I’m sure I’m not alone in seeing this new spammer tactic… I called it delayed spam. How does it work?

A spammer registers on a board. They might not do anything for a while. Then they try to post something that looks legitimate, using generic language that could be appropriate anywhere. Stuff like:

You make some good points, please keep posting

I find your arguments compelling, can you link your sources?

Thanks, it helped me

None of those add anything to the discussion, but they’re not really spam. What happens next? The spammer goes quiet for a few weeks, hoping that the topics they have posted in will fade from the front page. Then they carefully go back in and edit their post. They might change the text of the post itself, or they might add a signature that wasn’t there before. They are relying on the fact that phpBB (and other boards as well) do not bump a post back to the front page if something is edited, only if new content is added.

Very frustrating.

So far I have not come up with a programmatic solution to the problem. I am working on code that will capture the edit history of a post and allow board moderators to revert to an original version, so that at least would let me prove how the spammer added their content after the fact. That doesn’t solve the problem, it just provides an audit trail should I decide to try to take action against the spammer.

A frequent suggestion at this point might be something along the lines of preventing someone from posting URLs or links until they reach a certain level of post. That doesn’t help either, as the spammers often have five or ten posts under their belt before they come back and edit. Plus it impacts the legitimate new users that come on board with questions that require links. It’s not my favorite concept.

So today what my moderator team does is a manual process. When we get a suspected spammer, they will do a web search for either their username, their email address, or both. If they find the same username on hundreds of different boards that’s a good indication they’re a spammer, especially if the user is recently registered on all of them. They can also pull up posts from the user on these other boards. If they look similar to what they’re posting on our board, that’s another indication. All of these steps are used to decide whether to preemptively ban the spammer before they spam, or decide to wait.

It’s all a manual process for now. So while I’ve been away from phpBB2 for a while because of other demands on my time, this has never really been far from my mind. I just haven’t come up with an idea that can be implemented in code versus a manual process.

Guess I should check in with the BB Protection folks, and see what they’re up to at this point.

The focus for the past several years for board owners has been to prevent (or at least have some easy way to ignore) spammer registrations. When spammers thought it was useful to have an entry on a board memberlist they were often satisfied with getting through the registration process. They didn’t bother to activate their account. As a result, one of the most popular (and fortunately very easy) MODs for discussion boards was to prevent inactive members from showing up on the member list. This is the standard configuration for phpBB3, no MOD required.

Spammers reacted by altering their process so they can activate accounts. (I as well as other board owners have seen a dramatic increase in use of gmail accounts for this, so clearly Google’s registration process has been cracked and automated as well.) Like many board owners, I would like to have a “clean” database. But it wasn’t a huge imposition to get spammer registrations. If they never posted, they were not a contributing member of my board but at least they weren’t getting in the way. I had a MOD that prevented board members from entering a web site until they had a minimum number of posts on my board, so at least I didn’t get a member database sprinkled with unsavory web links. There are also MODs available that prevent zero-post users from showing up, and for pruning inactive or zero-post users after some specific period of time. All of these were okay in their day, but are not as effective anymore.

I’ve posted many times about my Checkbox Challenge code. It has served very well in protecting my blogs, several phpBB boards, and even my comment forms from spammers. However I am starting to see some issues, and that bothers me. Why? Because the new spam seems to be coming from humans rather than bots. I don’t know how we can combat that. Spammers seem to be quite creative with their posting strategies as well. More…

A few weeks ago I had an interesting conversation with a woman from England who is doing a thesis on the psychology of online communities (discussion boards). During the conversation she dropped a phrase that I immediately stopped and wrote down so I could think about it further. Here is the basic question that was invoked by her comment:

What is the difference between recognition and reputation? More…

Well, this is what I get for skipping out of visiting phpbb.com for a while… I completely missed the announcement of Libertyvasion 2010 that came out last month. Now I have to go log in and see if there’s anything I can talk about this year. Last year I had fun pulling together a talk about board spam. I’ll have to see what I can come up with this year.

Definitely need to try to make it.

In the past I have done a number of tricks to celebrate today. One year I posted a very official looking press release stating that the board had been bought out and would no longer be a free resource. Another year I used to tricky CSS to flip the “off topic” forum upside down.

This year I used a suggestion from my wife… it’s evil. I will post what I did after today is over.

How about you? Any fun tricks to share?

I suspect that most folks running phpBB don’t get beyond the 5,000 member mark. Even fewer get beyond the 10,000 member mark, or three years of consistent growth. What happens when you get to that point and can’t afford to run your board anymore? Then it’s entirely possible for a board with over 100,000 members to simply disappear.

It happens.

I have posted a lot about the Adsense program over the past years, specifically related to advertising on phpBB boards. I currently do not use Adsense, but I did for many years. However I never relied on the revenues from that source to keep my board running. If I had, I might have ended up like this case study:

Warning to Webmasters: It can happen to you

The link contains a case study about Soccerpulse, a web site with over 100,000 members that closed up shop because their Adsense revenues declined and they could no longer afford to run the site.

I posted a question on Google’s support forums a few months ago (since they don’t seem to offer email support of any kind anymore). While waiting for a response, I have spent some time reading and at times responding to some of the questions there. One of the questions that I saw posted most frequently can be paraphrased as “How can I make more money” or something along those lines. I realize that many board owners probably aren’t using Adsense, but if you are, I thought I would post a few summary tips on this subject.

You can earn more money by:

• Generating more traffic
• Generating more clicks
• Getting higher-paying advertisements

I’ll talk about each of these at a high-level in this post.

More…

We have a topic on my board with the title “Please do not post in this topic”. Needless to say, this topic has survived for nearly three years, even in the “off topic” area where topics are pruned after 14 days of no activity. So lately I have been trying to have some fun with it.

First I added some javascript to the page (but only for that topic) that made the Reply and Quote buttons move away from the mouse. That made it impossible to click on the button, but you could still tab to the buttons and invoke the required code. Yesterday I switched the normal images for the buttons with the spacer.gif and sized it to zero by zero pixels, essentially making the button invisible. I also altered the tab index to -1 which according to a few sites I read makes the button disappear from the tab sequence.

Of course there are still several ways for folks to post in the topic. That’s sort of the point, to see how long it takes folks to figure out how to work around the challenges I have put in place. For example in the first version someone could disable javascript and the buttons would no longer move, giving them another way to click the button rather than using the tab key.

To continue the fun, I am looking for suggestions for other ways to challenge folks, and keep them from posting in that one topic. The key is there has to be some sort of loophole, as I’m not trying to completely lock folks out.

Any ideas?

A while back I wrote a post about Google Adsense where I discussed the mix of revenue between Adsense for Content and Adsense for Search. It included this graphic:

At the time I didn’t have a good explanation (or even a theory) as to why this was happening. As luck would have it, I’m now getting zero dollars from Adsense for Search and am still waiting for a response from Google regarding the matter. While trying to determine what the issue could be, I have been reading the support forums for Adsense. I saw a post that suggested why my search revenues were rising. More…

I haven’t been around here for a few weeks, and probably won’t be for the rest of the year. I’m closing out the books, getting some projects completed, and trying to prepare to relax some for the holidays.

See you next year.