Recent forum spam

I’m sure I’m not the only one who has noticed our forum being spammed with drug add and porn site links in the last couple days. I find it extremely offensive and damaging to our community. I am really pleased with the quick responses of moderators to remove these posts. No doubt, this has always been an issue, but I have found two in the last two days, minutes after they were posted. I hate to think that this could become a regular occurrence.

I don’t know the safeguards we currently have in place but I found a good list of some things we can try.

I hope we can nip this before it becomes a much larger problem.  :frowning:

I closed my forum as it was not very active - i could not constantly keep looking at it… but there was daily 5-10 spam messages. Easier to just give up. Some good tips in that post you linked to…

I just hope mojo will not disable signature links 

we are seeing it on too :x

Aye…though it is rather amusing seeing a viagra post under the "Releases" forum  :-o

Starnick said:

Aye...though it is rather amusing seeing a viagra post under the "Releases" forum  :-o


I suggest we add 2-3 mods to the Releases forum just to combat spam and keep deleting… I have reported some 4-5 threads already… I am sure others have reported some also… I think there must be a fresh vulnerability in the current SMF version… this did not seem to happen almost at all just a couple of months ago…

From SMF forums:

Simple Machines announces the release of SMF 1.1.7

This release is a security-only update which addresses a few recently discovered security issues in SMF 1.1.6 and older. As the result of these security issues, we highly recommend that all users upgrade to 1.1.7 as soon as possible. Users can upgrade by using either the fast install option from the administration center, or manually applying the changes attached to this message.

For those users running SMF 1.0.x series, we have also released SMF 1.0.15 addressing the above issues. These security issues do not affect SMF 2.0.

To upgrade, use the package manager to upgrade to 1.0.15/1.1.7. Simply visit your administration center, where a notice will be displayed, prompting you to upgrade.  Then follow the simple instructions through the package installation!

If you receive any tests failed, you may need to upgrade manually or with an upgrade/update package. To do this, please read our documentation on the Online Manual for instructions on Upgrading SMF.

We are 1.1.6 currently. I think we need to upgrade

Updating to 1.1.7 didn't make any difference on my forum.  I'm getting about 10 spam messages a day right now.  I'm looking into things I can do to help cut back.

I think you’re better off betting on installing a mod or two. Check this and this.

I recently installed Akismet and it has cut down a lot on the spam, but is a little bit of a pain since anything it detects as spam needs to be cleared out in the admin and verified it hasn't accidentally captured something not spam.

I'm actually surprised that captchas aren't done in an SWF…it would make it much more of a pain for captcha cracking to occur since they'd have to render the SWF, grab a screen shot, then process it.  Anyone interested in creating an SWF that references the captcha image that could replace the image tag in the registration form? :slight_smile:

There is no way to filter by keywords ?

Keywords like "porntube","bondage" etc  that users (normally) never use here.

What we did to combat bot registration was to keep the captcha but simply inform the user to write a hard coded value, then check that instead of checking against the captcha plugin value. That makes all the bots try to figure out the captcha and all the humans relieved that they don't have to…

Only reason this does not work in the bigger picture, is that bots are made to break certain systems, e.g BB forum, if you then change the default BB forum code, the bots frac up. But if BB was to change it, the bots would quickly adapt.

2 cent.

Are you sure, the spam posts come from automated bot programs? Those posts could come from human spammers too. Or the registration is done by human, and actual spam posting by a bot. Is there a statistic, as how many registration attempts are failing? One thing that perhaps works, is a very hard captcha. When i registered on gmail, i had to try 3 times the captcha, because it was so hard to make it out.

As why has forum spam increased? My guess is, the biggest e-mail spammers have been shut down last week, and the spam clients are trying other ways to reach.

whatever you do, dont put a VERY HARD captcha. I have frequently been so angry at sites with impossible captcha-s that I have given up on registering on some occasions. A custom solution is enough… the bots will not figure it out, but a human can get through your ultimate captcha as well…

We've all been discussing idea's here, but I think we are missing input from mojomonk or someone who actually has the ability to make some changes.

Now its getting ridiculous in the Releases forum…

I agree with the CAPTCHA's, I've found some websites to be exceedingly annoying - like one of those "child proof" bottle caps that turns out to be human proof!

Im pretty sure the post saying brilliant site in releases is spam…not the spam to be expected eh?

Starnick said:

Im pretty sure the post saying brilliant site in releases is spam...not the spam to be expected eh?

Yeah I agree... they probably want to create accounts that have more than 1 post... hoping that some automatic spam detection add-on (which we do not have) will let it slide then.

Hey folks,

I'm having the same problem on a small forum I run that also uses SMF. It advisable to alter the captchas in the Admin screen to display the highest level of captchas (SMF offers different level sof captchas), as it appears that the spammers are now using a captchas decryption.

I hope this helps,