Web Design and Development

How to Prevent Forum Spam and Blog Comment Spam

the Frequently Asked Questions…
  • How do I prevent forum spammers from registering for the site?
  • Can I just use a WordPress plugin or CloudFlare or something to block spam?
  • How can I block countries like China from my forum?
  • How can I block IP addresses from accessing my forum?

and The Digital FAQ Answers…

One of the most obnoxious aspects of being a forum owner, site owner, or blog owner is spam.

Every day, every site — be it small or large — is inundated with dozens, hundreds, or even thousands of spam requests. So much spam can hit a site that it almost acts like DoS (DDoS) attack! Those spam tools can attempt to register for your site at a rate of one per second. I’ve seen them upwards of 45,000 consecutive attempts. That’s 45,000 seconds — aka 12.5 hours! For half a day, your site may crawl because of some garbage spam tool.

Anytime your site is interactive — like having a forum, or a blog with comments — you open yourself up to potential junk.

  • Closing your site is obviously not an option.
  • Spam (anti-spam) plugins can only do so much.
  • The CDN service CloudFlare is overaggressive, and has other issues that may affect your site.
  • Even if you staff the site 24/7 with moderators, it still gets through. And removing it is not the goal anyway — you want to prevent it.

But what about selectively granting access by geography?

If this article is helpful, please share it with others, using these links:
And if you've found our site to be as helpful as a magazine, book or class, then consider a small donation to support what we do here. Or sign up as a Premium Member for only $20. Thanks!

Where Does Forum Spam Come From?

Virtually all forum spam (and blog comment spam) originates in:

  • China
  • Vietnam
  • Ukraine
  • Russia
  • India
  • Pakistan

More than a third of all forum spam comes from China!

Unless your site targets people from the part of the world, there’s no need to cater to them. You can safely block them from participating on your site. They can still see and read the site — they just cannot comment or post. (And in the atypical case that you get that one person that is an asset to your site — but simply happens to live in an area of the world surrounded by spammers — you can always manually create an account.)

Think about it: you can reduce at least 33% of your spam by blocking China alone. Blocking Russia cuts another 9%. Ukraine is 9% again. So three countries, which you probably care nothing about, reduces spam by at least 50%.

What About Spam From the USA?

What about the sites that claim the USA sends the most spam, you ask? Most of those are USA based proxies, using a low-cost VPS. And most of those are also Chinese spammers. Notice that the VPS predominantly used are on the west coast, especially in California. Those offer the lowest latency to China, compared to something in the midwest (Dallas, Chicago) or east coast.

And those VPS hosts should be ashamed of themselves — they do nothing to proactively stop it. The worst offenders are:

  • EGI Hosting
  • Krypt Technologies
  • HostNOC
  • OVH
  • Peg Tech Inc
  • Psychz Network
  • Secure Servers (yeah, right!)
  • VolumeDrive
  • Wholesale Internet Inc

So remember that when you’re looking for a good host — steer clear of these companies, because you’ll find yourself on a dirty network. That may effect everything from ban lists (block lists) to SEO. So whatever the price, it’s not worth it. Find a better host.

Culling some of those USA proxies further removes spam by up to 16%. Imagine preventing a full 66% — two thirds! — of all spam attempts. No registrations attempts, no more spam. It’s all gone.

How to Block Spam via PHP

All it takes to prevent registrations is to edit your registration page. For example:

  • for vBulletin, edit register.php
  • for MyBB, edit member.php
  • for phpBB, edit ucp.php
  • for SMF (Simple Machines Forum), this method may not work. Another reason not to use SMF!
  • for WordPress 3.5.x, edit wp-login.php — wp-register.php for 3.4.2 and earlier (but you shouldn’t be using an old version anyway!)

At the very top of the PHP file — but after <%php of course — insert the following PHP code.

You’ll add in this basic code:

We’ll get to the IP list in a minute…

Next, create a ban page. This is where visitors from that IP range will redirect. For example, you can let folks know about manual registrations. It similar to having a 404 page (Not Found) for your site. Here’s ours: IP Address Banned – The Digital FAQ.

IP Block List

The Digital FAQ maintains a block list on a regular basis. It’s updated as needed, which is usually several times per month. You can download our list in the forum, and it’s available for free. We probably could charge for this, but really dislike spammers. Consider making a donation or signing up as a Premium Member instead, and support what we do.

The list blocks three main groups:

  • /16 range from China
  • /16 and /24 range from USA proxies
  • /16 range as needed, from other countries: mostly Vietnam, Russia and Ukraine, and some others as needed

India is not blocked, because it’s part of our demographic.

You’ll replace this sample from the above code with the IP address download:

Note: If you’re new to IP addresses, the second number (octet) is a /16 and the third number is a /24. You’ve possibly heard stupid people refer to it as a “C-class” (affiliate marketers, people seeking “SEO” hosting, etc). That’s not what a class C address range is (pre-CIDR; circa 1992).

Feel free to download our list, create your own, or use a mix of the two.

Have questions, comments or feedback? — Feel free to do so in the forum.

If this article is helpful, please share it with others, using these links:
And if you've found our site to be as helpful as a magazine, book or class, then consider a small donation to support what we do here. Or sign up as a Premium Member for only $20. Thanks!

Copyright Notice: All guides, articles and editorials found on digitalFAQ.com are copyright by The Digital FAQ and/or the respective authors. Articles may not be copied, borrowed, full-quoted or reproduced in any manner, online or in print, which includes blogs and forums, without the written email consent of Site Staff (which may or may not be given, for free or fee). Know that digitalFAQ.com staff does routinely monitor online plagiarism, and we do send takedown notices to site admins and/or web hosts (DMCA et al legal actions) as is necessary. If you would like for others to read articles found on The Digital FAQ, simply link to our content. (Note: Printouts for personal use is specifically allowed.)

Page Sponsored By:   (Advertise Here) / Web