Jump to content

Invision Community Blog


Our take on managing successful online communities

Matt
 

Build a fortress: stop spam in your community

We all know what a pain spam can be. We deal with it daily in our inboxes often relying on clever software to filter it out for us. Even worse, some spam is so well disguised that it can fool you into thinking it is a genuine message.

You've put in the hard work with your community. You've used the built in social promotion tools and SEO features to get it noticed. Now that it's indexing well with Google, you've become a target.

Invision Community has several tools in its arsenal to deal with spam leaving you free to concentrate on your members and content. We'll take a look at these tools in more detail.

First, it's important to know that there are two main types of spam. Computer generated and human generated.

Computer generated spam is malicious software that throws millions of messages out and hopes some sticks to high profile communities.

Human generated spam is more pernicious as it can often bypass automated measures. Human spammers often register accounts and post as members on your community.

 

The first line of defense
Invision Community comes equipped with Spam Defense. This is free with all cloud and licensed plans. Spam Defense harnesses the combined knowledge of thousands of Invision Communities. It will assess the potential threat of each new user and stop them before they can cause any problems.

To date, Spam Defense has blocked over 3,000,000 spam accounts.

Spam Defense works by evaluating the registering member against its database. It will score the account from 1 (not a spammer) to 4 (a known spammer) allowing you to decide what to do with each level.

 

5a0dcf87b0fad_SpamPrevention2017-11-1617-45-25.thumb.png.3890fd3b13c590313e2474d7a140faf9.png

If a spammer gets past the Spam Defense, flag them as a spammer using the built in tools. This will clear up all their posts in a single action and report back to Spam Defense that this account has spammed your site. These community led reports allow Spam Defense to learn and adapt.

 

Preventing spammers from registering
The CAPTCHA ("Completely Automated Public Turing test to tell Computers and Humans Apart") is a well tested and robust method to defeat computerised spammers. It is usually a small widget on a sign up form that asks you to re-enter words shown in an image.

Invision Community supports Recaptcha2 by Google, meaning that in most cases your users don't even have to type in random letters. Instead, Google algorithms determine if the user is human or otherwise. Invision Community supports KeyCaptcha. This requires guests to solve a simple problem before they can contribute.

5a0dc9003a2f0_Registration-InvisionCommunity2017-11-1616-56-36.thumb.png.244301412728e4c7f5eab1517bf005bb.png

 

The Question and Answer challenge works on its own or in conjunction with a CAPTCHA. This system allows you to create simple question and answer challenges unique to your community. As these answers are unique, computerized spammers cannot solve them. Also, human spammers not knowledable with your niche are often unable to solve them too.

While the above are great for reducing the number of computerized spammers, we need to be especially clever to weed out human spammers.

 

Dealing with human spammers
Smart configuration of your community will also help in defeating spammers. Invision Community supports posting without registering. This feature allows for fast engagement but use it with caution. It works best if you only allow it for specific forums.

Invision Community's membership promotion system also has tools which you can leverage.

To make your site less appealing to human spammers, you can configure two membership groups. Let us look at an example which uses "New Members" and "Members".

"New Members" is the default group for new registrations. In this group you can remove the ability to add a signature to each post. Often spammers use signatures to earn referrals on links.

You can also define a limit for posts per day. This will throttle the number of spam posts a member can make.

 

5a0dcf820e7a7_GroupPromotionRules2017-11-1617-45-07.thumb.png.f9ef91848bffdae0d0438be005798ebf.png

Now that you have your "New Members" group set up to build trust, you can promote them using Group Promotions.

A good strategy is to promote them to "Members" when they have reached a certain level of reputation. This shows that they have become a trusted member of the community.

You may wish to promote them a week after joining knowing that spammers usually leave after a day or so.

There are many different criteria you can use allowing you to tailor it for your own needs.

 

Summary
Dealing with spam is a reality for every successful community. Invision Community has several features to mitigate its impact.

Through leveraging its built in tools to smart configuration, you can make your community a fortress against spam. In addition, our exclusive Spam Defense system grows and learns every day stopping spammers from registering.

To learn how to configure Invision Community's spam prevention tools, please see our help guide.

Not using Invision Community? We can convert you from other platforms preserving your data. Our migration page has more information on the platforms we can convert you from.

Edited by Matt


Comments

Recommended Comments

In my expirience unfortunately there is too much false positive bans with "spam defence" even if only "User is a known spammer" option is used, so i'd recommend to use this feature carefully and set it to "Flag the account for manual review" instead of instant ban or preventing from register.

Also it would be great to have option "Allow user to register as normal but mark it as possible spammer for further review" which will allow to register without any restrictions but moderators will able to check this account later (for links in profile, etc).

Share this comment


Link to comment
Share on other sites

Thanks for you work IPS! You create very powerful, smart and modern systems!

Our experience of spam blocking gave to us simple rule: spam result cost must be cheaper than working for bypass instruments, needed for start spamming. We have a different user database and registration, outside from framework. So most of systems we can't use. But our solution is simple too - users can start posting something in newbie support and offtopic forums only after obtain more than 10 battles from game. More popular and serious forum categories will open after 100+ game battles. This simple rules are very expensive for spammers for make a spam, which will delete after few minuts before posting (we have moderators, which are working by scheduled plan 24/7).

So, i hope some framework systems (such as promotion) will be simplier for extend for make a custom logics. Custom logics with simple development provide very strong solution for clean up all same platforms from scripts at all and humans too (not to easy to register many accounts with different systems. a lot of service, which provide human captcha solver will be out of boat).

And thanks again! :thumbsup:

Share this comment


Link to comment
Share on other sites
2 hours ago, Mr 13 said:

In my expirience unfortunately there is too much false positive bans with "spam defence" even if only "User is a known spammer" option is used, so i'd recommend to use this feature carefully and set it to "Flag the account for manual review" instead of instant ban or preventing from register.

Also it would be great to have option "Allow user to register as normal but mark it as possible spammer for further review" which will allow to register without any restrictions but moderators will able to check this account later (for links in profile, etc).

Great ideas, thanks!

2 hours ago, Upgradeovec said:

Thanks for you work IPS! You create very powerful, smart and modern systems!

Our experience of spam blocking gave to us simple rule: spam result cost must be cheaper than working for bypass instruments, needed for start spamming. We have a different user database and registration, outside from framework. So most of systems we can't use. But our solution is simple too - users can start posting something in newbie support and offtopic forums only after obtain more than 10 battles from game. More popular and serious forum categories will open after 100+ game battles. This simple rules are very expensive for spammers for make a spam, which will delete after few minuts before posting (we have moderators, which are working by scheduled plan 24/7).

So, i hope some framework systems (such as promotion) will be simplier for extend for make a custom logics. Custom logics with simple development provide very strong solution for clean up all same platforms from scripts at all and humans too (not to easy to register many accounts with different systems. a lot of service, which provide human captcha solver will be out of boat).

And thanks again! :thumbsup:

That's a great set up and feature suggestion, thank you.

Share this comment


Link to comment
Share on other sites

I never used IPS spam system, but I had another good strategy that worked with Q&A challenges. You simply replace some of the letters in your question with cyrillic, which have many letters that overlap with latin. This way bots cannot read your question, because it is not uncommon for bots to google your question and extract the answer from the result. 

Lets imagine that the question is:

What's the capital of Great Britain?

Whаt's thе cаpitаl оf Grеаt Вritаin?

Look the same to humans, right? Try to paste it in google and see the difference. Although google smartened up (it used to completely blank on the second question), it cannot provide the automatic answer it does with the top question. So to those of you that have bots passing succesfully their Q&A challenge I would recommend to try this strategy. Or at least pick up a question that google cannot answer automatically. 

Anyway, this is past now. I have disabled the Q&A, enabled recaptcha2 and I have not seen a single spammer since then. 

Share this comment


Link to comment
Share on other sites

Another solution for humans spamming is to allow them to post but make their posts only visible to them and moderators, but not the rest of users. This way they post happily and everybody ignores them.

I know this is something that IPS doesn't have and I'm also aware it's a tool designed for trolls, but I once participated in a forum with this option for spammers and trolls and was very useful. By the time they noticed the problem they were already bored.

Share this comment


Link to comment
Share on other sites
23 minutes ago, gabs007 said:

I know this is something that IPS doesn't have and I'm also aware it's a tool designed for trolls, but I once participated in a forum with this option for spammers and trolls and was very useful. By the time they noticed the problem they were already bored.

Actually, this does exist - you can configure individual member groups to require moderator approval of content before it's shown to other members, and even define a time or an "approved posts" limit for when that restriction is automatically removed. In this instance, it will only show to the user making the post, and to moderators, as you mention.

bxcnUNsaBWZUL7xqnHVcepRa4ysO6B.png

Share this comment


Link to comment
Share on other sites
38 minutes ago, Ryan Ashbrook said:

Actually, this does exist - you can configure individual member groups to require moderator approval of content before it's shown to other members, and even define a time or an "approved posts" limit for when that restriction is automatically removed. In this instance, it will only show to the user making the post, and to moderators, as you mention.

bxcnUNsaBWZUL7xqnHVcepRa4ysO6B.png

But we can't use this option only for potential spammers (detected by "spam defence")? He meant this, i suppose.

Edited by Mr 13

Share this comment


Link to comment
Share on other sites
On 11/22/2017 at 7:52 AM, Mr 13 said:

But we can't use this option only for potential spammers (detected by "spam defence")? He meant this, i suppose.

You can. Set up your spam rules (Level 3 and 4, probably) with a "Place in this group if detected at this level" iirc.

Share this comment


Link to comment
Share on other sites
6 minutes ago, Lord Nowe said:

You can. Set up your spam rules (Level 3 and 4, probably) with a "Place in this group if detected at this level" iirc.

No. There is no option to set specific groups for detected spammers.

Share this comment


Link to comment
Share on other sites
Just now, Mr 13 said:

No. There is no option to set specific groups for detected spammers.

Eh, could've sworn there was, but been a while since I looked. You could set those levels to admin validation and manually place them (or maybe the Rules application by @Kevin Carwile can do this?). Don't quote me on that though :p

Share this comment


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  Ask A Question ×