Forum spam

posted by Jeff | Tuesday, July 28, 2020, 10:56 PM | comments: 0

A very, very long time ago, I learned the joy of spam and ways to post in an automated fashion to forms on the World Wide Web. Very early on in my experience with POP Forums, on the site now called PointBuzz, some kid lit up the forum with thousands of the same spammy posts. It was not a sophisticated attack. My one and only way of mitigating spam at the time was that you had to confirm that the email you used to signup was real, but once you did that, the gates for abuse were wide open.

The next thing that I did was institute a waiting period, which is something I hacked together literally as this was going on. Basically it meant that you had to wait a certain number of seconds before you could post again. Having to deal with 60 posts every hour was a lot easier to head off than 60 posts every second! Then I required that you couldn't post the same thing twice in a row, which meant that even your slow attack from a single user account would have to vary in content. Finally, I started blocking IP addresses. Together, this has mostly kept spam to a minimum, where it was annoying but not disruptive.

Earlier this year, when I was working out how to migrate the PointBuzz forums into the managed hosted forum product, I happened to notice literally thousands of accounts created with fake email addresses, created milliseconds apart. They were all useless since none were confirmed by email, but it was a lot of data noise to say the least. This was a little more sophisticated, because they were created from what I assume was a bot net, from many IP's around the world (though mostly from China and Russia). To mitigate this, I added Google's reCaptcha service to the page, which is largely invisible at this point, and that has mostly worked. Unfortunately I had not back-ported that code to CoasterBuzz, so it was in the midst of a similar sign-up-o-rama of ill repute.

It's a bit of a constant struggle, because especially when you have had active domain names for 20+ years, they're more valuable to host outbound links in terms of spam and search optimization. I had a recent email exchange with a guy who has been running another coaster site for even longer, and we marveled at the fact that we've been around longer than social media. I would argue we were social media before it had a name.


No comments yet.

Post your comment: