Spam has always been an ongoing battle for community owners as spammers find new ways to circumvent existing anti-spam practices.

We have seen an uptick in new ways spammers are breaking through existing defense.

As such, we here at Invision Community continue to look at new ways for community managers to combat against spam. For our September release, we have added several new tools that can prevent spammers from registering in the first place and help combat them even if they register successfully.

Let's take a look at these new tools and settings.

Geolocation based registration filtering

Oftentimes, spam attacks can originate using bots and servers from specific regions. Using our existing Geolocation service, we have now added filters that will allow administrators to hold registrations from specific regions for administrator review, or deny the registration entirely.

Using this, administrators whose communities are under a spam attack from a specific region, can temporarily filter registrations from that region. Multiple regions can be defined at once, and each individual region can either be held for administrator review, or denied completely.

Disposable Email Filtering

We have added an extra option to our spam defense system to filter users registering with throwaway disposable emails, which are often used by spammers to bypass email validation.

During Spam Defense checking, we now also check the domain in use for the registration against a frequently maintained list. If the user passes through the normal spam defense checking, but is found to have a disposable email address, then the administrator can define one of the following actions to be taken.

• Allow the registration to proceed
• Allow the registration, but moderate all posts (which an option to remove moderation after a certain amount)
• Flag the account for administrator review
• Register the account but immediately ban it
• Completely deny the registration

For both Geolocation and disposable email filtering, the existing Spam Defense Whitelist is always honored ahead of these filters.

Contact Us Email Verification

A common pain point has been the Contact Us page. While the spam does not go to a user facing location, it does still land in the administrators inbox, or other area defined by the sites Contact Us settings.

To help with this, if a visitor who is not logged in attempts to use the Contact Us page, then in addition to the existing CAPTCHA, the administrator can optionally require the person to verify their email address before the message is ever sent. This applies to all Contact Us behaviors, including any added by third party applications.

Cloud Content Analysis

For our Invision Community Cloud customers, we have also added an additional layer of spam prevention after registration.

After a user registers, or if the account has been dormant, then the first few content submissions will be analyzed using a custom developed algorithm within our platform.

The algorithm takes into factor many different elements of the content, and will rank the post between 1 (not spam) and 5 (definitely spam).

The algorithm can be constantly adjusted and improved based on trends without any intervention from the administrator, and without the need to update to new releases of Invision Community.

The administrator can then decide one of the following actions to take based on the score that was received.

• Allow the submission
• Hold the submission for moderator review
• Deny the submission completely

Of course, specific groups can be made exempt from this and not have their content checked at all, which is useful for sites with subscription based registrations which may not want to have this applied to new subscribers, but do want to have new non-subscribers checked.

Spam can quickly become a headache for most community managers, and these new tools will help further combat it at the source. For our enterprise and Invision Community Cloud customers, being able to check for spam when posting is a new tool which will further filter out more of those annoying topics and posts.

We hope these new features give you additional tools in the fight against spam.

The features and changes presented here are available in the following packages:

Geolocation based registration filtering, Disposable Email Filtering, Contact Us Email Verification: Beginner, Creator, Creator Pro, Team, Business, Enterprise, Invision Community Classic (Self Hosted).

Content Analysis: Beginner, Creator, Creator Pro, Team, Business, Enterprise.

View full blog entry

Ryan and the team have done a fantastic job with these new tools and I'm really keen to see how they help in the current spam wave we're all experiencing.

 

Beautiful tool, my forums are overrun with spam. Initially from Russia, now from Finland and Germany.

But when a admin in our community reports a user as a spammer, does IPS Spam receive a report to learn new data? 

I would like to have a tool in Admin for mass management of users...

It may be worth checking in with Cloudflare and banning traffic from certain countries like Russia, China, etc. Navigate to the Firewall menu and select the "Tools" option. Choose "IP Access Rules" and create a new rule for the country you want to block. Select "Block" as the action and enter the country code or name you wish to block. 

Are you able to mention what you're using to filter disposable emails?

I have an application that uses kickboxes free disposable email checking tool, but it seems like they've become a bit less reliable lately. I still get a lot of disposable emails that get through the service. It catches some, but not all. They used to have a much stronger catch rate.

There are other paid API endpoints out there that do a much better job, but they require a monthly subscription to use.

Are you using any singular service, a combination of databases on your infeastructure, or is it a "select your service" type thing (which I'm guessing it's not since it's tied into your spam service)

Very cool to see this being added to the core software regardless! People using disposable emails to register accounts for spam or to bypass other limits/restrictions has definitely been a growing problem I've seen.

Edited August 16, 20231 yr by Makoto

 

Contact Us Email Verification

A common pain point has been the Contact Us page. While the spam does not go to a user facing location, it does still land in the administrators inbox, or other area defined by the sites Contact Us settings.

To help with this, if a visitor who is not logged in attempts to use the Contact Us page, then in addition to the existing CAPTCHA, the administrator can optionally require the person to verify their email address before the message is ever sent. This applies to all Contact Us behaviors, including any added by third party applications.

 

Excellent.

Spam via the Contact form gets to the point you start ignoring the emails due to the volume.

 

Do you have some IPs you can share that I can check this with?

I have already deleted all the spam users, in the next days I will post here some of them.

 

This will take a LONG time to add all countries.

Are you sure you want to add THAT MANY countries anyway? I suggest you to be careful with that, some "real" users from those countries would maybe like to register to your website and they would not be able to.

I love the addition BUT I wish you offered an option to either go the Blacklist route and select countries you want to blacklist OR whitelist route which you can select a country or countries to only allow access.

Its a great first step though.. maybe my suggestion might be added in the future.  Would make things a lot easier.