How And Why is My Forum Being Spammed? A Quick Explaination

If you’re new to all this forum/blog spam you most likely have a boat load of questions, but mostly you just want it to stop. Stopping spammers is easier than you might think, install a mod from Stop Forum Spam is a great step in the right direction. But having a basic understanding of the whys & hows will also make the job much easier.

What you are about to read is very basic explanations. They are by no means meant to cover every possible scenario. They are meant to give a basic understanding of what is going on.

Spammer Mentality, or lack there of!

First, you must understand that the people that are doing the spamming are a group of very twisted individuals.stupid_spammer1
These people believe that defacing your forum or blog, stealing your bandwidth and spreading their garbage is their God Given right and you should be honored they are plastering your site. They are proud of what they do. They believe that spamming is an ethical way to to business. They also believe, that by spamming your site they are doing you a favor.
My response to that mentality… well, in order to keep this clean, I’ll just say, No Hesitation, No Mercy, No Remorse.

Why do they spam?
There are only 2 reasons why people spam.
1: To make money. By increasing a websites Page Rank (PR), or through “affiliate” links.
2: To spread Trojans/Viruses.
(remember folks…..”basic explanations”!)

Now lets look at the “How” they spam.
How do they find your forum/blog.
One (of the many many ways) is by searching for the forum or blog they want to spam. For example, lets say they have setup the software to blast Simple Machines Forums (SMF). All they have to do is search Google for, “Powered by SMF” which returns about 40,800,000 results. They then scrape the results, clean them, and load the list into the software. Which is all automated by the way.
There are a blue million other ways, but that’s just one example to show you that if Google has indexed your site, they can find it.

The actual spamming!
This to, has 2 ways. Automated and Manual.spammer_troll
Automated spamming is done with software like xrumer, senuke and a few others.
xrumer is the most commonly used spamming software. It can be ran from a PC or setup on a VPS or dedicated server. It can join and post at a very fast rate. I’ve had one create 8 accounts and post 8 times in one second. (most likely running in aggressive mode on dedicated server with a small list) Anyway, the point is, it can hammer a lot of sites very quickly.

Manual Spamming!
This is pretty self explanatory. Normally, you won’t see these people on forums unless it’s a high PR site or is very targeted and or moderated. I like to call them delusional spammers, as what they are doing will have very little effect in making them money.

Other Stuff!
You now know a little of why & how. Now lets look at some other tid bits.
All of the software uses proxy lists to protect the real submitting IP. Although some are to stupid to figure out how to load the list.
The software does not parse JavaScript unless it has to with solving CAPTCHA or re-CAPTCHA.
It noes not load images or CSS.
This is why you will never see hits from a bot, until after it logs in, in your forum/blog logs. But, you can see the hits in your server access logs.

Spammers never actually “see” your website. Even if they are manually solving your CAPTCHA, which pops up in a side scrolling window for them to solve. They can however,check your site to see if their post was successful or looks okay. But, few ever do, because they are greedy and lazy.

Yes xrumer can defeat CAPTCHA and re-CAPTCHA automatically. It’s processor intensive and slows down posting but it can do it. Although some spammers like to use a paid CAPTCHA solving service.

The software cannot get past a series of human question and answer fields automatically. If the Q&A’s are canned, it can get past it, because botmaster (the creator of xrumer) has a database of the canned data. So make your own Q&A’s.

Finally, the good old “spammer posting messed up links”
This is really funny once you know why they are doing it.
Some of the software has what is called an article/ad spinner. It basically works like so..

{Here we have a|This is a|This is an example of a} {sentence|phrase|passage} that is {ready|all set|geared up|prepared} to be {spun|created|made} into other {passages|sentences|phrases}.

The software will spin the ad x number of times alternating the words inside the { } so each will appear unique.

Now what happens is, the spammer doesn’t have a clue how to correctly format his ads, so when he hits spin, it totally porks his links along with everything else. He then blasts out messed up ads while never bothering to check the results, thus we get to see the true IQ and utter laziness of a spammer.

There are a whole lot more tactics spammer use, cookie stuffing, click jacking, filter pages, double redirects etc…
But hopefully, this has given you a little better basic understanding of what is going on.

This entry was posted in Comment Spam and tagged , , feedback. Bookmark the permalink.

5 Responses to How And Why is My Forum Being Spammed? A Quick Explaination

  1. Norma Floras says:

    80. I was just looking for this info for a while. After 6 hours of continuous Googleing, finally I got it in your site. I wonder what is the lack of Google strategy that do not rank this kind of informative websites in top of the list. Normally the top sites are full of garbage.
    The above is a typical spam comment. Notice it starts with “80.” that is how some spammers keep track of their comments. You will also notice it has nothing to do with the post. You will also find this dumb arse listed in anti-spam databases.

  2. KaS says:

    Doh! Yes that link is better! Thanks “theBlog”

  3. KaS says:

    This is an excellent article! So many people complain to me about “those dam teenager spammers with nothing better to do!” and “why are they spamming me? Their posts don’t even make sense! What are they trying to do?” are all answered in this! Thanks for this write up! I am definitely sharing with a few people even though this might actually be too advanced for many of the ones that have said the above quotes to me.

    I don’t let them delete their accounts, I also limit the time they can edit their posts and profiles and take away access to view other’s profiles as well as making it so that BBC is not allowed so that their links and pictures are not clickable.

    Then when they spam I have their posts and IP and email for evidence. The only thing is they quickly change IP and email faster than a germaphobe changes his underoos

    If dealing with spammers is consuming so much time, automate the process or install programs such as Stop Forum Spam to help with the spam. phpBB check out this:

    (I know there is a better link somewhere but I don’t deal with phpBB too much)

  4. Blog says:

    Good idea! A “How to report spammers” is on the list. ;)

    You’re correct, blog and forum spammers do use different tactics.
    Blog spammers a now easier to block. As this post shows,

    First, don’t allow members to delete their account. That way once they register… you got the little buggers!
    Second, install the Stop Spammer mod from Stop Forum Spam
    Third, Grab Forum Spam List Checker (FSLC for short) from Gunner’s site. It’s bloody Awesome for checking and reporting spammers.

    That should make your job a lot easier! ;)

  5. Richard Hollenbeck says:

    I use both WordPress and pbpBB. The tactics used by spammers tend to be a little different on both. For example, on WordPress, they just post some flattering statement in very poor English telling me that I write like a professional writer, or that my website was so helpful. But they do not comment about anything specific to my content. So I visit their site to learn they are promoting some spammy product. I mark them as spam. I don’t know how to report spam. Maybe a new post on how to do report spam would be helpful. I’ll look to see if you already have such a post.

    With the bulletin board, they often register, activate, post their junk, and then unregister before I can ban their IP address. Otherwise, they just register but never activate their account.

    Question: Why do they do that? What good does it do them to register and never follow-up with email activation?

    But I administrate their account, copy their IP address, and Google their address to learn that about 95% or more of the time, these IP addresses are on at least one and usually more than one list of known spammers. So I ban the IP address, but I spend more time doing this than I do actually creating content.

Add Comment Register

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>