I’ve provided a link to a pdf version of the presentation that I did at Londonvasion. If you don’t want to download the entire presentation, here’s a brief recap:
There are three different elements in the fight against spam, as outlined here:
- Prevention means being able to keep spammers from getting on your board in the first place
- Detection means being able to quickly identify and react to spam if it is posted
- Elimination means being able to easily and thoroughly clean up the mess that a spammer has left behind
In the prevention section I talked a good bit about the Checkbox Challenge MOD that I wrote, which regular readers of this blog are probably already familiar with. The statistics are quite astonishing, and are up-to-date as of July 19, 2008. Altogether the checkbox trick has prevented over 76,000 spam comments from appearing on this very blog. I also shared statistics about registrations on my largest phpBB2 board as well as a comment form. Those are three different bot targets (Wordpress, phpBB, and a file simply named “comment.php” which apparently is quite a target) but all have been successfully defended via the simple checkbox MOD.
In the detection section I talked mostly about my opinion that most MODs in this space are not appropriate. It is extremely difficult to write code that can detect spam 100% of the time, and there are people that have been trying to do this for quite some time. That’s why you get emails with random strings of words at the bottom; they’re trying to fool the anti-spam measures you might have protecting your email inbox. There are several MODs for phpBB2 that attempt to automatically detect and react to spam, but I submit that your best defense as a board owner is an active moderator team.
To than end, I touched on a number of features for phpBB3 that I think are quite appropriate and necessary in the ongoing battle. The “Report a Post” feature turns anyone on your board into a potential moderator, and that’s a quite excellent feature. I have added this to my phpBB2 boards as well. There is a moderator ability to send all posts from a single user to the “trash” forum in phpBB3 as well (something I wrote up as the Spammer Hammer for phpBB2) which makes it very easy to clean up after a spammer. But the bottom line is these are human actions rather than anti-bot scripts, and I think that’s where we will be in this area for quite some time.
Finally, in the Elimination section I talked about several types of spam scenarios, including:
- Users that register but don’t activate
- Users that activate but don’t log in
- Users that log in and post spam
- Users that log in and post “accidental” spam
The distinction between the last two is subtle… the first situation is easily recognizable as the user has posted something with dozens of links to cheap audio or medication web sites. They’re easy targets for the Spammer Hammer. The second scenario is when a user appears to be legitimate but maybe didn’t read (or understand) all the rules. In this case, the moderator team can use the user notes feature to mark the account. This means that if the behavior is repeated, it doesn’t take the same moderator to notice… any moderator can check the user’s history and see if they have a habit of rules violations. If they do, a temporary ban can be used rather than a permanent ban.
Ultimately phpBB3 provides a number of excellent features that help protect your board from spam. I am thinking that the Checkbox Challenge MOD should be my first entry into writing MODs for phpBB3.
So that’s it. If you want to see all of the details you can check out the pdf file linked above.