Dear Forum,

Of late there has been lot of spam on my discussion board www.dentistrytoday.info The spam is various places like China, Ukraine, Israel , Seychelles etc.

I wish to know what kinds of security measures can be put in to place to prevent spam.

If I enable CAPTCHA verification or administrator approval before each post on the forum, it might demotivate many users from being active on the forum. Besides the flow of the deliberations will become slow.

So I wish to know a solution due to which the deliberations will not become slow and also the spam is warded off.

Further more the site is being monitored for 16 hours a day .It is not monitored at night .So if somebody posts at night he will have to wait for a long time before his posts appear on the forum. I have installed MOLLOM. The results have been good. It has blocked a lot of spam. However it deletes all the messages it suspects to be spam. I think it ought to go to the approval/moderation queue.

Even the posts which MOLLOM itself marks as HAM cannot be seen in moderation / approval queue. I gave my moderators deleting rights and I was under the impression that the posts they delete will go into the moderation/approval queue. However those posts are deleted for ever. Can anybody help me on this ? How to push the suspected posts in moderation/approval queue where I can have a look at them before deleting.

Has anybody used www.impermium.com I want the view of the forum on www.impermium.com

My DRUPAL site (www.dentistrytoday.info) has been made in DRUPAL 6.2

Thanks in advance for all the help.

Regards,

Veerendra Darakh

Mollom module can be configured to _not delete the messages(content)... Admin-->then select By Module tab then Mollom Content Moderation - each page you add can be configured to 'retain'. Same version of Drupal here. Also you mentioned permissions, double check those(inside Drupal) I know I had to. Whether or not the messages the moderators delete will go into the cue?... I don't think those will. Mollom will retain them, if one decides to configure it that way.

Does the forum require registration before posting? Throw captcha and admin approval on that. ie, stop the spammers from being able to post at all.

Sadly, captchas don't stop spammers, they just force them to use cheap labour to solve captchas.

On the IPCOP community forum we require the first 5 posts be moderator approved before being published.

That way ZERO spam is published on the forum.

Yes, it does slow down dialog for new forum members, but did I mention the ZERO published spam factor?

We have enough moderators that the delay is rarely more then a few hours, and never more then 24hrs.

Before that, spam was a growing problem, no matter what type of captcha we tried.

_________________
Either provide enough details for people to help, or sit back and listen to the crickets chirp.
Security thru obscurity is a myth - and really really annoying.

Cloudflare can help to block some incoming requests from IPs that are known to be spammers or otherwise behave poorly. I like how Linode password protected the account sign up and log in pages for the forum so that there would be an extra little hurdle for bots to clear.

I agree that depending on the burden of spam, more restrictive practices may be needed. I've personally had excellent success with Asirra ("kitten auth") on my wiki: http://hemonc.org/w/index.php?title=Spe ... =Main+Page

_________________
Amateur, eager to learn.
My hematology, oncology, and chemotherapy regimen wiki

oh jeez, almost forgot the one that dropped my spam registrations a ton. Add a question during the registration process that is on topic for the forum, so not easily answered by a machine.

Machine solving is not a significant factor, and captchas that ask questions like "select pictures of cats" instead of "type in this hard to read text" are not any more effective. Spammers increasingly just use cheap human labour to do this. It costs next to nothing to pay people in North America to solve captchas in bulk, let alone people from countries with cheaper labour costs.

I guess your mileage may vary then. Kitten auth sure worked well for me; I believe it's randomized sufficiently that solved challenges can't be reused. If somebody wants to waste money paying someone to sign up for accounts on my site, that's fine--they still couldn't post because accounts need to have editing rights manually approved. I was just tired of the new user logs being full of would-be spammers.

_________________
Amateur, eager to learn.
My hematology, oncology, and chemotherapy regimen wiki

I second vonskippy's solution.

_________________
Ubuntu 10.4 LTS, Apache2, LAMP, n00b

Online Shopping

Many thanks for the replies. Has anybody used www.impermium.com.If yes, please let me know about its effectiveness. I have installed MOLLOM and altho it is warding of spammers it is making life difficult for genuine posters also. DRUPAL has a facility to block IP addresses and I am using that. I have blocked quite a few IP addresses. If i use that facility is there any need to install TROLL and MISERY modules from DRUPAL.

The problem with MOLLOM is the user has to fill up CAPTCHA once or twice before he can post and people do not have that much of time.

Thanks once again for all help,

Reagrds,

Veerendra Darakh

I haven't used any Drupal forums so really can't give you any resources specifically for them. I used BBpress forum engine (when it was standalone) and I must say Akismet DID the job. Especially it was VERY GOOD at blocking real spam. To prevent the SEO spammers, we had to do some tweaks on the core code itself.

Anyway - probably you can have a look at http://www.stopforumspam.com API.

_________________
Ubuntu 10.4 LTS, Apache2, LAMP, n00b

Online Shopping

I run a rather large forum and have found that people sign has pretty much eliminated all spam. Although at this time there is no official plugin/mod for Drupal there is a PHP method you may want to check out.

_________________
- Will

I run a rather large forum and have found that people sign has pretty much eliminated all spam. Although at this time there is no official plugin/mod for Drupal there is a PHP method you may want to check out.

_________________
- Will

Could somebody pls elaborate what is people sign and where can I find the PHP method ? Has anybody tried www.areyouahuman.com ? Which other good web security companies are available to reduce spam.

Thanks in advance for all the responses.

Regards,

Veerendra Darakh

peoplesign.com