Thread Rating:
  • 1 Vote(s) - 1 Average
  • 1
  • 2
  • 3
  • 4
  • 5
My spam / shill / astroturfing protection strategy - feedback?
Hi all,

I am preparing a forum for a community that has a probably quite unique situation which holds great potential to minimise or even avoid spam, shill posting and astroturfing entirely. The following describes my approach to achieve this, and I would be grateful for anyone's feedback on this:


There is a known maximum amount of users, around 20.000. There will never be the need for any user to sign up who I or the moderators do not know beforehand.

The users are divided up into clusters of around 30 to 60 people per cluster, and these people know everyone else within their cluster in real life, and meet several times a week eye to eye. This means there is a very high level of real life social control.

Each of these groups will have their own "private" forum that only the people they actually know in real life can use.

All those groups also use a shared common "global" forum, which they use to communicate about a passionately shared cause.


Each group has a moderator or two who take care of the group's private forum.

I have ways of verifying that each moderator of a group actually is who they say they are.

I send a number of invitation codes to each group's moderator every few months.

Users can sign up by invitation only (plugin), using their invitation code which they receive on a strip of paper from their group's moderator, who of course knows them in real life, so knows they are legitimate users.

Via a specific pre-set "report as spam" button (plugin), I use the largely responsible and mature user base to quickly report any spam, so I use their eyes to make sure I don't miss any spam posts / accounts.

I use email verification, captcha, and disallow all guest postings.


How likely do you think it is that among thousands and up to 20.000 people who all belong to a great and pretty responsible, but not too computer sassy community, someone sooner or later will have their account hijacked?

What other ways can you see that this sytem can be broken, and fake / shill / astroturfing user accounts can be created?

I would very much appreciate if anyone could point out holes and room for improvement in this system.


Hi Matt,
i think on a large Community you have nearly no chance to have no security problems. The accounts will get hacked for shure, at least by social hacking.

If i where you i would make shure that autologin is disabled and the cookies should get invalid in time.
I would force the Users to change Passwords on a regular base.

btw: it might help you to set newly created accounts to moderated until they post there very first Posting which you verify.

Thanks, very helpful advice. Will disable autologin and make cookies expire, also of course force regular password changes. The latter will have to be a compromise between security and user acceptance, maybe every three months is a good starting point.

Not sure if I need to moderate new user's until I (or one of my moderators) sees their first post. Reason why I think that is not necessary in my case: Members will join the forums by invitation only anyway, and the generally very responsible user base will report any spam or otherwise malicious posts pretty quickly anyway, via a special "report as spam" button (plugin).

Please tell me if you think there's something wrong with that train of thought.


Spamer usually log in and start spamming right away. If they are Moderate from beginning .... Wink
It is just the last wall to claim.

I use a plugin for this in my Forum, the first two days after account creation and until they post 2 "good" Postings everybody is moderated. After 2 good Postings they change automatically to unmoderated.
I guess you are right. It can't hurt to put people on moderation for a short while, and even a short while will weed out 99% of all spammers that should get to that point.

Think I will do that.

If anyone has any other thoughts about my strategy, I'm always keen to learn more, let me hear!



Forum Jump:

Users browsing this thread: 1 Guest(s)