|This article does not cite any references or sources. (April 2013)|
Forum spam consists of posts on Internet forums that contains related or unrelated advertisements, links to malicious websites, and abusive or otherwise unwanted information. Forum spam is usually posted onto message boards by automated spambots or manually with unscrupulous intentions with one idea in mind: to get the spam in front of readers who would not otherwise have anything to do with it intentionally.
Types of forum spam
Forum spambots surf the web looking for guestbooks, wikis, blogs, forums and any other web forms to submit spam links to. These spambots often use OCR technology to bypass CAPTCHAs present. Some spam messages are targeted towards readers and can involve techniques of target marketing or even phishing. These automated schemes can make it more difficult for users to tell real posts from the bot generated ones. Some spam messages also simply contain tags and hyperlinks intended to boost search engine ranking rather than target human readers.
Most forum spam consists of links to external sites with the dual goals of increasing search engine visibility in highly competitive advertising domains such as weight loss, pharmaceuticals, gambling, pornography, real estate or loans, and generating more traffic for these commercial websites. Some of these links may contain code to track the spambot's identity so that if a sale goes through then the spammer behind the spambot can collect a commission.
Spam posts may contain anything from a single link to dozens of links. Text content is minimal, usually innocuous and unrelated to the forum's topic. Sometimes the posts may be made in old threads that are revived by the spammer solely for the purpose of spamming links. Posts include some text to prevent the post being caught by automated spam filters that prevent posts which consist solely of external links from being submitted.
Alternatively, the spam links are posted in the user's signature, in which case the spambot will never post. The link sits quietly in the signature field, where it is more likely to be harvested by search engine spiders than discovered by forum administrators and moderators.
Since November 2006, a very destructive forum and wiki spam attack has been propagated by inserting into comments redirect domains with an automated posting script like XRumer. These domains redirect a user to pornographic websites. If a user clicks on the image or attempts to close the Website an ActiveX codec will be downloaded as a Zlob Trojan. The spambot can often bypass many of the safeguards administrators use to reduce the amount of spam posted.
Effects of forum spam
Spam prevention and deletions measurably increase the workload of forum administrators and moderators. The amount of time and resources spent keeping a forum spam free contributes significantly to labor cost and the skill required in the running of a public forum. Marginally profitable or smaller forums may be permanently closed by administrators.
Techniques for avoiding, removing, and mitigating forum spam include:
- Blacklisting services such as Stop Forum Spam keep databases of IP addresses and e-mail addresses used to post spam or register forum accounts. Forum software can query these lists and either deny posts or registration, or submit the request for human moderation. This is similar to DNSBL services.
- Flood control forces users to wait for a short interval between making posts to the forum, thus preventing spambots from overwhelming the forum with repeated spam messages.
- Registration control mechanisms used by forums include:
- CAPTCHA (visual confirmation) routines on forum registration pages can help prevent spambots from carrying out automated registrations. Simple CAPTCHA systems which display alphanumeric characters have proven vulnerable to optical character recognition software but those that scramble the characters appear to be far more effective.
- Textual confirmation is an alternative to CAPTCHA in which the user answers one or more random questions to prove that he/she is not a spambot.
- Confirmation e-mails to users who registered, either containing the password used to log in or an activation code/link.
- Manual registration approval by administrators for each account.
- Authoritative voice, using an external filtering service to get a verdict if the data is spam or not.
- Posting limits on users, both to prevent flooding or to limit posting to certain users (e.g., registered users).
- Registration restrictions include:
- Denial of registration from certain domains that are a major source of spambots, or even domain extensions such as .ru, .br, .biz.
- Manual examination of new registrants for several indicators. Spammers often delay email confirmation of several hours, while humans will confirm promptly. Spambots tend to create relatively noisy user names (e.g., John84731 or JohnbassKeepsie vs. John) in order to ensure uniqueness.
- Using a search engine to investigate usernames for hits as recognized spambots on other forums.
- Changing technical details of the forum software to confuse bots — for example, changing "agreed=true" to "mode=agreed" in the registration page of phpBB.
- Blocking posts or registrations that contain certain blacklisted words.
- Monitoring IPs used by untrusted posters, like anonymous posts or newly registered users. A useful technique for proactive detection of well-known spammer proxies is to query a search engine for this IP. It will show up on pages that specialize in the listing of proxies.
- Redirecting spammers to "spam subforums" to direct spam away from human users on the main site.
- Disabling signature option.