Spam Posting Scam! A Threat to Open Forums

A few months back when we installed Drupal CMS, we were new to CMS and we did not know what should we do with such a vast system of CMS. It looks to us now that the CMS control and administration is really a great painstaking job if you want to have a website run for your fun, and as a part of your community service. We mean if you want to have a website that is dedicated to your profession, community, or your area of expertise, and especially if you do outside your paid job as a timepass work. It is because you can create these different topics, categories, and forums as you move on with your own time. But, once the volume of information increases, and categories increase, then comes to controlling the spammers. You don't have to control nice peoples, because they are your patron and you are serving your website to them, and they are routinly visiting your website such that the value of your website depends on this type of people.

However, the world also has a bunch of bad guys, exploiters, and thuggs. Who are they? They are the same people who send you 1000s of emails in your free email addresses like in yahoo, gmail and hotmail offering fake products, and you must have noticed they try to learn and fail theory probability: ask them how many ways can they have permutation and combination from words like Viagara and Cialis or Pharmacy or meet Asian girl, white girl, blonde girl...... . We are tired of these freaks. For Yahoo, Gmail or Hotmail, the emails are sorted by employed people with a very small amount extra charge per user compared to the total number of members they have. It should not have happened, but the cost per user is negligible. But in the case of small business house or individuals like we people, who are trying to use free time for the community, these freaks post series of spams on our website forcing us to shut down the 'comment' posting option to unregistered visitors. We changed the option to 'need administrator's approval for first time posting', then we suddenly got a flow of posts from them for moderation. So, it is now forcing us to completely shut down that option provided by the programmers at Drupal CMS for our visitors. The volume of such spam is so high that we have to ask each visitors to register, and start posting.

At the end of day, these spammers will find a trick to register and start posting. We are sure they will develop a software, and register their name and start posting their spams everywhere in my website. Then, we will have to introduce random number authentication code, and ask them to verify the registration via their email. How far should we go? Because of them, the visitors are suffering. The nice visitors don't visit only our website, they do visit several others at least 100s, so are we not frustrated with such registration requirement? Everywhere we go we have to spend a good time on registration? Should we do this? or, we give up our part of contribution because of such complicated requirement? Majority will give up. Should not government impose rules against violators? Well, the human rights group will shout again "our personal rights are taken away.....", and what about my personal right to have easy access to these websites? By having complicated rules for registration, are we not on the other side of aisle? We wish these fakers are punished, and we are relieved of introduction of these extra rules in our website CMS. That is our wish, and we know it won't be fulfilled. We will continue to get additional rules. We are tired of the spammers and forcing our loyal visitors to pass through next level of check point. Like many people they gave up AirPlane journey because of excessive rules, and check points, and we are wondering the visitors to our website will also give up contributing something worthy because it needs their extra time, which they don't have.

So, what? What could be the best solutions to such problems?

1. Use manual authentication using the picture method as most websites do.

2. Don't go public. Too nice is not realistic in this world. You can not be nice to everyone. Draw a line "Laxman Rekha" as in Ramayana.

3. Use reference method. Ask your new users to provide three "virtual" referees. Google's Gmail model. Or, confirmation by email or textmessage method. So, that you can track the bad guy.

4. Ban the whole domain name. It is not a cost effective solution. Lets create a cooperative that lists of all banned websites.

5. Credit Card vertification method. Too theoretical. Not a practical approach.

6. Look for some robust joint approach. United we stand, divided we fall approach.