Recent updates to common spamming software have led to severe shortcomings in the stock, image-based CAPTCHAs. The below information has been updated in light of this. Do note that any and all specifics are written for phpBB 3.0.6 and above; they will not work with older versions. Techniques for phpBB 3.0.5 and older are available here ; however, they are no longer supported. An archive of the previous anti-spam topic is available here.
This topic discusses common methods for spam prevention. For a brief overview of what spam is, see our spam FAQ .
Stopping Spam - Techniques and Strategies
Effective Solutions At this time, the below solutions seem to be most effective when fighting spambots.
Q&A CAPTCHA At this time, the Q&A CAPTCHA plugin seems to be the most effective single solution against spambots (and some human spammers). For this technique to be effective, you must use simple but non-obvious question and answer combinations. For instance, "Who do you see in the mirror?" is an effective question, while "What colour is the sky?" or "2+2 = ?" are not. These questions are particularly effective on niche forums where one can ask a question that is not immediately obvious to the general populace.
One type of question that appears effective is of the type"
What are the first three letters in the name (or URL) of this Board?
Also very effective are questions of the type:
Q: What are the first three and last three characters of this board's URL ? A: phpity
Q: Grass is to lawn as __________ is to forest. A: tree
Q:Forest is to lawn as grass is to ______________. A: trees
To enable the Q&A CAPTCHA, browse to Spambot countermeasures on the General tab of the Administration Control Panel (ACP), then select "Q&A" under "Installed Plugins". Select "Configure", setup your question and answer pairs, then submit the forum. Notice you may need separate Q&As for each language you use.
Blocking UTC-12 Registrations NOTE: Although reasonably effective when this was first written, it is no longer particularly effective.
Though generally hesitant to suggest specific MODs or changes, this particular change has proven to be mostly effective against the current generation of spambots. The below change will simply show an error message to bots that attempt to register using the UTC-12 timezone (many bots select it as it is 0 on the list index; it is an uninhabited timezone so there is no harm in blocking this timezone).
The change is quite simple:
Downloadable CAPTCHA Plugins The key to effective spam prevention is making your forum unique.
An effective way to do this is to utilize a third-party CAPTCHA plugin, made possible by phpBB 3.0.6's CAPTCHA architecture change. A list of validated CAPTCHA plugins (and other antispam MODs) is available here. Do note that all antispam MODs are not equally effective--you should review feedback in each item's Support area in the Customisation Database before deciding on the solution that is right for you.
Newly Registered Users Group - phpBB 3.0.6 also sees the introduction of the "Newly Registered Users" group. This feature, which may be enabled via the User Registration Settings page of the Administration Control Panel (ACP), allows the administrator to define a minimum post count; if a user is below this limit they will be a member of the Newly Registered Users group. Permissions may be set on this group much like any other group -- an example use is to place the Newly Registered Users group on the moderation queue for all forums. The user is automatically removed from the group when they reach the defined post amount. Be aware that this feature is not retroactive -- users who registered prior to a board's upgrade to phpBB 3.0.6 will not be placed in the Newly Registered Users group, regardless of their post count.
Custom Profile Fields - There is an article in the Knowledge Base detailing utilising Custom Profile Fields as a spam deterrent. This seems to be effective against most bots.
Admin Activation - This is not practical on most boards, but is an excellent option on smaller, less-trafficked boards. Many spam registrations utilise Gmail addresses or .cn domains, and use a seemingly random combination of letters and numbers for their username.
The McGirr Method - NOTE that this method is not available in the 3.1.x line, as it has no email confirmation field -This will remove the "confirm your email address" from the registration settings and if a bot tries to automagically insert the email confirm, an error will trigger and deny registration. So here we go
Watch this video!
Keep your users coming back by letting them earn trophies for reaching milestones. An intuitive "like" system makes users feel appreciated for their contributions, while integration with...
You probably have already heard about it: the next release will include a host of new features. This post will present one of them in detail, showing the idea and the impact on users, style and...
echoPHP phpBB Multi-Forums v4.0.1 stable for phpBB 3.0.12 is now available. It's faster, more powerful and will optimize your revenues even more than previous versions. Welcome to echoPHP.com...
What is phpBB? Many websites are built around discussion forums, and phpBB is one of the most common and fully-featured forum applications on the web. It's free and open source, so many website...
What is Icy Phoenix? Icy Phoenix is a CMS based on phpBB (a fully scalable and highly customisable open-source Bulletin Board package PHP based) plus many modifications and code integrations...