SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

How to tackle SPAM with SMF?

Started by flapjack, April 18, 2010, 06:40:38 PM

Previous topic - Next topic


sure wish SMF would improve spam solutions built in the program, for those of us not comfortable editing the files. :)


seems the options for blocking bots from joining are limited... I tried 2 mods and neither one worked. :(

seems that the captcha built into smf no longer works... a shame.


sorry but you need to give some more details, not "I tried 2 mods and neither one worked."


How do you stop a banned user from posting to your forum?

I have installed a httpBL and Stop Spammer bots and although they did stop some registrations I now get a banned user posting messages to the forum.



Quote from: Utech22 on May 03, 2010, 11:42:03 PM
Nice post, I will continue reading it tomorrow.
Love it! A content-free post, and obvious spam in the avatar and signature.

One thing everyone is missing here is that it does no good to have only a "hard shell" or "hard crust" defense to try to keep spammers from signing up in the first place. You can reject all the signups you want based on the inability of a bot to solve a visual puzzle or answer questions, and many will still get through (by using humans to do the signup). You can reject signups by email address or use of proxies or by IP address range, and you risk turning away valuable members (especially if you desire worldwide membership).

Any forum needs, in addition, "defense in depth" measures to detect spammers by their content or behavior. For content, you can look for keywords and phrases (after turning v1@gra into you-know-what). You can look for blocks of text copied from earlier posts. You can be suspicious of new members trying to spew out dozens of posts on their first day. You can demand that new members solve a visual puzzle and/or answer questions for their first N posts. You can ban post and signature links for new members. You can follow links and see if they go to commercial-looking sites, and selectively disable those links. There are lots of things a forum could do to flag possible or probable spammers. It would be good to automatically disable member accounts that trip the detectors, or are flagged by other members, or at least hide posts until they can be reviewed.

As spammers get more sophisticated, we have to fight back with more elaborate defenses. Simply making the crust harder, but leaving the interior soft and gooey and delicious, won't slow spammers for long. I have some more thoughts on this in my sig > Projects that you might like to browse.


interesting well written article thank you


I'd be happy enough ( I think), if I could just block all other country ip's except for the US.

Anyone know how this is done or have a link to same?


Quote from: etbrown4 on May 21, 2011, 01:05:10 AM
I'd be happy enough ( I think), if I could just block all other country ip's except for the US.

Anyone know how this is done or have a link to same?

I want the same thing - well, almost.

I want to be able to block all account registrations except for those coming from the USA or Canada.

My forum is focused exclusively on a region of the US and Canada.  I do not want any users registering from Ukraine (about 30 of those today so far, and I expect another 10 before I go to sleep), Russia (a dozen of them), China (half dozen) or elsewhere.  None of these overseas users are "valuable" to me - they are not welcome, even if 1 out of 10,000 is not a spammer.

There's really no way to do this?


If a spammer wants to get into any site , even though all ip's are blocked out of the US/Canada IP range .... All a spammer with have to do it to use a proxy with a IP from US or Canada. Just when you think that you have all IP's that are Blocked, Well ... Here comes IP V6 knocking at our own site. Our next block of IP's from Arin, will be in the IP v6 range ( From the ISP that I work for ).

We can't win for loosing, for spammers will always be a pain in our @**es. All we can do it just make it harder and to make spammers inpatient for answering more questions b4 they post, and maybe that person/bot will just move on to another site. :)

There are some spam mods that claim to work decent, but nothing so far is 100% spam proof without denying innocent new members.
Over 1100 Online Flash Games 


Ive had alot of issues with spam in the past pretty much any time I use any CAPTCHA Now I just use SA Facebook and make it Registration Method Facebook only.  Still get spammers but they don't register.

If ya want to check how it looks


There is a trick to using the two registration questions verifying that the person is a human.

You can fill out the anti spam section and provide the required questions and the mandatory answers.

We thought we had accomplished this months ago - only to find that we had not succeeded. :(

The quirk, and almost bug, is that after you do all that input the is a tiny checkbox at the bottom of the page and if you don't check it, you don;t have antispam really working.

We only found this by accident when we tried a sample signup and the questions were not asked.

This lillte checkbox would be best highlighted or moved to a more prominent place. :)

Good news though. With those anti=bot questions really working - our spammer signups have dropped to ZERO.  That's progress!


The forum will be clean and spam free if all the members are willing to help the moderators by clicking "Report to moderator". Some site are using the filter like a certain post should be approved by a moderator before it become visible. It that sense we can avoid spam posts, however, it's a tedious and time consuming work for our moderators.


I have to admit I was a little surprised at the captcha not having any noise in the image.

All in all, didn't feel much more cumbersome than normal sign up and if it keeps the spammers out, go for it.


Very nice post!!!!!!!

I managed to completely tackle all spam on my forum by doing a few simple things myself- although I still get a few profile link spammers still- but their links are no-follow. Forum Promotion



Thanks for sharing this with us..And i would like to say that it is a wonderful site..I liked it very much..I am sure of visiting this site very often..


Is it possible to limit those that can register to a certain domain?  For instance, if every member of my forum was to be a part of a certain organization that gave out email addresses to those who were members, could I filter out any registrations that did not end in: 

If so, can someone detail how to do this?

j razz


This has been discussed before. Basically, you could modify the code to "invert" the ban-by-email-domain test. If a registrant's email matches any domain in the list, instead of failing it (banned) it would pass, and vice-versa if it's not found in the list. I'd be surprised if there wasn't a mod already to do this -- have you searched?


I did run a search and that is what brought me to this thread.  Apparently I don't know the terms to search for, but your post is helpful as it gives me some terms to look for in search (Ban-by-email-domain test). 

Thanks MrPhil.

j razz


I have managed to eliminate automated spammers registering on my forum by simply adding two questions to the registration procedure. The questions are not difficult to answer for a human but they have been effective in keeping out bot registration. Now I only get an occasional human spammer registering rather than the flood of automated registrations I got when I first started my forum.

I have also banned some of the most common IP addresses used by automated spammers.