Spam in forum boards consists mainly in two activities, that are the following ones:

• Spam Threads
• Spam Member Profiles

Spam threads are new topics in which spammers put lots of links, usually pharmacy drugs and sex related, in order to obtain links for their websites and gain some traffic from the search engines.

This activity, apart of being illegal, it is totally deprecated because it promotes website that may potentially sell dangerous products, scams or could even bring to phishing sites.

Moreover, letting those links stay alive on your forum board may let your pages on being penalized, if such links are categorized as “bad neighbours” from the engines.

Last but not least, users seeing too much trash on your pages won’t return on your site anymore, and you will progressively lose traffic along with having your content quality drop to nothing.

For such reasons spam prevention is essential in order to keep your forum board tidy. Therefore the main question is: how can you achieve the goal of preventing spammers infest your forum board?

First of all, you will need to moderate your board by yourself or having some dedicated moderators in order to delete spam threads when these appear. If you are using PhpBB you should find a hack to add a thread report feature so to make your regular users help you in the spam prevention task.

Also, if you want to avoid people to sign up just to put their spam website on their profile to be shown, you should activate the email confirmation on your forum script. Both PhpBB and vBulletin are supporting this feature.

Manual activation of the accounts from the forum admin may be an idea, but this would slow down new memberships and could be an unsustainable extra work from your side.

You could even remove the possibility to add a website on your members’ profiles but this could limit your legit users, and you want your community to have all the benefits you can give them.

A good solution may be to remove the live links from profiles and the member list, and this can be easily done with manual modification of your forum script. It is easily feasible on PhpBB and vBulletin as well.

If you don’t know how to do this, you can contact a professional forum promotion firm and make them do the job for you. For instance, my company is doing such jobs for the public.

“Communication--the human connection--is the key to personal and career success.” - Paul J. Meyer

It doesn’t take long to discover the incredible diversity in online forums. Some forums are saturated in Google Adsense and other advertising banners. Some are virtually ad-free.

Many private forums are visited because they are very welcoming and you gain a positive sense of community when you visit. Another style of forum that is routinely visited is ones that seem to follow the model of several well-known radio talk show hosts – they are abrasive and somewhat offensive. However, it is this very trait that seems to bring are certain type of visitors back time after time.

For a business website it is important to foster a sense of community. Some of that sense comes by laying the framework of forum netiquette. You can further accentuate the positive by providing categories that result in an understanding that the forum was created for something more than an online playground.

The Look

Determining the overall look of the forum is important because the use of certain colors and patterns are more inviting to visitors than others. The overall layout of the forum may be out of your control, but there may be ways to customize the forum or even allow your visitor to choose a forum skin that best suits their individual tastes.

Category Design

By conducting a bit of research ahead of time you may find certain broad topics may work well for your forum.

Some possibilities include…

1) Welcome
2) News
3) Press Release
4) New Products
5) General Discussion
6) Frequently Asked Questions (FAQ’s)
7) Introductions
8) Tips
9) Suggestions

The primary purpose of your forum is to provide a common ground for your customers to learn and share their knowledge and experience regarding your products and services.

Purpose Driven Discussion

By keeping your focus narrow you will find the job of managing the forum much easier. It’s possible your categories will expand as your forum grows, but keep categories and their explanations simple.

Examples

Welcome – Check in here first to find out how to use this forum and where to find what you need.

News – The latest news that affects the industry.

Press Releases – Information directly from our company about products and services we offer.

If you run a Windows program on your PC, you may have more to worry about than popup ads and other online annoyances. According to a Microsoft report released in June, Backdoor Trojans are one of the most common threats to internet users, and have the potential to put your computer in the hands of a hacker.

A Backdoor Trojan is a group of Trojan horse programs that open a back door in the computer system, allowing a hacker to access the computer and use it as a zombie computer. A zombie is a computer that is controlled by a hacker and can be used to perform malicious tasks remotely, without the knowledge of the computer’s owner. For the most part, zombie computers are used to perform actions that the perpetrator would not want to have traced back to him. Hence, he performs the actions from the zombie computer, effectively covering his tracks.

Some of the more common actions a zombie can be used for are:

1. Spamming – Spamming involves the sending of massive amounts of spam emails through the zombie.
2. Click fraud – An act in which the controller of the zombie will use the zombie to click on a pay-per-click ad, generating revenue for a third party.
3. Distributed denial of service attacks – An attack that makes a computer resource unavailable to its users, either by forcing the computer to reset or consume its resources, or by obstructing the communication media between the intended users and the computer.

In the case of a zombie computer, all this and more can be perpetrated through a victim’s computer without the victim ever having knowledge of it. And, according to a recent report by Cipher Trust, a New York-based messaging security company, a recent spread of Mocbot worm variants that exploit a Windows security flaw has caused a 23 percent rise in Cipher Trust’s detection of zombie computers. Microsoft has issued a patch for the flaw.

Some steps you can take to prevent your computer being captured and converted into a zombie include:

1. Keep your operating system up to date – Scan your syst5em for missing security patches and install any new ones on a regular basis.
2. Install the Windows Update tool to get automatic updates to your Windows system.
3. Upgrade your operating system to its most current version. Older software has a hard time keeping up with current security updates.
4. Always use a firewall. This is just standard.
5. Educate yourself on all possible ways to contract a virus, Trojan, or worm, including through open ports as well as email.
6. Be vigilant about updating your antivirus software, and remember to still take precautions against new infections that antivirus companies may not be aware of yet. Follow the common sense rule of avoiding opening anything you don’t recognize and running an up to date security package.

If your computer is acting sluggish or slowing down frequently, it is possible that it might be being used as a zombie computer. If you think this is the case, the best thing to do is disconnect it from the internet immediately and have it checked by a computer services organization. After the machine has been cleaned of possible viruses, worms, Trojan horses, spyware, and other malware, install and update your antivirus and anti spyware software, firewall, and other security software. Make sure to change all passwords you use online and on the computer, as they may have been intercepted by the remote hacker.

The threat of an employee inadvertently infecting a business computer network via malware received through a work email or instant message is one that most businesses have taken steps to prevent. Even businesses that are small or not very technically savvy have antivirus software, firewalls, and other security measures in place to prevent the costly and sometimes risky issue of an infected network. However, with all the fuss about incoming email, a surprising number of businesses pay little to no attention to the dangers associated with outbound email.

According to a recent study performed by Proofpoint Inc., a California-based security company, possible security risks that stem from lack of protocol related to emails sent from company computers. Concerns such as protection of sensitive data, privacy, legal risks, and embarrassment to the company have inspired many businesses to put in place standards of practice for employees who send email (and there are very few who don’t these days) and to enforce security policies on outgoing messages. Many employers are also concerned about employees posting sensitive information on blogs or message boards. The Proofpoint Inc. study, which focused on businesses in the United States and the United Kingdom that employ more than 1,000 people, gathered information on the following aspects of email security:

1. The level of concern about outgoing email content leaving large organizations
2. The methods and technologies those organizations have used to control or otherwise secure outgoing emails
3. The state of messaging-related policy implementation and enforcement in large organizations
4. The frequency of various types of policy violations and data security breaches

The 2006 study drew from surveys of several hundred “decision makers” from different companies, almost 40 percent of which were in technical, professional, financial, or government fields, who answered questions about their companies’ outgoing email policies. It turns out that many companies actually hire employees to read or check outgoing email to see that it fits standard email protocol. In fact, in the U.S., 38 percent of companies have employees to do this job, and 46.9 percent perform regular audits on employee email content. Through these actions, they have estimated that over 20 percent of outgoing workplace emails contain confidential or other internal business information. Disturbingly, almost 35 percent of those surveyed claim their company was negatively affected by the wrong information leaving via employee email in the past year. Some companies have even had non-public financial information posted online by employees.

However, the companies are not the only ones that suffer from these breaches. The study shows that in the past year, over 50 percent of the employers surveyed disciplined employees for violating email policies. Additionally, 17.3 percent took corrective action over employee violation of blog or message board policy, and more than 7 percent actually fired an employee for their outbound messaging actions.

With more than half of the company representatives voicing concern over the reduction of security risks associated with lax outgoing email practices, Proofpoint suggests that companies create and implement policies dealing with the following issues:

1. An acceptable use policy for email, defining appropriate uses for company email systems
2. An acceptable use policy for blog and/or message board postings
3. An audit vulnerability scanning policy, which gives the company’s information security team the authority to conduct audits and risk assessments, investigate incidents, enforce security policies, and monitor activity
4. An acceptable encryption policy that defines types of encryption used within the organization
5. An automatically forwarded email policy that governs the automatic forwarding of email
6. An ethics policy, defining ethical and unethical business practices, including disclosure rules, conflict of interest rules, and communication guidelines
7. An information sensitivity policy or content classification policy, which reduces the risk of confidential information being leaked to outside parties
8. A risk assessment policy that defines requirements and provides authority for the information security team to identify, assess and take action on possibly risky information
9. An email retention policy that defines guidelines for retaining information in an email

Recently when going through the student projects on web design I came across codes similar to the following many times.

$Result =Select * from members where username=’$x’ and password= ‘$y’;

This is typically a code used for user authentication, in which username and password are collected into variables $x and $y .The students and many web designers assume that such queries are safe and the system is well protected.

But such queries give raise to a kind of attack popularly known as SQL injection attack.

The user may give admin as the user name and the string nothing ' OR '1'='1 as the password. So what happens? The query becomes

Select * from members where username=’admin’ and password= ‘nothing ' OR '1'='1’

This returns a positive number of rows since the condition ‘1’=’1’ always holds. The attacker coolly gets into an admin account. Also he may enter more dangerous commands like insert, Drop etc. into SQL and cause havoc into your database. Also this is not special to any programming language. Almost all server/client side programming is prone to this. Also an SQL can be injected to user registration, searches, and similar things.

Another common type of SQL injection attack is by injecting the SQL into the URL directly. How to prevent this?

1.Database level:

A user must have only the bare necessary privileges to the database. This is called “the principle of least privileges”.Don’t give the connecting user privileges such as drop, delete etc on databases unless it is absolutely needed. This will ensure that damage to the database is minimized.

2.Programming level:

Do not pass the query string generated by the user directly onto the database. First pass it through a security layer which checks for unwanted characters, replaces a spurious commands etc. and blocks the query if it is suspicious. For example the security layer may find that in the above login script there are unnecessary Quotes and block it. You can design an abstract security layer, which works for all types of databases and stop attacks.

It all started with a web site owner receiving an e-mail from an unhappy client informing him that the anti-phishing scanner of Internet Explorer RC1 detected his site as a possible fraudulent web site. When Internet Explorer detects a possible fraudulent site, it warns the user not to enter any personal or sensitive information on the specific site in question. This means that if your site gets detected as a phishing site, you will most certainly loose clients because no one will want to buy from you (to sell products online you require information like e-mail addresses, shipping addresses and credit card information).

Which bothers me the most is the fact that web site owners discovered this and will possibly encourage their visitors to turn of the anti-phishing feature. This beats the whole idea of having the scanner there in the first place. Internet Explorer is causing a loss of confidence in two directions, the one being the web site and the other being the anti-phishing scanner. People will start to doubt respectable web sites and at the same time question the accuracy of the anti-phishing protection of Internet Explorer. The anti-phishing scanner is a great idea and an innovative way of battling the ever-increasing threat of online fraud. But when things go horribly wrong like this, you do more harm than good.

You have to take into consideration that it is still a release candidate and not the final version and bugs will most certainly be present. But you have to make sure that things like this won’t happen before you release it into the open. I can only imagine how much money has been lost because of this flaw and you might even see some lawsuits in the near future if the matter is not resolved in a timely matter.

The developers of Firefox are also implementing an anti-phishing feature for Firefox 2. This anti-phishing feature handles possible fraudulent sites fairly the same way as the Google Safe Browsing feature of the Google Toolbar. This brings an idea to mind. If you really feel you need anti-phishing protection then get Firefox with Google Toolbar, it is far better and safer using a stable browser than using a pre-release version of a browser with multitudes of security issues and flaws. To be honest, you should seriously consider an alternative browser to Internet Explorer, because it will be compulsory for all Internet Explorer 6 users to upgrade to Internet Explorer 7 once the final version gets released.

Prospective clients don't want to hear about you, they want to hear how you can help them. A well-written information product will demonstrate your knowledge in your area of specialty, build trust and establish your credibility as an expert. As well, each different product will grow your business in a unique and effective way.

1. Articles. Submit a well-written article to an effective article bank website, and wait for a steady stream of targeted traffic back to your website. And these visitors are pre-qualified – they're already interested in your area of specialty and they already recognize you as an expert in that area.

2. Special reports. Supply a free report that addresses the biggest challenges or desires of people in your target market. In exchange, ask visitors for their name and email address, along with their permission for you to contact them again, and watch your list grow. You can now stay in touch regularly, strategically and profitably, by sharing products, services and solutions that are custom made for your target audience. After all, the visitors who are interested in the topic of your report will also be interested in the services that you promote with your ongoing mailings.

3. E-courses. Marketing wisdom teaches us that a prospective customer will not say, "yes" after just one offer or contact. Give away an e-course that addresses the biggest challenge of your target market, and you get to keep in touch with your prospective customer 5, 7, or even 10 times. Conclude the course by informing them of some of the solutions you provide, and watch your sales and referrals grow.

4. E-books. Collect your best ideas and put them together into an e-book. Your credibility in your area of specialty will rise, you will be more attractive to the media as an interview subject and you will have a source of passive revenue. As well, you now have a separate level of service for those who aren't able or willing to spend on your high-level products or services such as monthly coaching. Or use your e-book as a curriculum to create or enhance a coaching program.

5. Learning Guides. Do you prefer to talk, rather than write? Maybe you've found success leading tele-classes and creating audio programs. Add value to your audio products by including an enhanced transcription that summarizes the material clearly. Everyone learns in different ways, and some of your customers are bound to prefer written information to audio information (I know I do!). The more ways you can package your information, the farther it will spread into the world to make it a better place.

The very best way to be sure the materials you are using are truly public domain is to go right to the original published book. But finding an original source book can be quite difficult. Alibris makes it much easier.

What is Alibris?

In their own words:

"Alibris connects people who love books, music and movies to thousands of independent sellers around the world. Our proprietary technology and advanced logistics allow us to offer over 30 million used, new and hard-to-find titles to consumers, libraries and other institutions."

Basically if you know Amazon, you understand Alibris. The crucial difference is that Alibris allows you to do searches based on publication date and that makes it very valuable indeed.

How to search.

To start a search, you want to go to the Advanced Search page. Just to to alibris.com and click on their advanced search button right where it says books. It is located right below the basic search in the left hand corner of the home page.

This brings you to a page with many input options. In addition to the standard title, keyword, etc. inputs is one very valuable input near the bottom of the form. It is called Publication Year - and one of its options is labeled Before. And that is very powerful.

Lets say you were looking for a book on baseball that was in the public domain. Put the word baseball in the title and in the publication date/before field put 1923.

This particular research pulled up over 200 possible books that you have the opportunity to purchase and turn into a product.

A word of warning

The search results are only as good as the data input by the sellers. This means that a certain percentage of books will not match your search terms and a certain number of dates will be wrong - specifically I see lots of books with a publication date of 1900 which is clearly wrong. (I'm guessing that 1900 is the default if no date is entered.)

Therefore, before purchasing a book, it is generally a good idea to send a note to the particular seller to verify the publication date before investing money in the book.

While I would much prefer seeing the book before making a purchase to verify that it meets my needs, if the price is reasonable enough, I figure it is just part of the cost of researching for the product.

Oh, and this is also a good way to search for available books published after 1922 that are in the public domain. For instance if you are looking at doing a diet related product, you could search for books say before 1960 and then when you find books with interesting titles, you can then do a copyright search as discussed in another article on this site (link at end) to see if the book fell into the public domain. And who knows, this could result in finding a diamond in the rough. In fact, at least for diet books, there have been several bestsellers in recent years based on either a public domain book or a government publication.