Categories: vBulletin

Preventing Spam on vBulletin Forums

Spam is an ever present problem on the internet. Be it regular old email spam, blog comment spam, or in our case community spam it’s an issue for all of us. I’ve been asked more than a few times why I rarely complain about spam on my boards and could I offer some suggestions. Here I am writing this tutorial. It’s because two vBulletin mods have been working great in tandem for me. Stop The Bots and vB Stop Forum Spam has cut spam instances on ODJT down to almost nothing. The best way to stop spam is to stop spammers from registering in the first place.

Stop the bots prevents spammers from registering by timing how long it takes to fill out the registration form. If it takes less than 15 seconds from page load to submission you can be 99% sure the form was filled out by automated means versus someone typing it in. Filled by automated means usually means it’s a bot. There are some exceptions form fillers such as Roboform, LastPass, and even the browser’s auto-complete can fill fields in the blink of an eye. I’ve edited the registration template to include a warning not to use form fillers.  Stop the bots denies registration if it is submitted too quickly. As an administrator you can modify the threshold. My boards are set to 15 seconds which has served me well.

vB Stop Forum Spam is another great tool. This checks the registrants information against the Stop Forum Spam database. If the username, email address, or IP is listed in the database registration on your board is denied. You can pick and choose what checks you want. I only check IPs and email addresses as if a common name such as Mike ends up in the database it can prevent legitimate registrations.

We’ve now done every thing to prevent bots and known spammers from registering. Even with these mods in place there will still be some that get past these checks as some spammers are just regular people. Other types of spam are profile spam, private message spam, signature spam, social group spam and visitor message spam.

  • Profile spam: Registering confirming your email address, never posting put putting a spammy link as your home page URL.
  • Private message spam: Just like email spam. Registering and trying to PM every member with your link or sales pitch.
  • Signature spam: A member signing up and posting generic messages whilst having a signature filled with spammy links.
  • Social Group Spam: Registering and either creating a new social group or posting spam in existing groups. This is troublesome because social groups are tucked away in the corner and on most boards not paid much attention to by the moderators.
  • Visitor message spam: Posting spam as a visitor message. This happen two ways:  One is simply spamming other members profiles just like PM spam. The second way is more troublesome the spammer posts spam and links on their profile as a visitor message. Visitor message spam like social group spam goes mostly unnoticed as how often do we view the profiles of member who don’t post?

Luckily these spam types are easily thwarted by user group controls. Once a member confirms their email address they’re automatically placed in the Registered Users group. You simply lock down the registered users group permissions (ACP > Usergroups > Usergroup Manager > Edit Registered Users) and create an automatic promotion to another group with less controls for member with more than 5, 10, or what ever number you feel comfortable with mine is 25 posts. 10 is a good starting point as within 10 posts they’ll present themselves as legitimate members or not.

First we lock down General Permissions:

click for full size

Set “Can Edit Own Profile” to No. This thwarts profile spam and signature spam. By disallowing the member to edit their profile information, add a spam link as their homepage, and disallowing them from editing their signature. It also restricts avatars, profile pictures, and options. I suggest only using this option if you have a short post requirement before promoting them.

Next we lock down Private Messages:

click for full size

Set Maximum Stored Messages to 1. In combination with setting save sent PMs as the default registration option the member can only send one message. Normally I would say completely disable it but this leaves the option of the new member contacting me or another moderator for help with something if they are unfamiliar with forums.

Next up Visitor Messages:

click for full size

Here we set both Can Post Visitor Message to Own Profile and Can Post Visitor Messages to Others’ Profile to No. This prevents both types of visitor message spam outlined above.

Last up is Social Groups:

click for full size

Here we set Can Join Social Groups and Can Create Own Social Groups to No. This prevents all social group spam. I would go so far as suggestion disable social groups all together as I haven’t seen much use for them even among regular members but that’s your decision.

These settings will prevent the vast majority of spam. The down side of it is once in a while a legitimate new member will complain about restricted permissions. If someone complains, I manually drop them into the promoted users group. Problem solved. I’ve been barely affected by the uptick in spam since the New Year (2011). Stop the Bots is denying registration to 20-30 people per day on  most days. Of course determined spammers will get through. Be it salesman who markets to your niche or the rare non-bot that signs up and spams manually.  vB Stop Forum Spam stops known spammers by blacklisting IPs and email addresses. On the whole my forum deals with maybe 3 or 4 spammers per month since implementing these measures. That’s a number you won’t hear me gripe about anytime soon. 🙂

What about you? There’s a million ways to skin a cat. How do you prevent spam on your forums? Any tips and tricks for me? Sound off in the comments.

Dan The Man:

View Comments (1)

  • I use Fassim Stop Spam, I feel that it works better than the others. I would get a lot of false positives with them. With Fassim I can block countries or just allow countries to my forum, much easier than editing the apache .htaccess file. and with the statistics page they give you I can see where my new reg's are coming from. try them http://www.fassim.com