Message Forum Spam | How to Protect Yourself and Your Visitors

Message Forum Spam

Message Forum Spam | How to Protect Yourself and Your Visitors

Message forum spam is a major detriment to the integrity of many websites. It can compromise the ability for forums to present 'clean', reliable information, free of external links containing malicious scripts and code which are inserted by hackers posting articles containing undesirable and unrelated, material such as pornography, weight-loss, loans, real estate, pharmaceuticals, loans, and get-rich-quick schemes.

Spam bots search the internet in order to place spam links on message forums, blogs, wikipedia entries, guestbooks, and various types of internet web forms. These robots frequently use OCR Technology (Optical Character Recognition) to bypass a security feature used by many websites known as CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart; which is a test that was designed to confirm whether a response has been generated by a real person vs. a computer).

Targeted Forum Spam Messages directed at readers of forums, etc. involve the use of 'phishing', techniques, the obtaining of sensitive data and information; including passwords, usernames, credit card info., etc.: by appearing to be a secure and trusted source; often being transmitted in email spoofs and available featured assistance via live chat site-support. Individuals may be victims of this practice during a session of instant messaging.

One of the ways that readers are subjected to these threats and unwanted material, is because of the ability of robots to submit realistic, difficult to distinguish from authentic, malicious postings vs. viable submissions). These 'bot' generated posts are designed to corrupt, pollute or to extract sensitive information or data from forums users.

Some message forum spam messages are targeted towards readers and can involve techniques of target marketing or phishing, making it hard to tell real posts from the bot generated ones. Not all of the spam posts are meant for the readers; some spam messages are simply hyperlinks intended to boost search engine ranking.

The majority of spam targeted at message forums is made up of links to external websites, with the intention of boosting traffic and visibility of mainly commercial sites.  In order for the spammer who executes a spam bot in order to generate sales and realize a commission from these types of transactions, they must insert code which tracks their 'bots' identity.

Most of these posts contain, arbitrary or insignificant text, which is minimal in content, and unrelated to the message forum's focus or topics, although some relevant text maybe included to keep the post from being easily exposed by existing spam filters, which is designed to check for fake submissions and prevent the submission entries containing high number of external links.  What is alarming is the ability for a spam bot to have links existing in the signature field without the necessity of having any posts be posted to the message forums, where search engine spiders are likely to harvest them. They can actually reside there and go undetected by the administrators or moderators of the forum, whereby giving spy bots the ability to propagate their links via a search engine.

An extremely destructive practice that has been around since 2006, attacks wikipedia entries and message forums; with the insertion of comments which redirect website visitors to different pornographic sites using an automated script called XRumer.  When a visitor clicks on an image or tries to attempt to close the site, then an ActiveX codec is downloaded as a Zlob Trojan. Spam bots have the ability to get past many of administrator safeguards put in place to try to reduce posted spam.

The Negative Effects of Message Forum Spam

Since message forum spam is likely to increase moderation and administration efforts and the resources needed to manage, control, minimize and prevent the damage from spam, the workload that is required and the cost of labor involved in dealing with the associated burden from these practices can be become impractical. This also creates the necessity to have highly-skilled individuals, who are familiar with dealing with and removing the dynamic, ever-changing and increasing threats implemented by hackers on a daily basis. The amount of financial resources and time a forum website owner may have to devote to keep forums free of spam, can actually cause smaller and marginally profitable types of message forums to fail.


Preventing Message Form Spam

The prevention of spam is a major concern among all types of website owners, including companies, corporations, organizations, and individuals.

Keeping original, sensitive, or copyrighted material and data safe; is a crucial part of having a secure and reliable website on the internet for visitors and customers.  Professional, skilled website security experts are constantly having to create ways to deal with the ever-increasing global problem of being affected negatively by attacks of spam.

Some of examples of ways to manage incoming spam and the ability of spam bots to infiltrate even the most complex and up-to-date security measures web owners have had installed are:

Message Forum Flood Control - a method that aims to prevent spam from being automatically posted, by creating a wait-time that is programmed into the posting process as short intervals between postings, resulting in the prevention of flooding message forums by spam bots.


Controlling Spam By Means of Registration

To most people, CAPTCHA is probably the most familiar method of automated 'visual recognition' currently being used to deter spam bots.  Many forums employ this technology, which uses an alpha-numeric set of characters that humans can recognize and spam bots cannot. Better less vulnerable types of CAPTCHA, have been introduced which display scrambled characters; and appear to have a higher level of effectiveness against being vulnerable.

Textual Confirmation, which requires more interaction by the user; such as random questions they are asked to answer in order to show that they are not spam bots.  The use of passwords and logins, are an example of the features being used by forums; in which emails with activation links or codes are sent registered users only. Registration has to be approved by the forum administrator, as a requirement of account users being granted posting privileges.


Authoritative Voice Technology

Safe and secure forum posting depends on the use of external filtering and services, for example 'Akismet'; which is also a plugin used for blogs like WordPress. automatically checks incoming comments for spam-related material, and provides results for whether data is corrupted.


Using Posting Limits

Limiting who can post on forums to registered users only, and/or requiring users to pass CAPTCHA testing before they can post any material; is another way to insure a website's and users security while they are using a forum's features.


Registration restrictions: Applying careful restrictions can seriously impact bogus and spam bot registrations.

One approach consists in the denial of registration from certain domain extensions that are a major source of spam bots such as .biz , .br , .ru , as well as suspicious addresses. Other testing which is done manually and as a result can be more expensive because it is a more labor-intensive process; involves testing new registrants by looking a host of different indicators.  Since spam bots many times will delay confirming registrations by email until a few hours after they register, (vs. individuals who usually respond to an email confirmation quickly); spam bot registrations are easier to detect.

Spam bots can also be detected by factors such as their tendency to submit unique, non-previously submitted; forum user names.  Often these are names which also contain several digits, or names run together. Examinations can also illicit the use of search engines, to investigate and reveal an incredible number of user profiles containing logins generated by spy bots.


One method of rendering spam bots unable to circumvent login attempt failure, is by the regular alteration of the details of the software used by a particular message forum, which will essentially confuse them.

Some other ways to prevent message forum spam include:

  • Blocking registrations and posts that contain  elements of words that are 'blacklisted'.
  • Be aware of IP addresses that are unknown and are from either newly registered user or have been anonymously posted. By dynamically querying a search engine for questionable IP addresses, it is possible to be proactive in detecting established proxy servers being used by spammers to mask their identities. It will be discovered in specialized pages which list proxies by name
  • Message Forums can benefit from disabling the signature option

 Please contact us to learn more about preventing message forum spam on your website

Sharing is caring:

web development web services web application security

Dialogue & Discussion