[John]

SydneyK, thanks for bumping this.

I'll be making changes this week which should very significantly cut down the amount of spam on GC. Basically it involves funneling new accounts through an Introductions forum by requiring at least 1 post there, followed by a short amount of time, before the account will be able to post messages into any other forums areas of GC.

On any forums where I've used this method it has been quite successful. The spam bots almost always are unable to figure out the posting requirement and those that do probably either stumbled upon the Intros forum by accident or had human assistance. Setting it up like this on GC will make the new Introductions forum more or less our first line of defense against spam bots and will help to keep the vast majority of spam out of all the other forum areas.

We discussed making these changes early last year, although I wasn't sure it was needed on GC at the time & a discussion prior to that about having an Intros forum (not for spam blocking purposes) seemed to have a bit of interest but not significant interest.

SAEalumnus notified me about the increasing spam issues on GC last month. I wanted to make the above changes a few weeks ago but have not been able to get to it just yet. I'll have it done this week, though.

--------------------------------------------------

I put in the above ^ separator in this post as this next part of my message is just some stuff I've learned about spam bots, how I expect them to be changing in the future & etc. This will probably get a bit long. The reply most pertinent to GC is up above... skip the rest unless you're really interested in more general & technical details about forum spam.

Spam from automated forum spam bots has been gradually increasing for a number of years now. It was probably way back in 2003 or so when the bots started getting noticed, prior to that it was mostly people who posted the spam which was minimal for the most part. 2003 is also the year when Congress passed the email anti spam law, which may have had the partial side effect of getting email spammers to turn into forum spammers. The timing might be coincidental, though.

Dealing with the spammers has basically turned into a constant game of cat & mouse. The forum programmers develop ways to block the spammers and the spam bot programmers develop ways to defeat the forum defenses.

CAPTCHA was integrated into the registration systems of forums quite a few years ago and it did work for a while. Over time most forum spam bot programs were made to beat CAPTCHA. Then beyond just the automated means, many spam operators have turned to employing people in cheap labor countries to assist the automated bots in getting past CAPTCHA. Just imagine hundreds or thousands of people sitting in front of computers being shown CAPTCHA screenshots all day long and all the people do is type in whatever they see in the screenshot of the CAPTCHA. Maybe two years ago or so I stumbled upon an article stating that some spammers have since even setup ways to help themselves to avoid the cost of having all the cheap labor employees. What they apparently have done is to setup porn websites & download websites that require the CAPTCHA code to be entered in order for the website visitor to enter, or per video view, per download, etc. Years ago CAPTCHA was really effective but at this point I think it is minimally effective.

On GreekChat CAPTCHA is used during site registration, but that is it. We could probably make CAPTCHA required for all actions on GC in order to help block the spammers, but I really don't think that would help much. Chances are that it would be a big hindrance to our members while the spam bots would slip by easily. Remaining as easy as possible for our legitimate members while also blocking the bots is a primary focus.

CAPTCHA can be configured to be a lot more difficult, but something that must be kept in mind is that the more difficult we make registering, posting & etc for bots means that the same becomes more difficult for legitimate members of the site. My vision is 20/20 and from time to time I encounter sites where the CAPTCHA is almost literally impossible to get past... I wouldn't want to take it that far on GC.

A few years ago I noticed spam bots beginning to take real posts from other sites and using those posts when posting their spam on other sites. The spam operations have been improving a lot on this concept.

The posts initially seem real, since they were legitimate messages on other sites, but the spammers include invisible links, fake signatures, sometimes they will link only a letter or a period within another link that is legitimate (for search engine optimization purposes), etc, etc.

This concept has since been morphing into having more of an artificial intelligence. The spam bots (at least some of them) can scan a discussion thread (just like Google spiders content and uses the meaning of the content to rank in search results) and the bots post spam that is related to the discussion. Spam bots doing this initially posted messages that, even though they were related to the topic, just seemed out of place. They've been improving on this as well & sometimes you cannot tell at all.

Another expansion of this concept has been for spam bots to have discussions with other spam bots. Surely, these spam bots are just reposting discussions that were scraped from some other forum site.

Over time I expect spam bots to continue "improving" their methods. I believe in the future we can expect forum spam bots to get better at passing CAPTCHA, more human assistance, more use of other websites to proxy the bot CAPTCHA images to other legitimate site users, improved scanning of forum discussion semantics in order for the bots to post the most relevant replies, posting of legitimate messages for a while before adding spam links to their sigs or future messages, using proxy networks, etc, etc.

I wouldn't be surprised at all if spam bots are being run on botnets, on hacked webservers & spread through computer viruses in addition to the spammer's own servers. If they aren't yet then they eventually will be (hopefully I didn't give any ideas if a spammer ever reads this).

In addition to all of that, there are even some programs that people can buy, install on their computers and the program will enable them to mass spam tens of thousands of forums in a relatively short amount of time with a great deal of ease. I watched a few videos of related software in action... they make it far too easy for some people to make a real mess out of the net. Fortunately, nobody likes promoting these programs on legitimate sites so many would be spammers don't even know about it (please don't post the program name if you know it as I do not want to promote that here).

What all these spammers ultimately want are links. All they want is to get their links on as many sites as possible in order to build search engine rankings, increase traffic to an ad supported website or to make product sales. Links are usually in the messages, except for the case where the entire thread is a reproduced spam discussion between bots. In threads where spam bots go through many posts there might be only one single post with the spammer's link embedded. Spammers want their links to remain on sites and do their best to make it difficult to prevent.

The solution I'm going to use on GreekChat, as far as I know, isn't widely used on many other forum sites. It works well on a few other sites that I set it up on, though. I feel that it's better to do something at least a little different than what the majority of forum sites are doing, since the spammers are less likely to work on ways of circumventing it. Eventually (especially if this method ever catches on with many other forums), I expect that the bots will start getting past it in a significant way. It depends. I have been brainstorming other unique methods to use for defending against spam bots, though. One method I believe will be very good, will take a bit of development... maybe I'll have it ready by the time it's needed in this cat & mouse game with the spammers.