Help ! Spammers have found my PHPBB forum !
November 20, 2006 5:19 AM   Subscribe

I'm running a PhPBB forum. Spammers have found it. Mysterious strangers selling vigorous blue pills popped up from nowhere. Now I need to build something that will prevent spammers from polluting it. Is there a silver bullet that prevents all spammers from ever posting on PHPBB forums ? (I know, but I'm an eternal optimistic). Any antispam mods that has been successfullyt tested someone would like to recommend ? Thanks in adavance.
posted by Baud to Computers & Internet (8 answers total) 2 users marked this as a favorite
I, also run a phpbb forum and have been struggling with this as well - after installing a CAPTCHA mod into the signup process - (the phpbb site has the mod code) - they stopped for a week, but resurfaced 1 week later at about 20% strength.

This either means they have a) broken the CAPTCHA and can "read" the image or b) are paying an army of slave laborers to sit and register the CAPTCHA on a bunch of bulletin boards so they can spam them.

My ad hoc solution: Once every 3 days, I log into the database and do a

select user_id, user_website from phpbb_users order by user_id

.. this produces a list of all the user_ids and their registered websites. Nine times out of then, the spammer will register a site as well, probably with the hopes of link-spamming, and it'll be easy to ID:, for example.

I do a quick visual check for anyone who might have a legit site in there (don't want to nuke any valid users) and then run something like

delete from phpbb_users where user_id > NNNN and user_website != ""

... where NNN is the last known good user_id. This purges their accounts out.
posted by bhance at 5:50 AM on November 20, 2006

Captcha plus requiring a user to post x number of times before starting a thread.
posted by empath at 7:08 AM on November 20, 2006

Install captcha.
Turn on admin authorisation of all accounts.
Remove memberlist link.

This has removed all spammers from my forum.

All of these changes are MODs to be found (and supported) at the community. Mods are mostly easy to install even if you don't know PHP.

Email's in my profile if you'd like some help.
posted by By The Grace of God at 8:17 AM on November 20, 2006

There is no silver bullet. I host a few phpBB forums, and the spammers simply wiggle around everything. Captchas? They've beaten them. Post X number of times? They beat that too. A few "Hello! I am XX from YY and look forward to chatting with you!" posts and then BAM they start spam spam spamming away.

Requiring an admin to approve each account seems to be the best way, but it's tiresome for the admins. I don't run any of these forums, I just host them and field the support requests that come along with them.
Removing the member list link is another good idea. Spammers are a fucking pain in the ass.
posted by drstein at 8:25 AM on November 20, 2006

Watching this thread with interest. I also have a phPBB forum with spammers galore.
posted by LoriFLA at 9:48 AM on November 20, 2006

Check out the "Preventing SPAM" thread over at the phpBB bulletin boards.

I've been using captchas and admin approval for new accounts, but it's tiring to weed through 10 spammers for 1 real person. The Easy BotStopper mod looks interesting - it hides the website field on the user registration form, and automatically denies membership to scripts that try to register with a site anyway. It's no magic bullet, but since most spam accounts have website links, it might cut down on the number of script spam registrations I'm getting.
posted by wearyaswater at 10:05 AM on November 20, 2006 [1 favorite]

See also the user admin-> ban control -> Ban one or more IP addresses or hostnames

At one point I had a pretty large list of IP ranges by country, and had banned all of Europe, Russia, China, Brazil, Amsterdam, and Vietnam.

This is not as effective as it once was (botnets) but might still be worth looking into. If anyone maintains a similar list, I'd be curious to see it.
posted by bhance at 10:12 AM on November 20, 2006

I've had some success with particular mod. the mod removes the website field during sign-up so that if someone's using a script to automatically generate accounts and it tries to submit something to that field, the registration fails. so the spammer has to either sign up manually or somehow figure out what's going on and adjust their script accordingly.

I also noticed that virtually every spammer account listed an ICQ UIN. who the hell uses ICQ anymore? so I modified the script a bit to reject registrations that include ICQ UINs but I left the ICQ field in the registration form so as not to give potential spammers any clues. I figure any legitamite users that get repelled because they use ICQ aren't very cool anyhow.

lastly, install the admin userlist mod post-haste. it adds a user list option to the admin panel that makes getting rid of spam accounts so very easy. it lists users in order by sign-up date so if you go to the very last page of the listing it'll show the most recent accounts. from there, it's pretty easy to discern the fake accounts from the real ones, especially if their e-mail address is like "" and their occupation is "cheap viagra." just select the accounts you wanna delete and press delete. cleaning the user base used to be a 15 minute daily chore but with the admin userlist it only takes a minute or so.
posted by mcsweetie at 7:21 PM on November 20, 2006

« Older How should a walkout be handled?   |   Being Influenced By Negativity in Relationships Newer »
This thread is closed to new comments.