, I have a feeling that would attract all the spam directed at the entire forum. It’s just a theory, and of course a few random MANUAL spammers will not fall for it, but a fun idea anyway!
I would suggest a first RANK of users, so the rank you get when you first join, to be banned from links or posting images, limited to one post per day, and unable to PM other users, if that were possible within your control panel. That way, once a mod sees a newbie posting genuine posts, he can up his rank. Otherwise they are limited and never get out of that rank, never post a link, and their spam will fail. In time, this will make them remove the site from the spam lists, but bear in mind people are scraping the web daily for target sites and SL will constantly keep coming up as it is a good place to get a backlink, and you can’t change that.
JR idea - no replies as first post, if that’s possible that’s a great idea, as they never want to start a thread, only to get quick views from people already subscribed to an active one (most the views they care about are google spiders, and they visit active threads a lot more than old threads)
Domain specific questions is definitely a great idea and will do massive damage to their games
X number of flags - as Huck just said, that won’t work, ONE spam flag and they should go, a spammer never finds God and surfing all in one week 
Links - I would not ban links for registered members, it can REALLY destroy conversation and references to useful stuff etc, but I totally agree with banning ALL links from users who have not yet proved they are not a spammer, and basically ANYONE who chats about surfing and shaping, they are not going to be a spammer. If a manual spammer is clever enough to go to all that trouble, trust me you won’t catch them, they will build a 10 page thread having us all convinced they want to build boards, then they will mention a friend who sells these “widgets” and boom the link will go in without anyone batting an eyelid! If you spot it, good on you, cos most don’t (I frequented the spamming forums to learn the tricks, and manual spam is now the “only way to get a good forum backlink which won’t get removed”!)
Basically I learned everything there was to know about spamming 8-10 years ago, and it hasn’t changed, it’s just got more efficient. My own forum still gets hit by all this crap but some basic tricks (now I know how it works) killed off 95-99% of it. I now just have alerts to tell me if a user posts a link, and I skim the post and usually know from the username if its genuine or not, but if not, I might catch a sneaky sucker every few months who got in under the radar past all my defences!
Think like the software does, a click can be automated, a tick and even a captcha form can be automated (probably much better nowadays), BUT a manually written email on a specific subject, that can not be dealt with by software. Hope this helps. it certainly helped me, and took months to learn about.
Just a quick update. I discovered that email validation was NOT being required – meaning once you submit the register form, you are immediately enabled and active. UUUGH. Big mistake. Anyhow, clogged that hole.
Working on a couple more things and will keep you apprised.
Mike
Great stuff. Will definitely implement some of this and apprise this group as I go…
It should go without saying that we all appreciate the resource, and what we’re discussing at the moment is but a relatively trivial issue.
No I don’t agree that this is a minor matter. It has consumed a HUGE amount of my time and energy over the past few years. True the work is voluntary, but that’s not the point. Keeping the forum clean of spam and open to genuine discussion has been a priority to me, but if there are things that can be done to minimize the time needed to do that, it is no trivial matter, it is actually very important to me, to the other moderators who have been fighting this battle as long or longer than I, and to the forum itself, which would die quickly if allowed to be overrun with spam.
Just look at the old tree-to-sea forum at grainsurf.com - its gone. Killed by spam. Because of lack of response from the site owner some time back, I stepped away, gave my sayonara post, and quit moderating / deleting. In a few months the site was inundated, and shortly thereafter, gone.
I’m totally on this gentlemen.