The fight against BOTs and spammers is a never ending battle. glFusion continues to evolve to prevent BOTs from registering on your site or spammers posting in your forums and comments. The CAPTCHA plugin helped for a while, but even enhancing CAPTCHA to utilize services like Google's reCAPTCHA, we're finding CAPTCHAs are becoming less effective and are very inconvenient for your users. CAPTCHAs do still help, but they are not enough and many sites simply do not like to use them. With our latest release of glFusion we have added some additional BOT and spam protections that are proving to be very effective.
Types of Spam
It would be a lot simpler if we only had to combat one type of spam, but in today's environment, we have to deal with Registration spam, Forum & Comment spam, Trackback spam, Referer spam and a whole lot more.
Bots and spammers will try to register on your site so they can put links to websites in their profile information. Bots will visit your site with links to scam, porn, and other types of sites in the Referer header in hopes that you will display the Referer information in your stats. Bots and spammers will try to post spam posts with links to other sites in your forums and in comments.
Some of these we simply ignore, such as Referer spam. We would prefer these spammers not hit our sites, but we also don't display Referer information so they don't get any of the benefits they are hoping for. The other types of spam activity we want to make sure we block and stop.
Let's review the tools that are available to all glFusion sites and how we can leverage them to stop, or at least, slow down bots and spammers.
We updated the CAPTCHA plugin to provide the ability to implement the CAPTCHA widget on the Login form and the Forgot Password form.
CAPTCHAs still provide some level of protection against BOTs, but there are tools available now that can bypass all forms of CAPTCHA, including Google's reCAPTCHA.
Stop Forum Spam
Stop Forum Spam (SFS) provides a list of spammers that persist in abusing forums and blogs with their scams, ripoffs, exploits and other annoyances*. They provide these lists so that you don't have to endure the never ending job of having to moderate, filter and delete their rubbish. glFusion has integrated SFS to the new user registration, comment posts, and forum posts. Before a new user is allowed to register, or a comment is saved, or a forum post is saved, the user's IP address, email, and username are checked against the SFS database. If it is found, the action is denied. SFS blocks a large percentage of the SPAM / BOT attempts, but it doesn't catch everything.
New IPs, emails, and usernames are being used all the time by the BOTS / spammers, so it may take a little time before they appear in the SFS database. Because there can be a delay from the time a BOT or spammer starts their activity using a set of emails or IP addresses, we've implemented a feature in glFusion that allows you to check your existing users against the SFS database. It is a good idea to check your new registrations on your site weekly to see if they have shown up in the SFS database.
Bad Behavior2 Plugin / http:BL
The HTTP Blacklist, or "http:BL", is a system that allows website administrators to take advantage of the data generated by Project Honey Pot in order to keep suspicious and malicious web robots off their sites. Project Honey Pot tracks harvesters, comment spammers, and other suspicious visitors to websites. Http:BL makes this data available to any member of Project Honey Pot in an easy and efficient way.
Http:BL provides data back about the IP addresses of visitors to your website. The Project Honey Pot data indicates the type of visitor to your site, how threatening that visitor is, and how long it has been since the visitor has last been seen within the Project Honey Pot trap network.
glFusion provides bot and spam protection that does not rely on external services and they work reasonably well, but the crowd sourcing approach used by Google's reCAPTCHA, Stop Forum Spam, Akismet, and Project Honey Pot provide the highest level of protection and helps reduce the risk of false positives.
glFusion provides several tools to help combat BOTs and spammers. The multiple layers of defense help build a strong barrier to stop, or at least, significantly reduce the amount of BOT and spam traffic. I recommend that you use all of the tools available in the glFusion arsenal to combat the BOTs and spammers. If you need any help in setting things up, post in the Support Forums, there is always someone around willing to help.