Is there a way to test a websites spam protection? I did some things to my site to protect it from spambots. It appears that it is working, but I'm not sure. Is there any way to test it?

Wait. Really, that is about it. Eventually of course spam will get through, they usually do. Until they figure out a loophole all you can do is see if you get more spam on the site, if not...success.

What did you do?

I know you can put some code into the .htaccess file that is on your Public_html folder to help prevent spam.

I didn't even think about checking the access, error, and traffic logs for known spammer IPs.

Would you happen to know by any chance if blocking known spam IPS via .htaccess would slow your site down if the list got really big? I would imagine it would eventually.

Mmm...Well you can also add a line of code to the Htaccess file to help prevent server overload. I have been using wordpress for awhile with many plugins and my site was being throttled because of all the scripts trying to load...But just by adding some code to the htaccess and optimizing the php database the throttling quickly slowed down.

Ok - quick question..what are you using for your site that you want spam protection for?

I installed the Spambot Search Tool by Steven Burn, Smurf Minions, and added the code to my SMF registration forum. I also banned known spambots from my site manually by manually checking them with the spam checker. I also added a few packages to SMF for spam control.

I also added a honeypot, but it's not getting any action.

I can't remember everything I did, I think that's about all.

I want to keep my forums spam free. I don't have any member yet so it's not a problem now, but I figure if I take some preventative steps, it will help out once the site grows. Also, I want to prevent harvesting of member data.

What site do you have, Totage?

I don't want to post it in the forums, but if you google "Totage Hosting", it's the first result.

wow, thats alot. lol. I've never delt with SMF forum before, but you can still modify the htaccess file to prevent spam-bots, password protection, and other security features. I'm sure if you google "htaccess spam prevention" or "smf htaccess security" you might be able to find some good advice. Unless someone here on the forum knows ALOT about SMF Specifically?


Or, wait till your forum starts getting members..I haven't personally seen alot of forums that get spam; but wait till they show up and see what happens. Then from their block their IP address.

I'll look into .htaccess. I didn't know you could add code to prevent overload in the .htaccess file. Thanks for the suggestion.

I still have a lot of work to do on it. I've been reading a lot of good articles.

Best bet is to secure your public forum to member only access. Not quite sure how you would do that with SMF, but I'm pretty sure there has to be away. Keep the guest forum open to posting, this will help field out spammer IP's. But I would personally restrict viewing of the rest of the forum to registered members only, that in theory should keep your spam to only the guest part of the forum...again, that is only a theory, but from experience with the forum I was admin too they hit what they could see...limit what they can see.

I allow guests to read the member forums so that the good bots like Googlebot can crawl the forums, but banned members can't view anything but the banned list. Only members can view member profiles. I may restrict this only to members who have a certain amount of posts though. I think e-mail addresses are hidden by defualt.

I'm working on some crazy promoting, so I'm expecting to get tons of traffic pretty soon (or atleast start to). I think getting more traffic should help me see things better. I'll keep an eye on my logs.

Disallow guest posting. That's the number one rule before anything else.

I'm assuming you have the captcha turned on. If not, turn it on, that stops 90% of spam right away.
If you are on a 1.1.x version, you can install add-ons that provide captcha.

custom.simplemachines.org/mods/index.php?mod=1519
This mod works on 1.1.7, .8, .9, and the last time I used it, 2.0RC1.
This is one of the most effective mods I've seen. It also uses a 'community' lookup, so anyone else using the mod that gets spam adds to the list of blocks. Of course, this can be turned off if it's abused.

Next up, unless you have a VERY international userbase, blocking certain country code domains will cut down drastically on spam:
Go to Administration -> Ban List -> Add New Ban
Name it, say, Russia
for the actual ban, use
*@*.ru

Do the same for .pl, .cn, and .sg (poland, china, and singapore)
I also add .a1, .a2, .ng, and .lt (anonymous proxy, satellite, nigeria, and lithuania)

There's a pretty simple code edit that will disallow registrations from certain timezones. Did you know that the default timezone if you don't select one is in the middle of an ocean? Do you think it very likely that someone is creating an account from there?
Do be sure to add a blurb so that non-bot users know they have to select a timezone. This cut out 99% of auto-registration bots (and thus 98% of forum spam) when I last used it, and that without ANY other modifications. Some auto-reg bots have gotten 'smarter' and now select a timezone, but it's still very rare.

So, think this'll do ya for a while? ;>>

Thanks,

I'm writing my own script from scratch now. Actually I'm just throwing a few tutorials together and hacking my own script to give me the basic features I need. Once I get the basic features up and running, and a standard theme, I'll move on to tweaking the features. I'll be using CAPTCHA for the reg and post forms. I'll also check for known spambots using a nice script I found.