Thanks for the input Rob. I will pass it on to the forum. Some of the volunteers commented over the weekend that it was more like a denial of service attack. At one point the forum did become unavailable but Hagar contacted Infra and it was back on line promptly. A few spam messages are still coming in, at a rate I would have called high before last week, but things remain vastly better than the weekend. Francis
> > What you are seeing is odd. A successful spammer does not work this > way. They want their posts to survive and persist, to have impact. To > build up Google Pagerank they want posts on 400 different websites > rather than 400 posts on one website. It doesn't make sense to send > 400 to one website, since that will obviously draw attention from > moderators. This sounds more like a denial of service attack than > spam. > > But a few ideas that might work, based on my experience running forums: > > 1) Change the CAPTCHA used in your registration. What you have right > now is too easy. > > 2) Much forum spam is targeted at getting links to raise their search > engine position. You can remove that incentive by ensuring that all > links given by users are given the rel="nofollow" attribute. Most > major sites, like Wikipedia, online newspapers, etc., do this in order > to reduce the incentive to add spam. I have the impression that the > spammers search the web for high Pagerank websites that do not cloak > their URL's with nofollow. These sites are targeted by spammers. If > we get off that list, then we'll get less spam. > > 3) Longer term, maybe there is some way we can run forum posts through > Apache's SpamAssasin? It would probably require some custom app dev > with phpBB, but it could result in a very sophisticated anti-spam > solution. > > -Rob > > >> Francis
