Spam in the Forums

There must be a better way to keep spam out of the forums than removing spam messages manually after they've already been successfully posted. I only rediscovered the forums a month or so ago, but it looks to me like it's getting worse.

There are scripts that filter spam messages and prevent them from ever appearing. The script's filters can be manually tweaked to fight a particular assault or to allow messages that were being inadvertently removed by an imperfect algorithm.

Or hot links could be prohibited. This could discourage the spammers enough so that they'd go away.

If that didn't work, all links could be prohibited. That would inconvenience normal posters, but normal posters have a common workaround where they hide the link from the spambot as in "lva dot com." I don't think spammers bother with a site that enforces a no link policy, because it's easier to move on to greener pastures. It's at least worth a try.

The problem is since this is a forum, you need to allow people to post without pre-moderation. Otherwise, someone would make a post and have to wait for a moderator to manually approve it which might take several hours. 

I assume Akismet or something similar is already running?  I am testing WPBruiser on my site now. 

Hotlinks appear to be prohibited now but the bots weren't posting hotlinks just text URLs.  Now the rest of us can't hotlink to sources or images. For example, a user can't post pics of his or her trip report now. Nor can they reference another site where the trip report is hosted.  Eliminating all links only punishes people that want to use the forum legitimately.

I am not sure how normal users would get access to a LVA domain as a workaround. 

A  CAPTCHA might help. 

> someone would make a post and have to wait for a moderator to manually approve it which might take several hours.

So what? If it's a choice between having delayed posting of messages or having a forum being over-run with spam, many forums choose manual pre-moderation. At this point, however, the LVA forums are not over-run. The "broken windows" theory of crime fighting, though, is that small offenses need to be aggressively tackled or they'll get out of hand.

While not a solution for commercial spam, the "Kitchen Sink" is a good solution for non-commercial spam. It seems the off-topic posters voluntarily self-segregate and don't pollute the rest of the forums.

> I am not sure how normal users would get access to a LVA domain as a workaround. "

I meant posters wanting to link to their TR or pics can write "instagram dot com slash myname" or something like that as a workaround. That's commonly seen elsewhere where links are prohibited.

>the bots weren't posting hotlinks just text URLs.

I didn't look at them, so I don't know about the earlier ones, but I saw recent spam, and it looked like they were posting links as the product or company appeared in a different font from the normal text making it look like a link that had had a URL it had been pointing to removed. Not sure about that, though.

Another idea might be to make it more difficult to register a new login. I assume that the spammers' logins get deleted as soon as they post any spam. Normal users would suffer inconvenience, but only on a one time basis. If spammers had to jump through time-consuming hoops or hoops their bots couldn't beat every time they wanted to post, they might give-up.

Registration could require manual approval. The delay could discourage spammers, and if something about their registration form indicated they were spammers (like their IP address or email), they wouldn't get approved. Making a difficult CAPTCHA also could help. I've seen simple games one had to play and win or a math problem (2+5 = ?) one had to solve to complete a registration .

The problem with that is LVA's business model needs free sign-ups who eventually become paid subscribers. It might hurt LVA's business to impede signing-up.

So what? If it's a choice between having delayed posting of messages or having a forum being over-run with spam, many forums choose manual pre-moderation. At this point, however, the LVA forums are not over-run. The "broken windows" theory of crime fighting, though, is that small offenses need to be aggressively tackled or they'll get out of hand.

Do you realize under your proposal someone making a post on a Friday evening wouldn't be able to get their post approved until Monday morning when LVA employees come in? You might as well close the board altogether at that point because the term discussion board implies there is active discussion. What you are describing is a primitive comment system circa the late 1990s. I also don't agree with the assessment that it is being overrun.  I get about 20-30 spam posts on my WP site a day and it is a brand new site. Black Hatters write programs to spam commonly used software. There is no way around it if you run a website. Look at the comments on any big site and you will see spam.  A lot of those sites even employ people around the clock just to delete spam comments. 

I meant posters wanting to link to their TR or pics can write "instagram dot com slash myname" or something like that as a workaround. That's commonly seen elsewhere where links are prohibited.

It wouldn't work. Under the current rules, anything that looks or hints at a URL is being filtered out. Nobody would manually type in somebody's entire Instagram post address to view a few pics. LVA needs more content especially media-rich content like images and videos related to Las Vegas. Under the current system with no URLs, you are getting even less of that.  I have suggested many times they allow YouTube, Twitter, Instagram and other social media embeds as a way to pump up this sort of content. 

I didn't look at them, so I don't know about the earlier ones, but I saw recent spam, and it looked like they were posting links as the product or company appeared in a different font from the normal text making it look like a link that had had a URL it had been pointing to removed. Not sure about that, though.

They were placing text links not active hyperlinks. In order to place active hyperlinks, the bots would have to have the ability to click on the hyperlink icon in the post editor, fill out the fields that brings up and then close the hyperlink pop-up. That is too complex an operation for spambots to carry out. If someone is posting active hyperlinks, they are doing it manually. 

Registration could require manual approval. The delay could discourage spammers, and if something about their registration form indicated they were spammers (like their IP address or email), they wouldn't get approved. Making a difficult CAPTCHA also could help. I've seen simple games one had to play and win or a math problem (2+5 = ?) one had to solve to complete a registration .

Registration requiring manual approval would make more sense, but you don't need to go that far.  I can tell you from experience simply not allowing registrations from free email services would eliminate 80% - 90% of the spam.  The spammers use bots to register the email addresses at the free email services so simply banning one email address wouldn't do anything as they use a new one each time. 

Hell, if I added just added Yandex mail addresses to my registration filter, I could cut my spam volume in half. 

IP addresses are irrelevant in 2020. Many ISPs even assign dynamic IPs to their users.  The bots are using proxies to mask their IP address. Anyone can get a table of hundreds of IP addresses through VPN services for a few bucks.