Forum spam

Last updated June 28, 2023

Forum spam consists of posts on Internet forums that contains related or unrelated advertisements, links to malicious websites, trolling and abusive or otherwise unwanted information. Forum spam is usually posted onto message boards by automated spambots or manually with unscrupulous intentions with intent to get the spam in front of readers who would not otherwise have anything to do with it intentionally.

Types

Forum spambots surf the web looking for guestbooks, wikis, blogs, forums and any other web forms to submit spam links to. These spambots often use OCR technology to bypass CAPTCHAs present. Some messages are targeted towards readers and can involve techniques of target marketing or even phishing. These automated schemes can make it more difficult for users to tell real posts from the bot generated ones. Some spam messages also simply contain tags and hyperlinks intended to boost search engine ranking rather than target human readers.

Most forum spam consists of links to external sites with the dual goals of increasing search engine visibility in highly competitive advertising domains such as weight loss, pharmaceuticals, gambling, pornography, real estate or loans, and generating more traffic for these commercial websites. Some of these links may contain code to track the spambot's identity so that if a sale goes through then the spammer behind the spambot can collect a commission.

Spam posts may contain anything from a single link to dozens of links. Text content is minimal, usually innocuous and unrelated to the forum's topic. Sometimes the posts may be made in old threads that are revived by the spammer solely for the purpose of spamming links. Posts may include some text to prevent the post being caught by automated spam filters that prevent posts which consist solely of external links from being submitted.

Alternatively, the spam links are posted in the user's signature, in which case the spambot will never post. The link sits quietly in the signature field, where it is more likely to be harvested by search engine spiders than discovered by forum administrators and moderators.

Since November 2006, a very destructive forum and wiki spam attack has been propagated by inserting into comments redirect domains with an automated posting script like XRumer. These domains redirect a user to pornographic websites. If a user clicks on the image or attempts to close the Website an ActiveX codec will be downloaded as a Zlob Trojan. The spambot can often bypass many of the safeguards administrators use to reduce the amount of spam posted.

Effects

Spam prevention and deletions measurably increase the workload of forum administrators and moderators. The amount of time and resources spent keeping a forum spam-free contributes significantly to labor cost and the skill required in the running of a public forum.^[1] Marginally profitable or smaller forums may be permanently closed by administrators.

Spam prevention

Techniques for avoiding, removing, and mitigating forum spam include:^[2]^[3]

Blacklisting services such as fspamlist, StopForumSpam and BotScout keep databases of IP addresses, usernames and e-mail addresses used to post spam or register forum accounts.^[4] Forum software can query these lists and either deny posts or registration, or submit the request for human moderation. This is similar to DNSBL services.
Flood control forces users to wait for a short interval between making posts to the forum, thus preventing spambots from overwhelming the forum with repeated spam messages.
Registration control mechanisms used by forums include:
- CAPTCHA (visual confirmation) routines on forum registration pages can help prevent spambots from carrying out automated registrations. Simple CAPTCHA systems which display alphanumeric characters have proven vulnerable to optical character recognition software but those that scramble the characters appear to be far more effective.
- Textual confirmation is an alternative to CAPTCHA in which the user answers one or more random questions to prove that he/she is not a spambot.
- Confirmation e-mails to registering users prior to allowing the user a first log in, either containing a site-generated password or an activation code/link.
- Manual registration approval by administrators for each account.
Authoritative voice, using an external filtering service to get a verdict if the data is spam or not.
Posting limits on users, both to prevent flooding or to limit posting to certain users (e.g., registered users).
Registration restrictions include:
- Denial of registration from certain domains that are a major source of spambots, or even domain extensions such as .ru, .br, .biz.
- Manual examination of new registrants for several indicators. Spammers often delay email confirmation of several hours, while humans will confirm promptly. Spambots tend to create relatively noisy user names (e.g., John84731 or JohnbassKeepsie vs. John) in order to ensure uniqueness.
- Using a search engine to investigate usernames for hits as recognized spambots on other forums.
Changing technical details of the forum software to confuse bots — for example, changing "agreed=true" to "mode=agreed" in the registration page of phpBB.^[5]
Blocking posts or registrations that contain certain blacklisted words.
Monitoring IPs used by untrusted posters, like anonymous posts or newly registered users. A useful technique for proactive detection of well-known spammer proxies is to query a search engine for this IP. It will show up on pages that specialize in the listing of proxies.
Redirecting spammers to "spam subforums" to direct spam away from human users on the main site.
Disabling signature option.

Related Research Articles

PHP-Nuke is a web-based automated news publishing and content management system based on PHP and MySQL originally written by Francisco Burzi. The system is controlled using a web-based user interface. PHP-Nuke was originally a fork of the Thatware news portal system by David Norman.

<span class="mw-page-title-main">Spamming</span> Unsolicited electronic messages, especially advertisements

Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, for any prohibited purpose, or simply repeatedly sending the same message to the same user. While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file sharing spam. It is named after Spam, a luncheon meat, by way of a Monty Python sketch about a restaurant that has Spam in almost every dish in which Vikings annoyingly sing "Spam" repeatedly.

Spamdexing is the deliberate manipulation of search engine indexes. It involves a number of methods, such as link building and repeating unrelated phrases, to manipulate the relevance or prominence of resources indexed in a manner inconsistent with the purpose of the indexing system.

A CAPTCHA is a type of challenge–response test used in computing to determine whether the user is human.

phpBB is an Internet forum package written in the PHP scripting language. The name "phpBB" is an abbreviation of PHP Bulletin Board. Available under the GNU General Public License, phpBB is free and open-source.

An Internet forum, or message board, is an online discussion site where people can hold conversations in the form of posted messages. They differ from chat rooms in that messages are often longer than one line of text, and are at least temporarily archived. Also, depending on the access level of a user or the forum set-up, a posted message might need to be approved by a moderator before it becomes publicly visible.

Address munging is the practice of disguising an e-mail address to prevent it from being automatically collected by unsolicited bulk e-mail providers. Address munging is intended to disguise an e-mail address in a way that prevents computer software from seeing the real address, or even any address at all, but still allows a human reader to reconstruct the original and contact the author: an email address such as, "no-one@example.com", becomes "no-one at example dot com", for instance.

Spam in blogs is a form of spamdexing.. It may be done by posting random comments on other blog websites, or by copying other websites' content and using it on free-to-use publishing services like Blogger and WordPress or publicly accessible wikis, digital guest books, and internet forums.

This article outlines the general features commonly found in various Internet forum software packages. It highlights major features that the manager of a forum might want and should expect to be commonly available in different forum software. These comparisons do not include remotely hosted services which use their own proprietary software, rather than offering a package for download which webmasters can host by themselves.

A spambot is a computer program designed to assist in the sending of spam. Spambots usually create accounts and send spam messages with them. Web hosts and website operators have responded by banning spammers, leading to an ongoing struggle between them and spammers in which spammers find new ways to evade the bans and anti-spam programs, and hosts counteract these methods.

An Internet bot, web robot, robot or simply bot is a software application that runs automated tasks (scripts) over the Internet, usually with the intent to imitate human activity on the Internet, such as messaging, on a large scale. An Internet bot plays the client role in a client–server model whereas the server role is usually played by web servers. Internet bots are able to perform tasks, that are simple and repetitive, much faster than a person could ever do. The most extensive use of bots is for web crawling, in which an automated script fetches, analyzes and files information from web servers. More than half of all web traffic is generated by bots.

Email harvesting or scraping is the process of obtaining lists of email addresses using various methods. Typically these are then used for bulk email or spam.

A wordfilter is a script typically used on Internet forums or chat rooms that automatically scans users' posts or comments as they are submitted and automatically changes or censors particular words or phrases.

This is a list of blogging terms. Blogging, like any hobby, has developed something of a specialized vocabulary. The following is an attempt to explain a few of the more common phrases and words, including etymologies when not obvious.

URL shortening is a technique on the World Wide Web in which a Uniform Resource Locator (URL) may be made substantially shorter and still direct to the required page. This is achieved by using a redirect which links to the web page that has a long URL. For example, the URL "https://example.com/assets/category_B/subcategory_C/Foo/" can be shortened to "https://example.com/Foo", and the URL "https://en.wikipedia.org/wiki/URL_shortening" can be shortened to "https://w.wiki/U". Often the redirect domain name is shorter than the original one. A friendly URL may be desired for messaging technologies that limit the number of characters in a message, for reducing the amount of typing required if the reader is copying a URL from a print source, for making it easier for a person to remember, or for the intention of a permalink. In November 2009, the shortened links of the URL shortening service Bitly were accessed 2.1 billion times.

<span class="mw-page-title-main">FUDforum</span> Free Internet forum software

FUDforum is a free and open-source Internet forum software, originally produced by Advanced Internet Designs Inc., that is now maintained by the user community. The name "FUDforum" is an abbreviation of Fast Uncompromising Discussion forum. It is comparable to other forum software. FUDforum is customizable and has a large feature set relative to other forum packages.

NuCaptcha is an early fraud detection service which utilises behavior analytics to provision threat appropriate, animated video CAPTCHAs. NuCaptcha is developed and operated by Canada-based firm NuData Security.

XRumer is a piece of software made for spamming online forums and comment sections. It is marketed as a program for search engine optimization and was created by BotmasterLabs. It is able to register and post to forums with the aim of boosting search engine rankings. The program is able to bypass security techniques commonly used by many forums and blogs to deter automated spam, such as account registration, client detection, many forms of CAPTCHAs, and e-mail activation before posting. The program utilises SOCKS and HTTP proxies in an attempt to make it more difficult for administrators to block posts by source IP, and features a proxy checking tool to verify the integrity and anonymity of the proxies used.

People tend to be much less bothered by spam slipping through filters into their mail box, than having desired e-mail ("ham") blocked. Trying to balance false negatives vs false positives is critical for a successful anti-spam system. As servers are not able to block all spam there are some tools for individual users to help control over this balance.

Social spam is unwanted spam content appearing on social networking services, social bookmarking sites, and any website with user-generated content. It can be manifested in many ways, including bulk messages, profanity, insults, hate speech, malicious links, fraudulent reviews, fake friends, and personally identifiable information.

References

↑ "Full transcript: Ars interviews 8chan founder Fredrick Brennan". Ars Technica. Archived from the original on November 25, 2015. Retrieved 2015-11-25.
↑ "9 Best Practices To Defend Against Forum Spam | Ninja Post | Hosted Forum Software". 2015-11-25. Archived from the original on November 25, 2015. Retrieved 2015-11-25.
↑ "phpBB • Preventing Spam in phpBB3". www.phpbb.com. Archived from the original on 2015-11-27. Retrieved 2015-11-27.
↑ "Five steps to help reduce the forum spammers on your forum". www.webanalyticsworld.net. Archived from the original on 2017-06-29. Retrieved 2015-11-25.
↑ "phpBB • Preventing Spam in phpBB 3.0.6 and Above [*Read First Post*]". www.phpbb.com. Archived from the original on 2018-01-08. Retrieved 2015-11-27.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Full transcript: Ars interviews 8chan founder Fredrick Brennan". Ars Technica. Archived from the original on November 25, 2015. Retrieved 2015-11-25.

[2] "9 Best Practices To Defend Against Forum Spam | Ninja Post | Hosted Forum Software". 2015-11-25. Archived from the original on November 25, 2015. Retrieved 2015-11-25.

[3] "phpBB • Preventing Spam in phpBB3". www.phpbb.com. Archived from the original on 2015-11-27. Retrieved 2015-11-27.

[4] "Five steps to help reduce the forum spammers on your forum". www.webanalyticsworld.net. Archived from the original on 2017-06-29. Retrieved 2015-11-25.

[5] "phpBB • Preventing Spam in phpBB 3.0.6 and Above [*Read First Post*]". www.phpbb.com. Archived from the original on 2018-01-08. Retrieved 2015-11-27.

[1]

[2]

[3]

[4]

[5]