Comments and forums seem like an odd place for spam especially when they don’t permit HTML. What could a spammer gain?  The only thing I can think of is possibly a link to their profile. Yet, last week a company I know was hit by a massive spam attack on its forums.  Based on volume and frequency and the inclusion of HTML (even though it clearly didn’t render) it appears that the attack was fully automated, including the creation of user profiles.  User profile creation required an email account and clicking on a confirmation link to activate the profile.  So likely there was nothing to gain here at all, just a spam bot plugging away.

A first hint that the attack was emanating from China was that the bulk of the email accounts used in the attack were with a Chinese portal.  Since the company wanted to keep its profile database clean, the first defensive step was to add a Recaptcha to account creation.  Implementation of Recaptcha was easy and did successfully stop bogus account creation (the company is still evaluating how much this impacted overall registration).  As a second step IP checking was implemented to prevent posting to forums from China to provide time to clean out existing bogus profiles.

Together the two measures succeeded in fending off the attack.  Curious to hear from other people who have experienced such attacks and what measures worked for them.

Comments and forums seem like an odd place for spam especially when they don’t permit HTML. What could a spammer gain?  The only thing I can think of is possibly a link to their profile. Yet, last week a company I know was hit by a massive spam attack on its forums.  Based on volume and frequency and the inclusion of HTML (even though it clearly didn’t render) it appears that the attack was fully automated, including the creation of user profiles.  User profile creation required an email account and clicking on a confirmation link to activate the profile.  So likely there was nothing to gain here at all, just a spam bot plugging away.

A first hint that the attack was emanating from China was that the bulk of the email accounts used in the attack were with a Chinese portal.  Since the company wanted to keep its profile database clean, the first defensive step was to add a Recaptcha to account creation.  Implementation of Recaptcha was easy and did successfully stop bogus account creation (the company is still evaluating how much this impacted overall registration).  As a second step IP checking was implemented to prevent posting to forums from China to provide time to clean out existing bogus profiles.

Together the two measures succeeded in fending off the attack.  Curious to hear from other people who have experienced such attacks and what measures worked for them.