« Bad Behavior 2.1.2
Bad Behavior 2.0.37 and 2.1.3 »

Stop Forum Spam

February 20th, 2010 by Michael Hampton

Recently it was suggested to me that Bad Behavior could incorporate support for Stop Forum Spam.

Stop Forum Spam is meant to be a list of IP addresses, emails and usernames which spammers use when registering or posting spam to forums. It seems to work well, but it has some shortcomings.

First among them is it has no native support for DNSBL. Instead, it exports its data to a third party DNSBL where the data is commingled with other data from unknown sources, making it difficult to use effectively.

Second is that it has no clearly defined removal policy. It does provide a form where people can request manual removal, but it also implies that a “network administrator” has to request removal.

After much experimentation with blackhole lists over the years, Bad Behavior currently uses only the Project Honey Pot http:BL list (and it is disabled by default). This list works very well at catching actual spammers, and it provides instant automatic removal for the very few legitimate users who happen to get caught by it.

Bad Behavior is meant to provide as little inconvenience to legitimate users as possible. When it happens, the user must be given clear directions on how to resolve the problem and ideally must be able to restore their access as soon as possible, e.g., by removing the viruses from their computer, etc.

Because it lacks a removal policy and clear process, it will not be appropriate to incorporate Stop Forum Spam at this time. I will continue to monitor the service and if it changes to allow for easier removal by legitimate users, then it may be incorporated in the future.

15 Responses to “Stop Forum Spam”

  1. 1

    Álvaro Degives-Más Says

    Couldn’t agree more with that rationale. Thanks for the clarification.

    Feb 20th, 2010 at 10:04 pm   

  2. 2

    Randy Brown Says

    I also agree.. i’m glad to see that you think things thru before jumping in.
    keep up the good work.

    Feb 21st, 2010 at 2:19 am   

  3. 3

    Ipstenu Says

    As the accidental suggester, I have to say that these reasons for NOT including it are really well reasoned and insightful. I hadn’t thought about DNSBL for example.

    I would think that the removal process is ‘okay’ as is. I just ran it (after finding out my office IP was listed – Idiot coworkers, I also scrubbed two PCs) with my name and email (and reason, see above) and it was magically removed, just like that. Now, I know that if someone else on the office network gets a dumb hair up with an infection, it could happen again, but to my inexperienced eye (I’m more familiar with desktop viruses) it’s easier than being removed from HoneyPot.

    Feb 22nd, 2010 at 3:01 pm   

  4. 4

    Mountain Says

    Good idea to not use those funky stop lists. They are worthless without a way for legit users to get off the list.

    That being said, did something funky happen over the last 48 hours? We were in the middle of negotiating an advertising deal, and Bad Behavior blocked my potential advertiser from viewing my site. That is incredibly bad…

    Only way I could quickly fix was to disable Bad Behavior.

    Lesson: If you use this plugin, be very careful, it may block important and legit site users.

    Apr 9th, 2010 at 5:14 pm   

  5. 5

    Michael Hampton Says

    Anyone who is blocked is provided with a technical support key. I can do nothing without this key.

    Apr 9th, 2010 at 5:16 pm   

  6. 6

    Mike Says

    Another service you might consider incorporating is the one at http://botscout.com. It’s a frequently-updated list of known IPs and email addresses from spammers and bots. One point worth mentioning is that they do respond to removal requests, usually within 24 hours.

    They have plugins for a lot forums and several blogs, and I believe there is a WordPress plugin (http://wordpress.org/support/topic/319760) but you might consider adding it to the Bad Behavior code as well.

    FWIW, I use the Botscout code (API) in my Oracle discussion forum and I’ve been *extremely* happy with it. Its cut the spammer and bot registrations down from about ~100 a week to one or two (probably human spammers).

    Apr 24th, 2010 at 1:17 am   

  7. 7

    sam Says

    I have WP Spam Free, Bad Behavior, and ban IP’s on my cpanel and still the same people-with different IP addresses each time are able to penetrate all of these spam plugins. Does anyone have one that really can stop these idiots or are we always going to get these freakin’ hackers with nothing better to do than spam sites?
    I am fed up with them. Will close comments down completely.

    Jun 15th, 2010 at 1:48 am   

  8. 8

    sam Says

    BTW, why do I have to look up IP addresses-these guys buy them a dime a dozen…and can out smart the smartest plugins -even BB.

    Jun 15th, 2010 at 1:50 am   

  9. 9

    Moore Says

    Had to LOL about the suggestion to use Botscout instead of StopForumSpam..

    Apparently from what I read on StopForumSpam’s forum, BotScout have recently been caught stealing data directly from the free stopforumpspam database, that data is then added to the Botscout database and sold to subscribers :D

    So based on that I don’t think that incorporating Botscout would be a good idea as a replacement.

    Another similar php protection script to BadBehavior called ZB Block has added support for StopForumSpam and the author is a moderator on their forum too.

    I think if you could add support for stopforumspam and leave it off by default, people who are suffering more than others could test it out a little and see if it helps.

    Project Honeypot HTTP:BL seems to be working pretty good so far though.

    Thanks for making a kick ass script. :)

    Jul 8th, 2010 at 12:53 am   

  10. 10

    Glen Says

    I hear the people from botscout also worship satan and eat babies for breakfast! But that’s just what I read on the interweb.

    Personally I don’t have a problem with the botscout service, it works for me and they haven’t asked me to pay anything.

    Jul 9th, 2010 at 1:24 pm   

  11. 11

    paul Says

    Isnt it ironic, that a blog about stopping blog spam, has lots of blog spam on it.

    I think youll find that stopforumspam has an automated removal system, available on the main (and every) page menu.

    Sep 7th, 2010 at 11:05 am   

  12. 12

    Michael Hampton Says

    That is pretty ironic.

    Anyway, the policy and process are still completely unclear, as I noted before. The fact that there’s a removal form is utterly meaningless.

    Sep 7th, 2010 at 5:33 pm   

  13. 13

    JD Says

    I’ve submitted my IP for removal several times and it’s still there. I think the form either doesn’t work or it’s a sham.

    Sep 8th, 2010 at 12:32 am   

  14. 14

    VedsPekshesia Says

    This website brings the most recent hollywood news and information on topics like travel.

    Oct 24th, 2010 at 8:06 pm   

  15. 15

    cidayjissigma Says

    Witam…

    zarjestrowalem sie tutaj w forum u was aby was ostzecz pzed zlodziejami.
    Nie wiem czy ja tu w tym threadzie jestem ok, jak nie prosze pzesunac :) .
    OK, hcialem wam troche napisac o “firmie” Omega Okna w Gdyni. Kupilem tam okna schuco ktore byli zepsute. Nieststy ta firma hciala abym zaplacil z gory za te okna bo by tak ani by nie zaczeli tych okien prodokowac… no wiec zaplacilem i co dostalem? gowno!! Porysowane szkla i do tego obszczerbione.
    Ale co najgorsze jest ze Firma Omega Okna nie hciala kooperowac z klientem, jak ma force to ich nie interesuje wiecej klient. Powiedzieli mi abym sie doslownie w dupe pocalowal. Co to za guwno??? To nie firma, to czyste zlodziejstwo! Nie mam slow, dlatego sie tu zarejestrowalem aby was ostzedc pzed takimi zlodziejami. Moze ktos z was wie jak pzeciwko tej firmie dzialac?

    pozdrowienia..

    Oct 24th, 2010 at 9:19 pm