I would like to make an update to my original post. Since I have installed and updated the site, I have gotten no SPAM messages and it looks like a success, at least for now. Apparently the program that the spammers were using against me hit a brick wall with the new additions. This does not rule out future attacks but this looks to be a good start.

I am posting what I have done to help with the SPAM on my phpBB forum. In the course of my investigation I found that most of the SPAM is not to advertise to my members but to get a better search engine ranking. Below is a list of procedures. I’m not sure if any of these will work; I will eventually give an update.

Update – I updated my phpBB version from 2.0.19 to 2.0.21. There didn’t seem to be any security related fixes for my current problem but it is always a good idea to stay current.

Enabled User Email Confirmation – I should have done this from the very beginning. Under the General Configuration option there is “Enable account activation” which was set to none. By setting this to user, a user will have to verify their email first.

Stop Spambot Registration Mod – (http://www.phpbb.com/phpBB/viewtopic.php?t=435694) This is one of the many mods out there that tries to stop SPAM bots. The comments were pretty good for this one. Basically it displays “do not add any profile information” and if you do then you get canned. This compares with some other mods that have a hidden field for the URL and if they enter it then they get canned (no human would see it anyway). There are some comments that the bots are catching on to this so I will have to just wait and see. Installation was fairly straight forward although I do no use the sub_silver skin and had to modify the skin that I use.

Admin Userlist Mod – (http://www.phpbb.com/phpBB/viewtopic.php?t=117359) This isn’t strictly a SPAM mod but it is a good administrator add-on. It lists all of the users and lets you quickly ban or delete. I think this should have been added a long time ago. Fairly easy to install and no problems.

The ongoing saga of SPAM on my website

Looks like I got hit again and this time it was hard. This one was directed at my Nucleus CMS blog. My problems are not fixed yet and a related article can be found at http://www.astahost.com/spam-problem-forums-t13969.html.

It started when I checked my email that I have all my Astahost traffic forwarded to (which is also my main account). I knew it was bad when I had 500+ new messages from comments on my blog. After deleting all of the messages I checked the blog and every single post had around 15 new comments advertising quite nasty things. Fearing that things would only get worse and I would have another 500 messages tomorrow, I decided to disable the blog and investigate later.

According to an article at SecurityFocus (http://www.securityfocus.com/news/11420), bot nets are behind a lot of the recent SPAM plaguing the Internet lately. The investigation on my problem seems to support that hypothesis. All of the comments were from different IP address yet held the same advertisement. Some of the comments could have been duplicate IPs but after my twentieth visit to www.dnsstuff.com to do a reverse IP lookup, I just gave up. From the recent SPAM on my forums to this recent happening, it is clear that I am on “the list” and I better batten down the hatches if I am to stay on the Internet for more than a week. Here is a list of things that I hope will work.

Implimented

Update software – I am running Nucleus CMS from http://nucleuscms.org/. The old version was 3.22 and I updated it to 3.24. There was no fixes for SPAM particularly but I figured it would be a good idea to keep the install current. The installation was absolutely no hassle. Since only minor changes had been made, all I had to do was copy the updates files over to the servers. No configuration files were included so I didn’t have to worry about my custom skins being affected.

NP_Captcha – (http://wakka.xiffy.nl/captcha) This adds captchas when registering or posting a comment. Since I think all of the SPAM was from a bot network, this should squash all of the current SPAM issues. I also liked this solution because it was very easy to implement and requires no on going matience.

Most of these solutions and more can be found at http://wakka.xiffy.nl/plugin_by_category?s=spam

NP_Blacklist – (http://wakka.xiffy.nl/blacklist) I didn’t try it but this seems like a more robust solution because you can make your own blacklists.

NP_SpamBayes – (http://wakka.xiffy.nl/spambayes) If you are going to run a blacklist then this looks like the way to go. You can train the filter to what is accepted and what is SPAM. I really didn’t want to go in this direction because I just don’t have the time to train a filter. I can go long periods without even checking the site so I think this would not really help any.

NP_Spamtrap – (http://www.slavespath.net/gifts/nucleus/) I couldn’t get to the site because the corporate firewall didn’t like it but the description look interesting.

NP_GlobalBlacklist – (http://wakka.xiffy.nl/globalblacklist) This appears to be a community generated blacklist that is no more. The link is broken but once again a good idea worth mentioning.

Unrelated “Fun” Stuff

While poking around the plugins page I found a few other things of interest.

NP_Poll – (http://wakka.xiffy.nl/poll) This will create a poll on your blog. Not much use but it just looked too cool to pass. The install was easy but implementing the poll in your post is somewhat of a pain because you have to paste a special code for each pool.

NP_SystemInfo – (http://wakka.xiffy.nl/systeminfo) This also seemed useful. It shows every version number and system statistic that it can get its hands on.