: How do I secure my site against human spam farm attacks? I have a Q&A site that has recently been attacked by what I strongly believe to be a human spam farm, as described in these articles:
I have a Q&A site that has recently been attacked by what I strongly believe to be a human spam farm, as described in these articles:
Spammers Pay Others to Answer Security Tests
Are You Human? CAPTCHA Alternative Aims to Outsmart Computers, Not Humans
At its worst I was seeing new spam users every couple of minutes. My site has both reCAPTCHA and email verification precautions to prevent automated attacks. I've even had some of the spam accounts email back and forth with me asking why they had been blocked.
Since then, I turned on moderation for each post from a new user. They are getting more clever. Now they are copying and pasting content from other questions on my site in hopes that their relevance will get them past my moderation. Moderation is beginning to consume a lot of my time.
Our traffic on the site is now 500x what it used to be. All people looking for free movies to stream. I've removed the content, but the pages are still cached in the search engines.
I have two questions:
Are there better solutions to this problem other than adding more human moderators?
Is this additional traffic going to have negative effects on SEO?
More posts by @Chiappetta492
2 Comments
Sorted by latest first Latest Oldest Best
Are there better solutions to this problem other than adding more human moderators?
yes, automated annoyance of the spammers and their commercial objectives.
First, make sure all past and future links on your site are "nofollow"
see here for full details en.wikipedia.org/wiki/Nofollow but basically it makes your site far less attractive to spammers.
If you can, hide all forum content from the public and only allow logged-in users to see any of it. This is increasing common for forums.
Another option to consider is forcing all links to be just the raw text of the url and not an actual working link. Your users would have to copy and paste manually but at least you might still have users.
Another option is to force all links to go through a url shortener.
Another option is to block all links to domains not on a pre-approved list related to your forum. This might not be practical.
Basically anything you can think of to make links useless to spammers but still usable by your members.
If you can, add "near duplicate post" detection to your forum.
As Mike suggests, IP address is very important to filter against.
It might be worth investing in a commercial geoIP database to help narrow your filter parameters. They are typically about 95% accurate.
Bear in mind that the actual attackers may be "working remotely" and scattered over several countries.
If your target audience is geographically narrow (ie USA only) then you might filter by only letting those IPs have access.
If your target audience can tolerate it, perhaps consider adding considerable random delays (days to hours) to the registration and posting processes. Spam farms are volume businesses and if your site is "too slow" to use they WILL be encouraged to attack an easier target.
Clearly explain why you are doing this so that genuine users are not confused.
Another tool to use is rate-limiting.
ie a new user cannot post for rnd(x) days and then can only post 1 small post per day.
Slowly lessen the restrictions as time passes and a user proves they are not a spammer.
All of the suggestions should really be built-in to your forum software. If not I strongly suggest looking at an alternative.
Forum software that implements all these strategies can greatly cut down moderator manual labour by ranking all suspicious users/posts and letting the moderator focus on the ones most in need of a human decision.
Is this additional traffic going to have negative effects on SEO?
Definitely. But the faster you solve the problem the faster your SEO situation will recover.
Be aware that the google search algorithms will judge your site purely on what they see and not your intentions.
SEO is a complex topic for normal situations never mind forums that have been invaded by spammers. You would be well advised to learn more about it and seek reliable expert advise on your specific situation.
Is this additional traffic going to have negative effects on SEO?
The traffic by itself at extremely high numbers may have an impact because of all the processing the server must process for every user.
But what makes this traffic cause negative effects is the postings that result on your site. So if you have 500,000 robots within a day posting a bunch of similar advertising, then according to any keyword density tool, your site would be solely about that advertising instead of what you want it to be about because the advertising words appear more often in the page.
Are there better solutions to this problem other than adding more human moderators?
If your site is meant for a certain set of countries, you could block out IP's belonging to countries that will receive no benefit from visiting your site, for example, the Chinese.
Another thing you can do is rethink how the captcha is done. Make it stronger. Don't just do a basic one where the code is actual code in the HTML that robots can read. Make the code difficult for a robot to crack. Here's an example:
This snippet:
<p>Enter 1-2,3/4+5-6,7 in the box without punctuation</p>
Is better than:
<p>Enter 1234567 in the box</p>
Because robots do not know what the word punctuation means and by separating the code with punctuation, you just made it difficult for robots to crack.
Also, with email verification, check the domain on the spot to see if its valid and reachable, and if it is, make the user enter the code that will automatically be generated by the system and store the code in the database for later.
Don't use the same code for every user as robots can catch on to this quickly.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.