While 1.1.4 added some spam prevention tools, XenForo 1.2 takes these further. This is by no means the end of our fight against spam though.
In 1.2, we've mostly focused on adding support for APIs and adaptable spam prevention techniques. Let's look at a few.
Deeper Stop Forum Spam Integration
We actually detailed this a long time ago. While 1.1.4 added support for checking a DNSBL that used the Stop Forum Spam database, 1.2 has a much more configurable integration:
In addition to simply checking registrations against SFS, you can also get an API key and submit back to them automatically when spam cleaning a user.
If you opt to use the SFS integration to check registrations, the Tornevall DNSBL will not be checked.
Project Honey Pot HTTP Blacklist
In addition to the existing DNSBLs, you can sign up for a Project Honey Pot API key to check their blacklist. While this often overlaps with SFS's database, there are some variations.
Message Content Checking: Akismet and Spam Phrases
Up until now, we've focused on preventing spam registrations. While that's the ideal situation, it's not always possible to detect spam until you see what they actually try to post.
Here, we provide a simple "spam phrases" option, which uses simple pattern matching (or regular expressions) to detect spam. For example, here on XenForo.com, the vast majority of the spam we see fits a particular profile that can be matched with "watch * online". Content matching these phrases will be rejected or set to be manually approved. The checks are done on posts, profile posts and conversations. In situations where manual approval isn't possible (such as in conversations), the messages will be rejected.
To limit the potential for false positives, the checks are limited to only the first few messages by a user.
Then there's Akismet. It provides an API that uses various heuristics to tell you whether the message being submitted is spam. Note that depending on your site's purpose, Akismet may not be a free service.
Spam Cleaner Can Delete Sent Conversations
To help deal with conversation spam, the spam cleaner can now (optionally) delete all conversations started by the spammer. This will remove the conversations from the inbox of anyone that received them (and update their unread conversation counts).
For Developers: General Spam Prevention API
There is now a SpamPrevention model that is called in various scenarios. You can simply hook your spam prevention call into the correct position and return what action to take. This is called in the following situations:
In 1.2, we've mostly focused on adding support for APIs and adaptable spam prevention techniques. Let's look at a few.
Deeper Stop Forum Spam Integration
We actually detailed this a long time ago. While 1.1.4 added support for checking a DNSBL that used the Stop Forum Spam database, 1.2 has a much more configurable integration:
In addition to simply checking registrations against SFS, you can also get an API key and submit back to them automatically when spam cleaning a user.
If you opt to use the SFS integration to check registrations, the Tornevall DNSBL will not be checked.
Project Honey Pot HTTP Blacklist
In addition to the existing DNSBLs, you can sign up for a Project Honey Pot API key to check their blacklist. While this often overlaps with SFS's database, there are some variations.
Message Content Checking: Akismet and Spam Phrases
Up until now, we've focused on preventing spam registrations. While that's the ideal situation, it's not always possible to detect spam until you see what they actually try to post.
Here, we provide a simple "spam phrases" option, which uses simple pattern matching (or regular expressions) to detect spam. For example, here on XenForo.com, the vast majority of the spam we see fits a particular profile that can be matched with "watch * online". Content matching these phrases will be rejected or set to be manually approved. The checks are done on posts, profile posts and conversations. In situations where manual approval isn't possible (such as in conversations), the messages will be rejected.
To limit the potential for false positives, the checks are limited to only the first few messages by a user.
Then there's Akismet. It provides an API that uses various heuristics to tell you whether the message being submitted is spam. Note that depending on your site's purpose, Akismet may not be a free service.
Spam Cleaner Can Delete Sent Conversations
To help deal with conversation spam, the spam cleaner can now (optionally) delete all conversations started by the spammer. This will remove the conversations from the inbox of anyone that received them (and update their unread conversation counts).
For Developers: General Spam Prevention API
There is now a SpamPrevention model that is called in various scenarios. You can simply hook your spam prevention call into the correct position and return what action to take. This is called in the following situations:
- When a new user registers
- When a user is spam cleaned (to submit spam users and spam content)
- To determine if the user posting a message needs to be spam checked
- When a message is submitted
- When a message that was moderated because of spam and is approved (submitting "ham")
