First time here? Check out the FAQ!

Suggestions for antispam measures?

What can we do to prevent posting of spam links? Have a reputation limit, minimum number of posts? Anything else?

Links show in posts, user profile "about" and the "website" sections.

Evgeny's avatar
asked 2012-06-22 01:17:15 -0500, updated 2012-10-26 19:49:48 -0500
edit flag offensive 0 remove flag close merge delete


add a comment see more comments

7 Answers


Some antispam measures taken for Ask-Sage (an askbot-powered Q&A site for the Sage Mathematical Software System) recently (2016-01) were discussed in this sage-askbot-devel thread. Hopefully they can be useful more widely.

slelievre's avatar
answered 2016-01-08 05:21:24 -0500, updated 2016-01-08 05:26:55 -0500
edit flag offensive 0 remove flag delete link


add a comment see more comments

Please also log the IP address used to create the account so that an admin can review for clues to see if the user is posting where they say they're posting from.

For example, I got a one-line question on my hosted site asking about health insurance in NJ. This is borderline but probably off-topic for an expat forum. I posted a comment asking him to clarify, but I never got a response, so I closed and eventually deleted the question.

His account fits one pattern that makes me suspect it was a spam bot:

  • Username is in "Firstname Lastname" format, which is VERY unusual for my target audience; most expats I've encountered are extremely protective of their personal information.

However, I can't be sure.

If I knew the IP address that created the account, I could be more confident in deciding whether this is a legit account.

This would also be useful for detecting sockpuppet behaviors.

todofixthis's avatar
answered 2012-10-29 14:30:25 -0500, updated 2012-10-29 14:32:29 -0500
edit flag offensive 0 remove flag delete link


Great suggestion! I think to have the IP of the user is a must have.

Toms's avatar Toms (2012-10-30 02:49:29 -0500) edit
add a comment see more comments

A compilation of ideas:

  • disallow creation of accounts with certain email hosts that are common among spammers
  • disallow or apply higher reputation minimum for the users to post links and images anonymously
  • moderate users joining the site
  • require email validation before users can make posts (available in the repository as option)
  • add an option to prohibit or place a reputation barrier to post external links
  • track users IP addresses and be able to block offending IP's.
  • configurable minimum reputation to post links or embedded images anywhere (user profile, homepage link, content posts)
  • when new/low reputation user posts a link/hotlinked image it is not rendered as HTML, but shown in plain text
  • require "high quality" email address - not from mail server specializing on throwaway email accounts
  • block email alerts from low reputation users to be widely distributed, except for the moderators (available as an option in the repository)
  • force low reputation users to solve captcha when making posts
  • add conditions when posts are automatically placed on a moderation queue, based on the content and the user who makes the post
  • automatically place suspect posts on a moderation queue when content moderation is enabled and prevent the post from being published until approved or until user deletes the suspicious content
  • a tool for the administrator: find low reputation user profiles with external links
  • add a user action in the admin interface to block user and delete all created content, when user made an edit - try to delete their edits from the history.
  • tool for the admin: pattern-recognition based search for spammy posts
  • add flag reason for spam
  • support services for content checking services like Net Nanny, OpenDNS.
updated 2012-09-01 02:09:25 -0500
This post is a wiki. Anyone with karma >100 is welcome to improve it.
edit flag offensive 0 remove flag delete link


@pajju, sorry I have highjacked your post for the compilation, you actually had some original ideas, maybe if you want - you could re-post them separately?

Evgeny's avatar Evgeny (2012-10-26 20:54:57 -0500) edit

its perfectly fine, not a problem at all. :)

pajju's avatar pajju (2012-10-27 00:45:41 -0500) edit

How can I force low reputation users to solve captcha when making posts? Is this baked into a new version of askbot?

tom's avatar tom (2015-07-13 16:33:34 -0500) edit
add a comment see more comments

I'd like that every link has changed in a default text ( for example LINK SUGGESTED ) with mouseover event that show the link inside.

In this way i prevent the reading of classic spam url and the automatic click that some users do without thinking ( especially to shorted url ).

The best solution would be that this link excpet to be changed in the way that i suggest is that an internal antispam system and analyzer of dangerous url identify the url suggested showing it in :

red color if dangeorous

yellow if not sure but ..

green if ok

I know that is a big work but when we suggest a solution why not to suggest the best way?

Obviously if in the comment or answer or question will be also other kind of flag and not only OFFENSIVE but also SPAM could be useful to categorize it with other type of informations.

I Like AskBot's avatar
I Like AskBot
answered 2012-08-31 13:10:28 -0500
edit flag offensive 0 remove flag delete link



+1 interesting idea. Would be a major plus if there was already a content evaluation service with an API we could hook into to make the red/yellow/green determination (e.g., Net Nanny or OpenDNS content filters).

todofixthis's avatar todofixthis (2012-08-31 16:27:31 -0500) edit
add a comment see more comments

I just went through an exercise of removing the spam from the profile sections. Sneaky spammers putting links to really unrelated websites. Here is the query that i used

update auth_user set about = '' where reputation = 1 and about != '';

idea What if we disallow users to edit the "about" and "website" sections of their profile unless they have greater than 1 (or configurable) reputation.

Some alternative/supplementary ideas:

  • Things that can have links like the personal website or profile description when edited could come to the attention of the admin.

  • At the moment, I do a regular manual check myself of the profile descriptions to see and ban people posting spam in there.

  • Banning a user could also delete all of their posts. But that is less of an issue right now.

Jtrain's avatar
answered 2012-06-27 10:30:06 -0500
todofixthis's avatar
updated 2012-08-31 16:28:39 -0500
edit flag offensive 0 remove flag delete link


that's a one spam-busting query!:)

Evgeny's avatar Evgeny (2012-10-26 20:03:42 -0500) edit
add a comment see more comments

Is the problem spambots or human spammers? Doesn't Askbot have a Captcha for certain reputation levels?

Also, perhaps you could disable url conversion for a certain reputation level.

This could be applied to both posts and profiles.

A more complex solution might be to have urls hidden in low rep posts (and profiles) pending approval from a moderator.

powlo's avatar
answered 2012-06-25 12:21:49 -0500
edit flag offensive 0 remove flag delete link



It sounds right to prevent URL conversion to links depending on the reputation level.

Evgeny's avatar Evgeny (2012-06-25 18:33:48 -0500) edit

I like the idea of preventing URL conversion, at least until moderator review. But I suspect spammers would still post plain text links judging from my wiki and Trac systems. My "more complex" solution would be a category of post/comment that was only visible to the poster and moderators (or members with high karma) if it matched a regex blacklist, until explicitly made globally visible.

jimt's avatar jimt (2012-06-25 23:12:25 -0500) edit

Disabling links for low rep users, esp in their profiles. In particular, rewrite the URL with spaces so it is human not computer readable. Also, nofollow links for medium rep users. This would be great!

Joseph's avatar Joseph (2012-07-13 15:03:44 -0500) edit

I can tell you for a fact that spammers are googling for OSQA and askbot footer text, so they can drop links. Astrong antispam measure like I propose would be great!

Joseph's avatar Joseph (2012-07-13 15:08:39 -0500) edit

@Joseph why might it be worthwhile to rewrite urls? in what situations? what if we just display link as plain text without the anchor tag?

Evgeny's avatar Evgeny (2012-10-26 19:58:42 -0500) edit
add a comment see more comments

One suggestion would be to allow only openID services for login and not local ones, as discussed here. This way you can eliminate spammers, because users will have to give a valid account.

Now, for those who do give valid accounts but are still spammers and post questions with offensive content, there is always the community to flag and vote them down (I think afrer few flags, post is automatically removed from homepage, right?).

Last, for those who add a spam URL in their profile, I think you should just require some 50 points of karma to allow adding personal website or profile description.

zaf's avatar
answered 2012-06-23 13:59:56 -0500
edit flag offensive 0 remove flag delete link



We could hide the url by showing link text instead of the actual link and tell the user that it is hidden until their reputation reaches some threshold.

Evgeny's avatar Evgeny (2012-06-25 18:35:51 -0500) edit

Unfortunately spammers register "throw away" OpenID accounts.

jimt's avatar jimt (2012-06-25 23:27:13 -0500) edit
add a comment see more comments