How do you guys stop Forum spam?

This is a question for Keith or any of the other mods here.

Someone I know is running a phpBB forum and receiving large volumes of spam each day - sufficient that he has changed the settings so that each new post must be vetted before it is allowed on the board.

Lit&Lat is much larger, and much more likely to attract a lot more traffic and attention from spammers, but I very rarely see a spam post as an issue here.

What is your secret?

Is there some spam killer you can install on phpBB, does it just not appear for some reason, or do you just kill it very very quickly when it does (does Ioa ever sleep)?


Matt, another forum I frequent has a policy that members have to be approved before posting is allowed. The “approval process” is merely sending an email to the applicant with a very basic question (e.g. what’s your favourite colour?) and if there’s a reply, they’re approved :slight_smile: . This, of course, eliminates the bots (unless machines have favourite colours). 99% of “members” joining are bots, so the basic question makes sure they’re “real boys”. It’s tedious, but for the admin it’s pretty obvious who the spammers are.

They have also enabled captcha on sign up (the default version), but the bots seem to be able to get passed that somehow (hence the question email). If there’s lots of likely genuine members and the challenge question too onerous for the admin, then probably your friend may be wise to see if there’s a plugin that presents a more difficult captcha or maths type challenge to joinerupperers.

It’s been so long since I joined here, that maybe L&L has another (better) method.

You have to answer a basic question (“what is the name of our writing software?”) and do a Captcha style alphanumeric read to sign up to the L&L forum.

I guess that helps cut down on the automated spam. There’s no real cure for human spam and trolling though, I guess.

Most modern bb spam is now down directly injecting into the database. Make sure the versions of the phpbb is up to date (all patches) and check to see if the host db is patched and up to date.

Then simple manual approval of new users and/or captcha can cut down on most bb spam.

KB feel free to delete this or correct as you see fit.

A few basic rules based on what KB has done:

  1. DO NOT LET GOOGLE INDEX YOUR FORUM. If the bots can’t find it they can’t spam it.
  2. Require registration.
  3. Require email confirmation.
  4. Firewall servers (should be the data center) to only allow needed access.
  5. Use sane password (complex) on the internal servers.

Captcha’s aren’t really needed or even useful. Ever seen one on scriv’s forums?

I use Captcha on my pants zipper.

Not all bots honour the the ‘no indexing’ thing. As the same group with the forum recently found out with a wiki they were trialling. Within days of it being created (with indexing deliberately turned off) and no real meaningful meta data to “pull in the sharks”, the spam started.

Bots are not nice people. Who knew?

Just took a quick look here and we use user agent and JS to keep the bad guys at bay (not forums but general site). I don’t care for the JS aspect but that is because I’m the guy that has a tendency to use telnet to read pages (styles really make HTML evil when embedded inline by the overlord’s HTML generators).

The two biggest bot violators that I see in my server logs are .ru and .cz. Both use their site name in the user agent so block them it should be implementable with a simple apache rewrite match in apache. Granted once you are listed with the spammers as an open site getting it cut back could prove to be more difficult.

What? :open_mouth: All of that: what? What’s it about?

I know, it’s hard to fathom, but I actually do something semi-productive for a living. Something other than keep mr K occupied that is.

The main reason we don’t allow Google or Yahoo or so on to index the forum is because of slowdown. When we used to allow it, we would have the Google bot loading pages hundreds of times a minute, bringing everything to a standstill. So, we edited robots.txt to disallow bots. As Jot says, though - and as Jaysen knows - that doesn’t stop malicious spambots. robots.txt is just a request, really, which the decent bots respect.

The single most effective barrier to spam that we have installed has been the Anti-Bot Question mod. As pigfender points out, on our forum, this asks: “What is the name of the writing software to which this forum is dedicated?” or something similar. This ensures that the person registering has to have some very simple human knowledge - it’s not something a bot just randomly trying to get access to PHPBB forums can deal with. (The downside being that we get one or two emails every week from frustrated users who have completely missed the anti-spambot question and can’t understand why their registration isn’t working.)

I installed the Anti-Spambot mod after the forum was assailed with torrents of porn a couple of years ago, and since then the spam has been few and far between (fingers crossed).

All the best,

Does that mean that vic-k, wack (intentional) and I are not spamming the forums? Meaning you are saying we can post where ever when ever? Are you sure?

ASSAILED!! TORRENTS!!..PORN…wot y’ talkin’ about, I never got any emails saying ,‘Quick, Vic, go to posting.php?m…torrents of porn!’ :imp: Y’ need t’ get y’ act together next time.Jeezzz!! tch!tch!tch! I bet Bywater got one, though…didn’t he…eh?

And this assailed & torrents business, it’s easy to tell you’re a wanna be writer. Y’ betta be careful what you post on board this old tub. If we ‘ave any more of that kind of, attention grabbing prose, you’ll have all the pedantic anal-retentives crawling out of the rotting rigging, saying, "Y’ can’t do that!..y’ can’t do this…y’ shouldn’t say this and y…ad infinitum, and ad feckin nauseam!
Be careful young Kevin
P.S. Anyway…wots all this techie stuff doin’ on the interlectyooal forum?!

Coincidentally, the title of my upcoming children’s book.

Shouldn’t that be the prequel?

Written by Mega-load?


Coincidentally, my upcoming children’s book also happens to be a pop-up book.

I’d send more but I have a day job and it takes time to keep setting up all these new email accounts.

Hopefully not Scratch-n-Sniff.