Tag Archives: link spammer

How Forum Spammers Operate. How To Spam A Forum

Forum spam is a big issue if you own a forum. This title is probably going to bring in some folks, thinking ‘why the heck is he writing this here?’ We don’t need to know how they work, we just need to know how to stop forum spam.’

The simple truth is, if you know exactly how it’s done, and how it all works, you can then know what counter-measures you can invoke to help to combat this problem. Note how I said to “combat it”, and not stop it.

The only way to completely stop forum spam, is to stop people signing up to your site, and just have your own little website or bulletin board with six members.

There are two main types of spam: Human and automated.

This can then be split down into profiles, and posts. Posts are good as they give you the contextual links; profiles are OK, as they give a hyperlink to somewhere.

Human spam you just have to deal with manually as best you can. Automated spam you can do much more to prevent it happening.

If you consult Google, you can find numerous automated programmes like ScrapeBox, designed to create links back to other websites from forums, article directories, social bookmarking sites like Digg, Facebook, etc.

To perform automated spam, you need one piece of software, and a list of websites. That’s all.

The software is a matter of personal choice (or maybe cost), the list you can create your own (but nobody does that – they buy them), or they use the inbuilt software ones if they are beginners.

Creating forum profiles is easy with yet another piece of software.

To show how easy it is, go to Google and paste in “SMF © 2011, Simple Machines” – with the quotes. When I did it, I got “740,000 results”.

So that’s lots of forums to choose from.

The software allows you to create you own lists; we will now look at that, and your ‘niche’. Lets say your niche is antiques. It will then give you a list of quite a few thousand SMF forums, where Google has brought them for the keyword ‘Antiques’

Another way, is to look at the actual web addresses. Many forums have a custom URL structure, that runs throughout all pages of that software. /members.php as a simple VBulletin example. There are so many, so I won’t bore you with them all here on this article.

Having our target list, and our spamming software, we need to now set it up.

First things first: proxies (ability to switch IP addresses). Either purchased private ones (the usual type), or publicly available, yet slower ones (for the beginner). Either way, load these into the software, and it will switch and change as it creates accounts.

Next, email addresses. No need to worry too much, as the software will auto-create many for us from Hotmail, Inbox, Yahoo, AOL, Easy, Gmail, or any other free email provider like this. You can try to get around a few spam measures by using your own domain emails. It works just as well, just many spammers are complacent, and won’t want to click more than one button to make an email address that will never be used for anything else ever again.

Then we need to tell the software our account name. Many support ‘Spinning’. This is where you write the text like this {liked|loved|appreciated|enjoyed} and each time it posts, it chooses one from the brackets and so changes the sentence structure making the comments look to Google as unique. OK, much of it will be Indianglish crap, but Google won’t recognise that usually. So comments will get ranked.

Password, date of birth etc., they just click ‘auto create’ and the software does it. Including address etc…..

Now we have all we need to create a zillion profiles, and its taken about ten minutes – if that – to set up the software to get to this point.

We click start and off it goes. Depending on the computer speed, we may be hitting anything between five and one hundred forums at any given time. These are simultaneous connections.

The software goes off to the forums, finds the sign up page, and fills in all the details. I don’t see the forum on my screen, just a status update saying ‘Signing up’ etc.

Then we hit the captcha. There are three ways to deal with this:

Manually: A little box appears on the screen, with just the captcha image, and a small box underneath to enter the text. I can sit at the computer all day long entering these if I feel the need.
Software: A clever piece of software that sits on your computer and solves them for you. Works OK, but is no good with the Decaptcha (Black and white with squiggle writing).
The India/China/Pakistan Connection: The software many are using can use a service where the captcha images are sent to the developing world and solved by them, sent back to my computer, entered on the sign up form, and membership signed up in less than one minute. I have known it to be as quick as twenty seconds.
Sign up questions work the same: Just a small box appears on the screen, with the question, and a space for an answer. ‘What day is after Monday?’ ‘What is the last word in this phrase?’ ‘What is 3+4?’ anyone can solve these, even my toddler. Better ones like “Who is the president of Russia?” or “Who was Obama’s main contender in the last US election?” work better as Gupta doesn’t know the answer without Googling.

So, we’ve done all this, and the accounts are made. We then need to verify them. No problem, just let the software run, it logs into AOL (or wherever), downloads all the emails, extracts the sign up links (it knows the URL structure) and clicks them all.

Hey Presto! An hour later, and maybe a thousand verified forum profiles. Next we need to log in and post our details. A bio would be nice (and if we can link in it, even better). Make the bio about what our site is about (remember links come from pages with relevance) and a link back to our homepage. How many forum owners allow members to post their homepage in their profile? If the signature appears on the member page, we’ll post something there as well.

That’s it, all done. No need to post on the forum itself, unless you want to be banned. The software also tells us if our profile is publicly viewable, if the admin have to activate the account and anything else that would cause the process to fail.

The link that is placed on a forum profile isn’t really worth much, and so normally points to a page that then links to another page (linkwheel), which may link to another page (inner circle , and then to the persons main site (the money site). So you can see they are used pretty low down, but still worthwhile for getting things indexed. All that Google juice passes through. Forum links matter when done en masse.

So, how can you clamp down on these spammers? Make member profiles visible to only logged in users is a big one. If Google can’t see them to index them, why would a spammer want a link there? It won’t stop all accounts, but will help a lot.

Ban free email accounts, or if you can, have @gmail, @hotmail on admin approval some people say, but that’s crap. Almost everyone uses a free email account. That blocks genuine members.

Change your questions to the not so obvious as mentioned already, and change them each month! Some software now learns the answers to these questions, and share them on a remote database to Indian and other spammers.

The ‘sought after’ profiles, are those that come from high PR forums and .edu domains. Many of these may be signed up to manually, and indeed a little industry has built up around this activity, with people selling monthly lists.

I read on a site last week, someone said they left their membership open, and now had IP, email and usernames of over 1000 spammers and they would share them so they can be added to a blacklist. This is a totally pointless and not worthwhile exercise, as I explained, the email, IP, user, whatever, can all be changed at the click of a button.

Normally, all details are changed per run that is performed. So banning an email address is OK, but just remember the chances of it being used again in your forums lifetime is slim to non-existent. Continue reading

Posted in Media | Tagged , , , , , , , , | Leave a comment