Spammer IP blacklist and vBulletin

[MarkOwner]

The best way to block spam is by an IP blacklist, whether it be email spam or forum spam. A shared IP blacklist, similar to Spamhaus.

Computerized spam tools based on content fail often -- marking legitimate content as spam, and missing spam content. This is why I don't use AKISMET. To blacklist an IP address based on a computer's judgement is risky.

There is no substitute for a human. Computers are not very intelligent, and won't be for years to come.

Just as spammers use humans in India, there's surely a good business in using humans in India to identify spam, then put the IP address into a blacklist. They could track multiple forums, some honeypots and others legitimate.

They could make extra money hired as first-cut moderators of forums, especially for forums on the other side of the world when the real moderator is asleep.

I hate waking up to 100 spams. I'm sure many others do, too. With enough customers, this could be good repeat business and a scalable business.

Why are the spammers the only ones trying to make money on cheap human labor? Spam profitability is based on bulk, low quality labor. It should be easy to beat. Economically, the defense should be dominant.

You may not want a moderator in India reading your private email and may prefer Spamhaus, but public postings in forums is something you would want a moderator in India reading.

An important joint step required is having this feature added to software like vBulletin -- to access an IP blacklist for blocking posters. And an option to block everyone on the whole Class C or even Class B segment of each IP address in the block.

I don't want to block everyone in India, China, and Russia, but blocking everyone within a class C or B segment would be reasonable.

This could make vBulletin hot. Spamming is one of the biggest headaches of forum moderators. Already, vBulletin's Q&A has cut my spammers from over 100 per day to just a few, which is why I came back to vBulletin.

However, the spammers will adapt to Q&A as best they can. The nail in their coffin must be (1) IP blacklists, and (2) humans. If the IP's of the spammers can be blocked, they will go out of business. This 1-2 can make the defense to be economically dominant over the offense.

[beishe8]

If the IP's of the spammers can be blocked, they will go out of business.

The problem is that the IPs are dynamic.
Blocking a range of them could block out:
a whole ISP.
a whole country.

Your forum could be still accessed through a proxy.
There are many of them.

[David Grove]

A shared blacklist, contributed to by forum owners, can easily be tainted thus making it worthless and even counter-productive and eventually you would have to stop using it.

[MarkOwner]

I disagree. You can never eliminate 100% of spam, but you can easily eliminate over 90% of it by raising the level of difficulty. For example, if you want to stop burglars of a big factory, then adding some security cameras, nighttime lighting and a cheap dumb security guard won't eliminate all burglars but will cut out over 90% of them.

The success of spam is based on its ease and cheapness. The key to stopping it is defense dominance of the economics.

The criteria of success should not be blocking all spam, just like the criteria of car safety is not preventing all injuries and fatalities.

IP addresses are dynamic, but not extremely dynamic. A blacklist expiration of 2 weeks or 1 month is an option. A whole country won't use a class C address. Proxy addresses can be banned as they are discovered, and the requirement of creating proxies reduces the cheapness of spam.

Putting spammers out of business may also not be a goal. Just force them to get off your back and go after easier targets. Not every forum webmaster would use an IP blacklist, and not everyone has vBulletin, so it seems that if the smarter webmasters use vBulletin and an IP blacklist, that may be effective as the spammers go for just the cheap and negligent forums. Lots of forum software isn't updated well.

If 1% of webmasters use an IP blacklist, that's still a market of ... thousands of subscribers per month? How much is that worth, even if at $5 per month? I would happily pay more than $5 per month to reduce my time and workload in deleting spam.

We won't know the efficacy of this until the software gives us a chance. All the software needs to do is access a file or database with a list of IP's, one per line, including wildcards like 123.234.51.* to block entire Class C addresses. It seems a fairly simple addition to the software.

I use an IP database on some of my websites and it's fairly simple. There's already big business in geolocation IP databases. The basic mechanisms are well trodden already.

As regards the last counter-argument that an IP blacklist contributed by forum owners could easily be tainted, I never suggested that this be an open IP database whereby anyone could submit IP addresses to blacklist. It would be a service offered by some humans, say, in India, connected to known webmasters of *established* forums around the world. Every user those particular forums ban for spam would have their IP go into a list of banned IP's. That could be passed on automatically.

[David Grove]

As regards the last counter-argument that an IP blacklist contributed by forum owners could easily be tainted, I never suggested that this be an open IP database whereby anyone could submit IP addresses to blacklist. It would be a service offered by some humans, say, in India, connected to known webmasters of *established* forums around the world. Every user those particular forums ban for spam would have their IP go into a list of banned IP's. That could be passed on automatically.

That helps me understand better. What you describe is not too different than the Akismet service, although Akismet is fully automated (I think). Have you tried running new users' first 3 posts through Akismet? It's killed almost 100% of new user spam for me.

[MarkOwner]

It's not clear whether Akismet already uses the IP system to help identify spam, as there is indication both ways, that it does and it doesn't. They don't talk about how it works (which is best!). I don't know if the IP information is passed on to Akismet, as I've never used Akismet and analyzed it.

On the one hand, I would guess Akismet does use IP information because the wiki article notes that "Once a commenter is flagged as a spammer, it becomes difficult to participate ... because comments are sent to the spam queue before approval or deletion." However, that could just be the username.

On the other hand, how can someone get flagged as a spammer for just one message triggering a spam flag, if Akismet really puts much weight on the IP address in its analysis?

The Wikipedia article on Akismet, as well as the Akismet site itself, indicate that Akismet is designed for blogging, especially using WordPress, but from this forum it appears that that it has been adapted well to forums, so one conclusion is that the Wikipedia article and Akismet site could both use some updating.

Then there is the issue of how much overlap there is between forum spammers and blog spammers. How do the spammers find us? Google searches for forum software including vBulletin?

The wikipedia article notes that "Many bloggers have complained of commenters being wrongfully flagged as spammers." This is like problems with normal email spam, when I and my staff miss valuable business email. Granted, a forum is not as important as email, and everyone's needs and thresholds are different. Nonetheless, it does raise questions about the Akismet algorithm and weighting of IP address.

Anyway, Akismet does look like a most reasonable solution, with inputs for analysis coming from their established network of approved blogs, and something to build upon rather than reinvent the wheel, if its creators are willing ... or its competitors.

In any case, in my analysis, the IP address seems to be a most important factor to weigh for best signal:noise ratio, given such an established network of forums/blogs in cooperation.

There won't be any substitute for a good human for at least the next 10 years, most say 20, when computers will become more intelligent than humans. (Imagine the beginning of that era ... and computers blogging computers ...)

[Thomas P]

There is a forum owner's spam RBL @ www.stopforumspam.com and there is hack to use it for vBulletin @ vb.org.

Very helpful...

[cnutter]

I simple way to effectivly block spammers access to your vb websites is create a forum that all users have to post in before they gain access to the rest of your forums. SO even if they manage to get past the built in reg anti spam settings they are stuck for a set number of posts.

On my forums We call it the kindergarden and require people to make twenty (your number can very based on your needs) posts before vb automaticly moves them into a new user group that gives them access to the rest of the sites forums. The automatic upgrade in user status only happens once a day so we have time to ban and remove any spam that makes it though the reg process and into the kindergarden forum. We havnt had a spammer get though to the main forums on the site sence we started using this method 2 years ago.

Basicly it allows us to screen out spammers that make it though the built in vb antispam stuff.

[Bluesman]

There is a forum owner's spam RBL @ www.stopforumspam.com and there is hack to use it for vBulletin @ vb.org.

Very helpful...

Thank you for that link! It is literally a Godsend. I have been battling spammers for more than 2 months now and have been looking for an IP/Domain list that I can cross reference. It will make my job much easier.