Protecting Message Boards from Spam

From WikiAdvocacy

Organizations have faced issues with spam on their online forums and community message boards. Spam can come from either people or bots, so it is important to consider both when working to protect message boards and forums. There are many methods to prevent spam, and it is often both useful and necessary to use more than one of these methods to increase security, help keep members safe, and protect the organization's server and intellectual property.

General Tips

  • Never use default settings.
  • Use a strong administrator password.
  • If possible, use the Akismet plug-in to help catch spam. It is supported by many applications.

Spam from People

  • Some small organizations directly approve anyone trying to register for their listserv. If the staff member assigned to this role does not recognize the newly registered member, he or she sends them a message asking why they want to be on their board. Those that do not respond do not get approved. This tactic also allows the organization to find out about new families.
  • Small organizations can also choose to approve all messages before they are posted on their listserv so that they can prevent any spam from getting through to their community.
  • Using SMF (Simple machines forum), organizations can protect themselves from spam from people by using a double opt-in to register. The form can be protected with various tools including CAPTCHA, a simple random question, and/or organization-specific questions, such as asking about a registrant's connection with the condition that the organization supports. The server will collect the IP addresses of each person who submits this form. The IP address can then be manually checked using the IP Blacklist Checker. If there are too many registrants to do this manually, it can also be done automatically by setting up Spamhaus to screen the sign-up email. If the address is blacklisted, the request to join is denied.

Spam from Bots

  • CAPTCHA forms are one method to get rid of bot spam.
  • Unfortunately, bots can sometimes get around both CAPTCHA forms and security questions. Because bot spam is so difficult to deal with, and because it sometimes designed to harvest members' email addresses and inject virus code into organizations' websites, it must be taken very seriously. Hackers unfortunately see trusted sites as good places to infect with malicious code, and oftentimes the organization will not know their site has been compromised until too late.
  • Zbblock is a free security script tool that that is quick to set up and will work on any forum that uses .PHP and on many websites.
  • Use an .htaccess file to protect the access to all files and folders on a website.