Skip to content

Protect YAF.NET against Spam BOTS

Jump to bottom Edit New page
Ingo edited this page May 23, 2015 · 2 revisions

How to protect your Forum from Spammers

With the following Documentation we will Guide you on how to protect your forum from those unwanted Spam bots

Registration

The first step to stop spam bots is from detecting them during the registration and block them.

Captcha

Captcha's are used to detected if the person who tries to register is really a human and not a BOT, but those days and they can be easily broken by the spam bots.

So consideer this only as a little step from blocking them.

YAF.NET has two types of Captcha System, which can be set from within the Host Settings > Features Tab > Captcha Settings > Enable CAPTCHA/reCAPTCHA for Register...

  1. Yaf Captcha (Internal Captcha)

    This is a really simply captcha, and it's not really recommended to use it.

  2. ReCaptcha is an external System by Google, to use it you need a for you Site specific reCAPTCHA Site/Secret Key.

    You can get one for free from google.com/recaptcha/

ReCAPTCHA DEMO

Detected Bot's automatically

YAF.NET provides multiple ways of detecting Spam Bots during registration via...

  1. External Anti Spam APIs such as StopForumSpam.com and BotScout.com

    Those services check the user's ip address, email address and user name against there database. And report back if that is a known user (YAF.NET also provides the opposite way of reporting spam bots to their service).

    In the host settings > Bot Spam Settings (User Checking) > Choose a Service for Automatically User Bot Checking. There are multiple options to use that services by using only one, or both combined. Which means both services have to make a positive detection, or at least one have to make a possitive one. The recommend solution is to use the Setting StopForumSpam.com or BotScout.com (Needs Registration).

    Both Services needs (free) registration in order to use them you can get a BotScout Key here and a StopForumSpam here. The keys needs to be entered in the host settings under Bot Spam Settings (User Checking).

Handling of Bots during Registration

YAF.NET provides multiple options of what to do when such spam bot is detected...

  • Do nothing
  • Approve User & Send Admin an Email
  • Block User (Recommended option)

In each case the detection is logged to the event log and spam log.

YAF.NET has also it's own Database to block & detected known ip addresses, user names and email addresses. Once a bot is detected via the external Anti Spam Database you can set up YAF to log that user in to the internal database via the Setting Host Settings > Bot Spam Settings (User Checking) > Automatically Ban Ip Address of Detected Bot.

The Database of banned ip address, user names and email addresses can be viewed and edited from within the Admin Interface under Admin > Spam Protection.

NOTE: If you do not want to use external Databases the StopForumSpam.com database can be imported directlly in to YAF.

  1. Internal Spam Check Words this system checks for spefic words (including urls). In the case of the registration it checks the information provided from the user profile. This system also checks user profile changes after the registration, this also includes the user signature.

    This system is always turned on. There is already a list of highly used words by spammers included with YAF.NET, when you install or upgrade.

    You can see the list of existing words under Admin > Spam Protection > Spam Check Words, and of course add your own ones (the system supports REGEX).

===================

Content Checking

YAF.NET can also detect spammer's when they are trying to post spam content on the forum. Simliar to the registration process there are multiple external Services available and multiple options of handling positiv detections.

SPAM Service

Under Host > Host Settings > Spam Settings (Content Checking) > Choose a SPAM Service for Automatically SPAM Checking

  • BlogSpam.NET API
  • Akismet API (Needs Registration)
  • Internal Spam Check Words (Recommended)

At this point the only one which is relieble at the moment is the Internal Spam Check Words system.

Handling of as SPAM Detected Messages

Under Host > Host Settings > Spam Settings (Content Checking) > Handling of as SPAM Detected Messages you have multiple options of what to do with the user and or the post...

  • Do nothing
  • Flag Message as Unapproved - So it needs to be a approved by an Moderator or Admin.
  • Reject Message
  • Delete & Ban user (Recommend if you use the Internal Spam Check Words)

To prevent real users from being accidently detected by the system you can define a number of posts a user needs to have before he or she gets excluded from the spam check under Host > Host Settings > Spam Settings (Content Checking) > User Post Count to be ignored from Spam Check

YetAnotherForum.NET (YAF) the Open Source Discussion Forum for ASP.NET - http://YetAnotherForum.NET

Copyright © YetAnotherForum.NET & Ingo Herbote. All rights reserved

Add a custom sidebar

Clone this wiki locally