How to Prevent phpBB Registration Spam

For the ClassiPress forum I use a free software called phpBB. Up until a few weeks ago, I wasn’t having any problems with forum spam but now it seems the bots have me zeroed in. PhpBB does come with a simple captcha-style anti-bot option but for some reason it doesn’t seem to work very well. I have also enabled a feature to require email verification by clicking on a link before their account becomes active.They beat that too.

I must say, the bot engines out there today are pretty damn smart. They have figured out a way to automate and bypass both of these security measures so they can post spammy links to their products or just be a nuisance. Luckily the spammy forum posts haven’t been porn…at least not yet.

So today I finally got fed up with having to delete spam posts and ban users and installed a great phpBB3 mod. It’s called Anti-Bot Question and it does a great job beating the spam bots. As with any mod, it takes some time to set everything up (it took me about 1 hour total) but so far it’s blocked everything. Since the phpBB spam robot scripts know the exact order and number of fields on the registration page, this new field throws them off. They also don’t know how to answer the question so they are stopped dead in their tracks. Here’s the final result.

phpbb-anti-spam-bot-question-form

This mod basically adds a new field on registration where you can create any question/answer combo you want. In my case I used the basic “Is fire hot or cold?” question but you can use whatever you like. You set this question up on the “General” => “User Registration Setting” page at the bottom.

phpbb-anti-spam-bot-question

If you aren’t familiar with installing phpBB mods, then listen up. Most of them come with a .xml file which contain the instructions. Just open it up locally in your web browser and follow the steps. For this mod you will need database and ftp access. You will have to run a simple mySQL query that inserts new values into the config table and also edit 3-5 phpBB3 files.

After you make the updates, it usually won’t show up until you clear your cache. So on your “General” page, click the “run now” button for the “purge the cache” option.  Remember to make sure you backup your files before doing this mod and read the directions carefully!

It’s also worth noting that applying mods to your forum will probably get blown away when it comes time to upgrade phpBB. I recommend bookmarking the sites of any mods you make as well as adding comments to the code you update. That way when it comes time to upgrade phpBB, you’ll remember exactly what you changed the first time and can do it again with ease.

For those of you who wonder why I decided to use phpBB, it’s because of several reasons. I also recommend checking out a great site called Forum Matrix which lets you compare dozens of different forum solutions side-by-side.

UPDATE: After running phpBB for over one year, we decided it was time to purchase vBulletin. It’s a much more complete forum software and we especially like how it integrates with our existing systems.

Your rating: none
Rating: 2.8 - 4 votes

 Comments (7)

  • StephenB

    From running very big boards (fortunately on vBulletin!) one thing I’d recommend is to create a ‘western orientated’ question. Not about cowboys & indians, but one to counter the indians & especially chinese who have factories of cheap labour scouring the net for sites with signature phpBB board… it was only a matter of time before they found you.

    They don’t use bots, just very cheap labour, with one directive… to create spurious accounts and fill it with crappy WoW gold links.

    vBulletins superior account management systems help in avoiding this.

    S

  • David

    That’s pretty scary and even a bigger pain in the butt. Any idea how they find phpBB sites? Do they just search Google for phpBB footer links or something?

    Good idea with the western oriented question but the problem is I have visitors from all around the world. That might prevent legitimate users from being able to register.

    I do agree the vBulletin is the best forum software out there. It was just a little too much forum for me though but eventually I might go that direction.

  • Robin Majumdar

    Good suggestions above, while I agree that that the paid COTS forum software systems offered by Invision (IPB), vBulletin and many others are good solutions… there are many “free” or “freemium” forum solutions that offer similiar anti-abuse features.

    Indeed, spam-bots and spam-humans do seek out targets (such as PHPBB) by doing searches for specific strings to identify weak targets.

    I think it’s not fair to write off any particular community software system because of the spam issue ; it has to be proactively managed – even if you use VB or IPB (or the venerable UBB ;))

  • Robin Majumdar

    Obviously, we need some spam control on this very comment thread for the article 🙁

    • David

      Yeah, I don’t know what the deal is. Ever since I upgraded to WP 2.8, all these new spams started coming in. I’ve got some good spam plugins going too.

  • Udaya

    How to install this script on phpbb ?

    Like

Discussion is closed.