I have a few ideas for potential ways to stop bulletin board spam that I'd like to throw out there to see what others think. I don't know if I'll necessarily be working on them, though there is a small chance that I will, but maybe others would be interested in implementing them. My apologies if these have been suggested already - I tried skimming the more recent anti-spam posts and didn't see these ideas mentioned.
My first idea is distributed, collaborative moderation. People who run boards would join together in groups with others who run boards and their moderation would automatically be shared. Each administrator would have the ability to mark a post as spam. Once enough people mark something as spam, it would automatically be hidden for all boards in the group. For example, say there were 100 boards in the group and 3 administrators marked posts coming from IP address 10.10.10.10 as spam - all recent and new posts from that IP address would then automatically be hidden from all boards at that point. The same thing could be applied to URLs. For example, once 3 administrators mark posts containing
http://www.example.com/ as spam, all new posts with that URL would be hidden (I wouldn't retroactively hide previous posts in this case given that somebody could set up a Joe Job to censor a post they didn't like).
My other idea is SpamAssassin style scoring for posts. Rather than just relying on a single test (such as bad words) to determine if a post is spam or not, run a plethora of tests which all contribute to a spam score. If the score is above a certain threshold, the post is hidden by default and will require moderator approval to be shown. The threshold would be higher for registered users than for guests and it would be much higher for trusted users. The scoring engine should be biased toward keeping the score very low if there are no URLs in the post or signature. It might actually be worthwhile to pipe the posts through SpamAssassin itself, just to get something working quickly.
Those are my current ideas - I have kind of implemented one of them in a very rudimentary fashion, but I don't want to get into details because it isn't robust enough to withstand spammers with full information at this point. Recently, what has worked well for me was modifying some of the captcha code so that the captchas on my sites are different from other phpBB sites (the spammers can automatically decode the default captchas). The most foolproof spam guard, though, has been just adding code to send me an email alert when there is a new post so that I can review it right away. This lets me catch 100% of the spam fairly quickly, though it can be tedious, so I'm frequently on the lookout for other potential options.
- Tim Macinta