or manually with unscrupulous intentions with intent to get the spam in front of readers who would not otherwise have anything to do with it intentionally.
Types
Forum spambots surf the web looking for
search engine ranking
rather than target human readers.
Most forum spam consists of links to external sites with the dual goals of increasing
loans
, and generating more traffic for these commercial websites. Some of these links may contain code to track the spambot's identity so that if a sale goes through then the spammer behind the spambot can collect a commission.
Spam posts may contain anything from a single link to dozens of links. Text content is minimal, usually innocuous and unrelated to the forum's topic. Sometimes the posts may be made in old threads that are revived by the spammer solely for the purpose of spamming links. Posts may include some text to prevent the post being caught by automated
spam filters
that prevent posts which consist solely of external links from being submitted.
Alternatively, the spam links are posted in the user's signature, in which case the spambot will never post. The link sits quietly in the signature field, where it is more likely to be harvested by search engine spiders than discovered by forum administrators and moderators.
Since November 2006, a very destructive forum and wiki spam attack has been propagated by inserting into comments redirect domains with an automated posting script like
Zlob Trojan
. The spambot can often bypass many of the safeguards administrators use to reduce the amount of spam posted.
Effects
Spam prevention and deletions measurably increase the workload of forum administrators and moderators. The amount of time and resources spent keeping a forum spam-free contributes significantly to labor cost and the skill required in the running of a public forum.[1] Marginally profitable or smaller forums may be permanently closed by administrators.
Spam prevention
Techniques for avoiding, removing, and mitigating forum spam include:[2][3]
DNSBL
services.
Flood control forces users to wait for a short interval between making posts to the forum, thus preventing spambots from overwhelming the forum with repeated spam messages.
Registration control mechanisms used by forums include:
CAPTCHA (visual confirmation) routines on forum registration pages can help prevent spambots from carrying out automated registrations. Simple CAPTCHA systems which display alphanumeric characters have proven vulnerable to optical character recognition software but those that scramble the characters appear to be far more effective.
Textual confirmation is an alternative to CAPTCHA in which the user answers one or more random questions to prove that he/she is not a spambot.
Confirmation e-mails to registering users prior to allowing the user a first log in, either containing a site-generated password or an activation code/link.
Manual registration approval by administrators for each account.
Authoritative voice, using an external filtering service to get a verdict if the data is spam or not.
Posting limits on users, both to prevent flooding or to limit posting to certain users (e.g., registered users).
Registration restrictions include:
Denial of registration from certain domains that are a major source of spambots, or even domain extensions such as .ru, .br, .biz.
Manual examination of new registrants for several indicators. Spammers often delay email confirmation of several hours, while humans will confirm promptly. Spambots tend to create relatively noisy user names (e.g., John84731 or JohnbassKeepsie vs. John) in order to ensure uniqueness.
Using a search engine to investigate usernames for hits as recognized spambots on other forums.
Changing technical details of the forum software to confuse bots — for example, changing "agreed=true" to "mode=agreed" in the registration page of phpBB.[5]
Blocking posts or registrations that contain certain blacklisted words.
Monitoring IPs used by untrusted posters, like anonymous posts or newly registered users. A useful technique for proactive detection of well-known spammer proxies is to query a search engine for this IP. It will show up on pages that specialize in the listing of proxies.
Redirecting spammers to "spam subforums" to direct spam away from human users on the main site.
Disabling signature option.
See also
Spamming – Unsolicited electronic messages, especially advertisements