One of my other blogs had been hit and hit hard by spammer comments advertising headphones. This morning I noticed this one here on this blog:

That’s specifically aimed at human-powered paid-to-comment spam. I would rather already have excellent-quality comments than the next quantity of comments.tour headphones Sadly, I’m nonetheless getting an awful lot of spam comments (what’s up, Akismet?), so I think it’s time to install some additional defense layers.

The words “tour headphones” were a link, of course. Subtle, it was not. But I found it extremely ironic and ultimately amusing that the comment itself talked about spam. If you pick a few phrases from that comment you’ll find the exact same thing on other blogs / boards as well, or at least I did when I searched.

I’ve decided to contact the headphone manufacturer directly and let them know that I will never buy their products. Ever. Might not change anything, but it will make me feel better.

Oh, and I added specific code to my anti-spam process to look for this particular type of link.

I have had a couple of requests now for Tapatalk or something similar on my board. The Tapatalk application does not currently support phpBB2, but iPhone / Android support is becoming more of an interest to folks. Tapatalk is not a template or theme, it’s an application designed to interact with a discussion board (they support phpBB3 as well as several others).

I have to admit that I find this to be a far more intriguing idea than a mobile template. The folks behind Tapatalk offer a free API that would allow developers to extend the app to different forum systems. It would be interesting to see if anyone is currently working on phpBB2.

Tapatalk

I’m registering on their “Forum owner” area and will see what things look like.

Wow. Just. Wow. It’s been so long since I’ve posted here, I’m wondering if it will echo when I publish this?

Things have been really busy in real life, which I suppose goes without saying. I have two boys that are growing up and going through cub scouts and sports and school and everything else.

Yet, here I am. I am back to reconsider whether I need to upgrade from phpBB2 to phpBB3 for my main board (which as I write this is very close to collecting it’s 700,000th post, and is running almost one million page views a week). I am back to see if I can figure out how to integrate FB “likes” into my board, and how to allow folks to add Linked-In to their profile. That last one, at least, should be easy.

Things have been humming along quite nicely, although the spam frequency has started to go up. Seems that my Checkbox Challenge is either less of a deterrent, or human spamming is on the rise. For that, I guess I need to look at my server logs and see how long those folks are taking to get through the registration process. Fortunately there is still no answer for the Spammer Hammer, which makes it easy for my moderator team to quickly and easily eradicate all traces of the spammer from the board.

And gmail? Is it still the number one source of spam attempts? It would be interesting to check. I have not looked at those statistics in months (years?).

And I missed Libertyvasion. I had intended to go, but all of a sudden August was here and I had not made any plans, so I stayed home. I have watched some of the sessions posted to Youtube, and it did look fun. I will hopefully be ready for the next one. Anyone know when / where that will be?

A few weeks ago I stopped being able to log in to my phpBB2 boards from work. Ha. Did they think that would stop me from wasting time?

In all seriousness, my main board is directly related to what I do at work, so there’s no reason for them to have blocked access to the site. And they didn’t, at least not on purpose. What happened was the IP configuration for our proxy load balancers got updated in some fashion. Now I don’t work for the network team so I don’t know exactly what configuration was changed and where. But I can tell you that instead of the last octet of my IP address potentially changing as I move from page to page, now the last two octets are changing. And that’s causing a problem. More…

Note from author: ironically I started writing this well over a year ago. Given the amount of attention given to this web site for the past year+ it seems to be a good point to finish and release the post.

I read a great article a few years back that – at least to me – had come up with a great term to describe dead web pages. Any page – blog, board, or otherwise – that had not been updated in quite some time was called a “cobweb”. I found it funny.

Tonight I was browsing my way around the blogosphere and happened upon a blog that I have not visited in over a year. Guess what? No updates, not one, in that entire time. But it gets better… in this particular bloggers blogroll (a list of blogs that this blogger, at least in theory, has some interest in) not a single one of them had been updated in over a year.

I currently maintain five blogs. This one has been running for several years. My first blog is just for family members and has been running since December of 2004. I have a blog related to my professional work which has been very active and in fact has been quoted in industry magazines. I have a photography blog that seems to be last on the list for updates, and I have a “manly” blog which is where all of the “cool gadget” posts have moved to rather than being posted here. Do I update all of them all of the time? No, unfortunately I don’t have the time. But I do try to update those that seem to have an audience (as made evident by the fact that there are comments on posts).

Why is this important? A blog, like a discussion board or any web community, needs to have a pulse. The pulse can be slow as long as it’s regular. A blog that does not have regular updates, or a discussion board without community involvement will soon die.

Not long ago I was chastised for not logging in to the phpBB2 Refugees site for quite some time. As a member of the community it should not be important that any single person logs in every day. At least that’s my opinion. However, as the administrator / owner of the community, it was a problem. There were a number of spam posts that had built up and I had not taken the proper steps to select a team of moderators. That, certainly, was a problem. I felt like the board activity was low enough that I didn’t have to check in every day. Every day became every other day, which became once a week, which became one a month, which became… well, not much. I had created a contact form, but the contact form went into the moderator private forum on the board and to an email address that I forgot to set up when I moved to a new server. So that didn’t do much good.

Long story short, there were (quite understandably) some upset members on the board. I get that. As such, I have taken the following steps. First, I promoted a regular member of the board (who I have known via this blog and the phpbb.com community for a long time) to a moderator. Second, I set it up so the email notification of spam works again. Third, (actually I did this first) I logged in and cleaned up all of the spam using the Spammer Hammer. And fourth, I have logged in more regularly on that board and have tried to start writing on this blog once again. We’ll see if it lasts, or if it’s a momentary disturbance in a cobweb.

I’m sure I’m not alone in seeing this new spammer tactic… I called it delayed spam. How does it work?

A spammer registers on a board. They might not do anything for a while. Then they try to post something that looks legitimate, using generic language that could be appropriate anywhere. Stuff like:

You make some good points, please keep posting

I find your arguments compelling, can you link your sources?

Thanks, it helped me

None of those add anything to the discussion, but they’re not really spam. What happens next? The spammer goes quiet for a few weeks, hoping that the topics they have posted in will fade from the front page. Then they carefully go back in and edit their post. They might change the text of the post itself, or they might add a signature that wasn’t there before. They are relying on the fact that phpBB (and other boards as well) do not bump a post back to the front page if something is edited, only if new content is added.

Very frustrating.

So far I have not come up with a programmatic solution to the problem. I am working on code that will capture the edit history of a post and allow board moderators to revert to an original version, so that at least would let me prove how the spammer added their content after the fact. That doesn’t solve the problem, it just provides an audit trail should I decide to try to take action against the spammer.

A frequent suggestion at this point might be something along the lines of preventing someone from posting URLs or links until they reach a certain level of post. That doesn’t help either, as the spammers often have five or ten posts under their belt before they come back and edit. Plus it impacts the legitimate new users that come on board with questions that require links. It’s not my favorite concept.

So today what my moderator team does is a manual process. When we get a suspected spammer, they will do a web search for either their username, their email address, or both. If they find the same username on hundreds of different boards that’s a good indication they’re a spammer, especially if the user is recently registered on all of them. They can also pull up posts from the user on these other boards. If they look similar to what they’re posting on our board, that’s another indication. All of these steps are used to decide whether to preemptively ban the spammer before they spam, or decide to wait.

It’s all a manual process for now. So while I’ve been away from phpBB2 for a while because of other demands on my time, this has never really been far from my mind. I just haven’t come up with an idea that can be implemented in code versus a manual process.

Guess I should check in with the BB Protection folks, and see what they’re up to at this point.

The focus for the past several years for board owners has been to prevent (or at least have some easy way to ignore) spammer registrations. When spammers thought it was useful to have an entry on a board memberlist they were often satisfied with getting through the registration process. They didn’t bother to activate their account. As a result, one of the most popular (and fortunately very easy) MODs for discussion boards was to prevent inactive members from showing up on the member list. This is the standard configuration for phpBB3, no MOD required.

Spammers reacted by altering their process so they can activate accounts. (I as well as other board owners have seen a dramatic increase in use of gmail accounts for this, so clearly Google’s registration process has been cracked and automated as well.) Like many board owners, I would like to have a “clean” database. But it wasn’t a huge imposition to get spammer registrations. If they never posted, they were not a contributing member of my board but at least they weren’t getting in the way. I had a MOD that prevented board members from entering a web site until they had a minimum number of posts on my board, so at least I didn’t get a member database sprinkled with unsavory web links. There are also MODs available that prevent zero-post users from showing up, and for pruning inactive or zero-post users after some specific period of time. All of these were okay in their day, but are not as effective anymore.

I’ve posted many times about my Checkbox Challenge code. It has served very well in protecting my blogs, several phpBB boards, and even my comment forms from spammers. However I am starting to see some issues, and that bothers me. Why? Because the new spam seems to be coming from humans rather than bots. I don’t know how we can combat that. Spammers seem to be quite creative with their posting strategies as well. More…

A few weeks ago I had an interesting conversation with a woman from England who is doing a thesis on the psychology of online communities (discussion boards). During the conversation she dropped a phrase that I immediately stopped and wrote down so I could think about it further. Here is the basic question that was invoked by her comment:

What is the difference between recognition and reputation? More…

Well, this is what I get for skipping out of visiting phpbb.com for a while… I completely missed the announcement of Libertyvasion 2010 that came out last month. Now I have to go log in and see if there’s anything I can talk about this year. Last year I had fun pulling together a talk about board spam. I’ll have to see what I can come up with this year.

Definitely need to try to make it.

In the past I have done a number of tricks to celebrate today. One year I posted a very official looking press release stating that the board had been bought out and would no longer be a free resource. Another year I used to tricky CSS to flip the “off topic” forum upside down.

This year I used a suggestion from my wife… it’s evil. I will post what I did after today is over.

How about you? Any fun tricks to share?