Dealing with vBulletin Spam

vBulletin Forum SpamThe spam posting and fluff posting on forums is not limited just to the vBulletin software, it is just that I am more familiar with vBulletin, so my comments here are directed at that. However, the principles for other forum software are the same and many of the vBulletin modifications are similar and are available for other software. The only real approach to dealing with it has to be “multi-pronged” – no one strategy on its own is enough.

Here is what I do:


Make the forum unattractive to spammers. I use NuHit add on to nofollow all external links so no link juice is passed. I just wish all other forum owners will do the same. If this happened then the spammers will stop following the silly advice from the SEO Kiddies that forum signature links are a good way to build backlinks (it’s not!)

Registration Options:



Activate the reCAPTCHA™ Verification.

Enabling the vBulletin managing spam through the Akismet anti-spam service.

Add an additional question to the registration page, either through the AdminCP of more recent versions of vBulletin or with the NoSpam modification.

Use the Is Bot? Registration Time Check add on. This denies registration to anyone who fills out the registration form in less than 15 seconds (or whatever you set it to). Humans can not type that fast (be careful which email address you use for the notifications, as I get hundreds per day from each forum!)

Block certain IP and email addresses via AdminCP>vBulletin Options>User Banning Options. I always block addresses.

vbStopForumSpam mod which checks new registrations against the stopforum spam database.  There can be a few false positives, but the messages encourages them to ‘contact us’.

I have also added a warning to the registration page that link droppers will be reported to Google via their spam reports (not sure it actually helps, but having the warning there makes me feel better!).

Filter Posts Options:

The number of posts before members can have a signature with links in it is set to 10 (or whatever number you like). If anyone fluff posts to get to the number, they are usually banned on the basis of the fluff posts, so they never get the signature links. They never become useful members of the community. A number of forums have now changed it so that only registered and logged in members (ie NOT the search engines) can see the signatures.

The Prevent Spam Posts mod that checks for certain keywords and sends them to moderation. Example include words like nokia, ugg and acai. This can get a little frustrating with a potential number of false positives … but may be a cost to pay (I do disable this one from time to time).

Check4spam is a modification that is now in the graveyard and I have not found a good alternative, but it sends to moderation any message from a member that has a link in it if they have less than x number of posts (I have it set to 5 or 10). The ratio of spam posts to genuine posts is about 10 to 1, so the moderation queue has to be checked regularly to move the legitimate ones to the public area.

Human Intervention:

This is where your staff and moderators come in. They do need to check the moderation queue and check for those that get through (they usually the determined human ones and not the bots). It is also useful to have moderators in different time zones so the forum can be monitored 24/7 (for example, I look for moderators in the America’s, Europe and Australasia to make sure we covered).

Monitor new members. Certain things about the email address and the nature of the username can send up a red flag, specially if the registration IP address is from a couple of certain countries. Check their signature and proactivly ban them.

Profiles are checked a week or so after a new member joins to get rid of profile spam.

Some things I do not do, but you could:

Moderate new registrations. I do not do this, as this can take some time and put off a potential valuable new member who wants to join to respond to a discussion. They may not be prepared to wait for registration to be approved. Spammers can also still wait until they are approved.

Activate email verification.

This does have the potential to put off new members and the spammer programs will get around this to send them for manual activation. Emails for legitimate members may be caught in junk folders.



Ban free email domains. Spammers use these a lot, but so do a lot of potentially legitimate members use them.

Managing forum spam and fluff posting is one of the least satisfying aspects of running a forum. It is a never ending battle. The key has to be the first point above and make all forums unattractive to the spammers. Good luck.


5 Responses to Dealing with vBulletin Spam

  1. Admin December 12, 2009 at 4:12 PM #

    A mod has just been released on for vB4:
    MARCO1 Preventing Guests to Register Numbers as Their Username

    This mod blocks the registration for those who just use numbers as their username (usually means they are a spammer)

  2. David December 28, 2009 at 1:57 PM #

    I’ve read a lot on digital poiint forums and disabled and enabled this and that, it helped for a while, but then another way came around like they found another way to register. I’ve been testing the anit spam plugin and it has cut a of the registrations down a lot, i like the post mod feature too.

  3. Admin December 28, 2009 at 2:04 PM #

    Thanks David. I came across a while ago and it was not ready to launch then. I had not been back to their site since. Will now install and see how it goes.

  4. Edward Hamilton February 2, 2010 at 6:07 PM #

    I have a number of high value members with numbers in their username. I wouldn’t even consider disallowing usernames based on numbers.

  5. Admin February 2, 2010 at 7:46 PM #

    My best guess would be 75% of users with number in there username are link droppers or profile spammers. If they are not banned immediatly, we check them a few days later for the link drop. A real red flag is a number in the username that is different to the number in the email address — but that is not always the case, so we still check them. The problem with a blanket ban is that some users, becasue usernames they want are taken often add their age or year of birth to the user name and that is legit.

    There is this mod:
    Which prevent the use of a username with all numbers in it, which in my expereince is 100% a link dropper.

Leave a Reply