The focus for the past several years for board owners has been to prevent (or at least have some easy way to ignore) spammer registrations. When spammers thought it was useful to have an entry on a board memberlist they were often satisfied with getting through the registration process. They didn’t bother to activate their account. As a result, one of the most popular (and fortunately very easy) MODs for discussion boards was to prevent inactive members from showing up on the member list. This is the standard configuration for phpBB3, no MOD required.
Spammers reacted by altering their process so they can activate accounts. (I as well as other board owners have seen a dramatic increase in use of gmail accounts for this, so clearly Google’s registration process has been cracked and automated as well.) Like many board owners, I would like to have a “clean” database. But it wasn’t a huge imposition to get spammer registrations. If they never posted, they were not a contributing member of my board but at least they weren’t getting in the way. I had a MOD that prevented board members from entering a web site until they had a minimum number of posts on my board, so at least I didn’t get a member database sprinkled with unsavory web links. There are also MODs available that prevent zero-post users from showing up, and for pruning inactive or zero-post users after some specific period of time. All of these were okay in their day, but are not as effective anymore.
I’ve posted many times about my Checkbox Challenge code. It has served very well in protecting my blogs, several phpBB boards, and even my comment forms from spammers. However I am starting to see some issues, and that bothers me. Why? Because the new spam seems to be coming from humans rather than bots. I don’t know how we can combat that. Spammers seem to be quite creative with their posting strategies as well. More…
I posted a question on Google’s support forums a few months ago (since they don’t seem to offer email support of any kind anymore). While waiting for a response, I have spent some time reading and at times responding to some of the questions there. One of the questions that I saw posted most frequently can be paraphrased as “How can I make more money” or something along those lines. I realize that many board owners probably aren’t using Adsense, but if you are, I thought I would post a few summary tips on this subject.
You can earn more money by:
- Generating more traffic
- Generating more clicks
- Getting higher-paying advertisements
I’ll talk about each of these at a high-level in this post.
More…
I don’t like most current CAPTCHA techniques. There is nothing that frustrates me more than trying to use a web site and being presented with this:
Yes, that is an actual CAPTCHA image that I was presented with. If anyone can figure out what that one is supposed to be saying, you have better eyes than I do. More…
After just cleaning up yet another gmail spammer (I so love the Spammer Hammer™ MOD, is one of my favorites 
) tonight I found myself wondering: Is it worth setting up an extra activation step for gmail.com accounts? More…
Not too long ago I participated in a topic at phpbb.com where the author was asking about blocking gmail email addresses. The general consensus from the community was that the board owner should not block gmail but instead rely on some other methods for blocking spammers. I don’t block gmail, but sometimes I would like to. In this post I think I summarized it best, saying:
hotmail, yahoo, gmail… any free email account is subject to abuse. Spammers are using the fact that board owners are, as you are, reluctant to ban gmail outright because it does have so many legitimate users.
Having said that, I decided it was time to go back and work through some numbers. Instead of guessing how bad the problem is, I wanted to get actual statistics to back up my claims. Anyone can say anything they want. 
Having numbers makes the claims more substantial. And graphs. Pictures are always good. The data used for this post is available as an Excel file for anyone to download and review (link at the end of the post). Here’s the summary:
Google: Your gmail system is borked. Fix it or risk it becoming irrelevant. More…
Will the battle never end?
Apparently not.
I have seen a new style of spam coming in on another blog that I have. Based on past experience, I normally expect the spam to include links to various sites that I have no interest in. These sites will normally promote things like products I don’t want (or need).
Lately, however, I have been getting spam comments that include links to “linked in” or other social networking sites. What’s the point of that? <sigh> The comments include anything along these lines (these are actual spam comments)
After reading through the article, I just feel that I really need more information on the topic. Can you suggest some resources ?
The style of writing is quite familiar . Have you written guest posts for other bloggers?
The topic is quite hot in the net right now. What do you pay the most attention to while choosing what to write about?
My friend on Facebook shared this link with me and I’m not dissapointed that I came here.
… and many more like this. The good news is that the comments were held in the moderation queue. The bad news is that these comments were all made on a blog that is protected by the checkbox challenge code that I use here. I have plans to go out and analyze the server logs to see if the comments were made by a human or a bot, based on time spent on the various pages.
Today I decided to check in on my “honey pot” board that I have running. I haven’t been there in a week or so but things were still humming along last time I looked. This time when I logged in I got a warning from my pop-up blocker. My initial reaction? I’ve been hacked. 
PM Spammers
It turned out that the real answer was much more benign… it was the notification of new private messages popping up. More…
Today I got my first spam that successfully navigated the Checkbox Challenge. It was caught by Akismet, which shows the power of a layered defense. On phpBB2 boards we have seen an increase in manual spam. Manual spam is really hard to defeat because it’s done by humans. On the other hand, it’s more expensive for the spammers too. I will be watching this closely to see how things trend over the next few months.
Google has a big challenge. Their blogger service is overrun with splogs. (And they don’t make it very easy to report them either.) Their web site search results have become polluted with people playing keyword and page rank games. And now their gmail service is being used to register spam accounts on phpBB boards. As of last month gmail is in second place for spammer registrations blocked by my Checkbox Challenge on one particular board. If I use only 2008 data gmail is essentially in a tie with mail.ru for most spam registration attempts.
More…
In the first post in this series I showed some data from my phpbb2 honey pot board that has been collecting spammers for several months now. One of the most interesting observations (as far as I am concerned) is the posting frequency. The posting bot would log on, post, wait 25 seconds, post a second time, wait 25 seconds, post a third post, and then log off for several hours. This behavior would repeat throughout the day with the same user account coming in from different IP addresses around the Earth.
I suggested that this behavior was an indication of “zombie computers” and since today is Halloween it seems a good time to finish the topic. 
More…
April 29, 2010
Comments (2)