Last week, our CEO Matthew was on a panel at ForumCon in San Francisco. ForumCon attracted forum owners from all over the world and we got to meet a lot of interesting people. Some of the key things we heard was that unlike other types of websites, forums had to have the ability for its members to post comments and connect in real-time. Otherwise, without that, it is hard to run a forum. Because of that, forum owners spend a lot of time having to deal with comment spam and fake accounts to ensure a vibrant community for their members.
We know first hand that running a forum isn't easy. I've run Vbulletin forums in the past. In addition to managing the community, I had to contend with things like spam, malicious attacks and large floods of traffic on a daily basis.
Since CloudFlare offers a protection against forum spammers and attackers and helps your forum stay online even with traffic spikes, I wanted to share some CloudFlare best practices for forum owners.
Before joining CloudFlare
Before you activate CloudFlare, we recommend that you make an announcement to your community. Some topics to include:
- You're going to be trying a service called CloudFlare to protect and speed up your forums, which should improve page loading times and sharply reduce the number of active spammers.
- Advise your members that they may get a challenge page before they are granted access to the site. Let them know that they can still access the forum by passing the captcha, and that they can send you a message through the challenge page to request allowlisting of their IP address. Only a small number of your forum members will see the challenge page, but it is always useful to let them know what to expect. (On a side note, the intermittent page is used to stop automated bots from accesing your site).
- Let the community members know that the challenge page will appear if there are indications that their machine is infected with a computer virus or malware. The best thing to do is to run an anti-virus scan on their machine as a precaution.
- Let your members know that sometimes there are false positives with the data, but it is most common when the visitor is coming from a shared network like an office, college network or coffee shop. What this means is that although their computer isn't infected, someone else on the same network does have an issue. Your community member should run an anti-virus scan as a precaution. If there is no virus or malware, then they can enter the CAPTCHA to access the forum. The data set will refine over time.
After joining CloudFlare
We recommend reviewing the the following Top Tips blog post:
Top tips after joining CloudFlare
Why: The tips include solutions for getting original visitor IP, including mod_cloudflare which is for Apache, while also reviewing many key CloudFlare features and settings. If you're looking for other solutions beyond Apache, CloudFlare community members have created options for getting visitor IP for Vbulletin forums, PHPbb forums & other platforms.
Customizing your CloudFlare challenge page
Why: You can customize the look of the challenge page to match your overall brand aesthetic and customize the text to match your writing style.
Using CloudFlare Threat Control
Why: Challenged visitors may leave a message for you in your threat control panel requesting IP allowlisting. In addition, you can use the threat control panel to add known IPs, IP ranges, or countries that you want to either block from or trust accessing your forum.
How CloudFlare stops forum and blog spammers
Are there any other forum platforms that you use in which we should know about? Please let us know in the comments. Also, if you've created a solution and want to share it back to the CloudFlare community, add it to our Wiki.