Basic anti-spam configuration for Question2Answer

Basic anti-spam configuration for Question2Answer

These are 4 basic anti-spam settings for Question2Answer: change default text strings, install "Very Simple Bot Protection",  forbid registration from spam IP addresses and deter Semalt using .htaccess.

As I wrote I'm using Question2Answer CMS on Seoquestions.club. Today I moved this project from one free hosting company to my brand new VPS located in Czech republic, set up Google analytics and Google webmaster tools, removed spam and wrote an blog post:

1. Step: Install Very Simple Bot Protection (VSBP) - non default CAPTCHA

I found that I have 200+ new users in Q2A installation. Wow, what a number! But all of them was bots :) It means that reCaptcha I was using didn't work.

I installed plugin called Very Simple Bot Protection (VSBP) created by sama55. It provides ability to have your own, original anti-spam questions (which can be also localized). Follow its readme.txt and in the qa-plugin/very-simple-bot-protection/lang/qa-vsbp-lang-default.php set up your questions. This is my example:

'vsbp_qs_1' => 'Which letter is missing in Seoquestions.cl_b?==u',
'vsbp_qs_2' => 'Which letter is missing in Seoquest_ons.club?==i',
'vsbp_qs_3' => 'Which letter is missing in Seoque_tions.club?==s',
'vsbp_qs_4' => 'Which letter is missing in Seoq_estions.club?==u',
'vsbp_qs_5' => 'Which letter is missing in Seoquestions.c_ub?==l',
'vsbp_qs_6' => 'Which letter is missing in S_oquestions.club?==e',

I like this kind of question because beside spam protection It helps users to memorize the brand.

2. Step: Remove all default text strings like "Powered by *******"

When I registered Seoquestions.club to Google webmaster tools I discovered that it was googled out for queries such as:

  • "help get *******" - string displayed at the bottom of a page
  • "privacy: your *******" - string displayed during an user registration
  • "Powered by *******" - string displayed in a footer

Spammers search for these unique text strings because it can easily discover Question2Answer website.

In order to decrease manually added spammy content you need to change these texts. Most of them can be changed in file qa-include/qa-lang-main.php. "Powered by *******" can be found in qa-include/qa-theme-base.php. "privacy: your *******" can be changed through admin > emails settings (Privacy note for email addresses).

Even better way how to remove "powered by" message

Update: Here is better way how to change string "Powered by *******" in footer then hack the core files. You can remove powered by message just by overriding it in your theme. My theme is Candy so in this case it will be as follows:

1. Download and open qa-theme/Candy/qa-theme.php in your editor.  You will see code:

Advertisement

    class qa_html_theme extends qa_html_theme_base
    {
        function nav_user_search() // reverse the usual order
        {
            $this->search();
            $this->nav('user');
        }
    }

2. Change it to:

    class qa_html_theme extends qa_html_theme_base
    {
        function nav_user_search() // reverse the usual order
        {
            $this->search();
            $this->nav('user');
        }
    function footer()
    {
            $this->output('<div class="qa-footer my_test_over_ride">');          
            $this->nav('footer');
            //$this->attribution(); replace default attribution with your message
            $this->output('<div class="qa-attribution">Your message</div>');
            $this->footer_clear();         
            $this->output('</div><!-- /qa-footer -->');
    }

    }

3. Upload changed file to server and that's it. You have successfully removed "Powered by" message from your Question2Answer installation.

3. Step: Forbid registration from spam IP addresses

Stopforumspam.com has robust database of forum spammers (it stores email, IP address, username). Use their API to detect spam. Place this 1 line of code above "//    Process submitted form" (around line 70) in qa-include/qa-page-register.php:

if (strpos(file_get_contents("http://www.stopforumspam.com/api?ip=" . $_SERVER['REMOTE_ADDR']), '<appears>yes</appears>')!==false) die('Go away, Spammer.');

It's tested and working solution suggested by brinch. Yes, we are hacking a core but it's worth it. If anybody will create a plugin, drop me an e-mail and I will link to it.

4. Step: Deter Semalt

If you run several websites I'm sure you have Semalt (I will not backlink to them) mention in every access log. This code placed at very beginning of .htaccess file will deter their bots (company is using various spam domains):

# BEGIN DETER SEMALT
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://.*semalt\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*kambasoft\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*savetubevideo\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*yapoga\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*bottlenose\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*descargar-musica-gratis\.net [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*baixar-musicas-gratis\.com [NC]
RewriteRule (.*) http://www.semalt.com [R=301,L]
# END DETER SEMALT

That's it. I think that this 4 measures will be enough to deter most of spam. Let me know in comments if it works for you. ...And in case of any SEO quetion simple visit Seoquestions.club!

Advertisement

Post is listed in the Net category.