This topic discusses common methods for spam prevention. For a brief overview of what spam is, see our spam FAQ.
Stopping Spam - Techniques and Strategies
- Effective Solutions
At this time, the below solutions seem to be most effective when fighting spambots.- Q&A CAPTCHA
At this time, the Q&A CAPTCHA plugin seems to be the most effective single solution against spambots (and some human spammers). For this technique to be effective, you must use simple but non-obvious question and answer combinations. For instance, "Who do you see in the mirror?" is an effective question, while "What colour is the sky?" or "2+2 = ?" are not. These questions are particularly effective on niche forums where one can ask a question that is not immediately obvious to the general populace.
One type of question that appears effective is of the type"
What are the first three letters in the name (or URL) of this Board?
Also very effective are questions of the type:
Q: What are the first three and last three characters of this board's URL ?
A:phpity
Q: Grass is to lawn as __________ is to forest.
A:tree
Or:
Q:Forest is to lawn as grass is to ______________.
A:trees
To enable the Q&A CAPTCHA, browse to Spambot countermeasures on the General tab of the Administration Control Panel (ACP), then select "Q&A" under "Installed Plugins". Select "Configure", setup your question and answer pairs, then submit the forum. Notice you may need separate Q&As for each language you use. - Blocking UTC-12 Registrations NOTE: Although reasonably effective when this was first written, it is no longer particularly effective.
Though generally hesitant to suggest specific MODs or changes, this particular change has proven to be mostly effective against the current generation of spambots. The below change will simply show an error message to bots that attempt to register using the UTC-12 timezone (many bots select it as it is 0 on the list index; it is an uninhabited timezone so there is no harm in blocking this timezone).
The change is quite simple:Code: Select all
# #-----[ OPEN ]------------------------------------------ # includes/ucp/ucp_register.php # #-----[ FIND ]------------------------------------------ # $data = array( 'username' => utf8_normalize_nfc(request_var('username', '', true)), 'new_password' => request_var('new_password', '', true), 'password_confirm' => request_var('password_confirm', '', true), 'email' => strtolower(request_var('email', '')), 'email_confirm' => strtolower(request_var('email_confirm', '')), 'lang' => basename(request_var('lang', $user->lang_name)), 'tz' => request_var('tz', (float) $timezone), ); # #----[ AFTER, ADD ]------------------------------------------ # if ($data['tz'] == -12) { $message = $user->lang['ACCOUNT_INACTIVE']; $message = $message . '<br /><br />' . sprintf($user->lang['RETURN_INDEX'], '<a href="' . append_sid("{$phpbb_root_path}index.$phpEx") . '">', '</a>'); trigger_error($message); } # #-----[ SAVE/CLOSE ALL FILES ]------------------------------------------ # # EoM
- Downloadable CAPTCHA Plugins
The key to effective spam prevention is making your forum unique. An effective way to do this is to utilize a third-party CAPTCHA plugin, made possible by phpBB 3.0.6's CAPTCHA architecture change. A list of validated CAPTCHA plugins (and other antispam MODs) is available here. Do note that all antispam MODs are not equally effective--you should review feedback in each item's Support area in the Customisation Database before deciding on the solution that is right for you. - Sortables CAPTCHA https://www.phpbb.com/customise/db/mod/ ... ha_plugin/
- Newly Registered Users Group - phpBB 3.0.6 also sees the introduction of the "Newly Registered Users" group. This feature, which may be enabled via the User Registration Settings page of the Administration Control Panel (ACP), allows the administrator to define a minimum post count; if a user is below this limit they will be a member of the Newly Registered Users group. Permissions may be set on this group much like any other group -- an example use is to place the Newly Registered Users group on the moderation queue for all forums. The user is automatically removed from the group when they reach the defined post amount. Be aware that this feature is not retroactive -- users who registered prior to a board's upgrade to phpBB 3.0.6 will not be placed in the Newly Registered Users group, regardless of their post count.
- Q&A CAPTCHA
- Other Solutions
- Custom Profile Fields - There is an article in the Knowledge Base detailing utilising Custom Profile Fields as a spam deterrent. This seems to be effective against most bots.
- Admin Activation - This is not practical on most boards, but is an excellent option on smaller, less-trafficked boards. Many spam registrations utilise Gmail addresses or .cn domains, and use a seemingly random combination of letters and numbers for their username.
- The McGirr Method - NOTE that this method is not available in the 3.1.x line, as it has no email confirmation field -This will remove the "confirm your email address" from the registration settings and if a bot tries to automagically insert the email confirm, an error will trigger and deny registration. So here we go
OPEN
includes/ucp/ucp_register.php
FIND
REPLACE WITHCode: Select all
'email_confirm' => array('string', false, 6, 60),
FINDCode: Select all
'email_confirm' => array('string', true, 6, 60),
REPLACE WITHCode: Select all
if ($data['email'] != $data['email_confirm']) { $error[] = $user->lang['NEW_EMAIL_ERROR']; }
OPENCode: Select all
if (!empty($data['email_confirm'])) { $error[] = 'You are a spam bot...go away!'; } /*if ($data['email'] != $data['email_confirm']) { $error[] = $user->lang['NEW_EMAIL_ERROR']; } */
styles/prosilver/template/ucp_register.html
FIND
REPLACE WITHCode: Select all
<dl> <dt><label for="email_confirm">{L_CONFIRM_EMAIL}:</label></dt>
and you can apply the same to any style, just take note of theCode: Select all
<dl style="display:none;"> <dt><label for="email_confirm">{L_CONFIRM_EMAIL}:</label></dt>
style="display:none;"
part in the code above. - Broken Visual CAPTCHA Plugins
These CAPTCHAs are included in the stock install but have been broken by spambots. They are ineffective and should not be used.- CAPTCHA Without GD
- GD 3D CAPTCHA
- reCAPTCHA
- GD CAPTCHA
- CAPTCHA Without GD
Please use this topic to discuss this information.
Changelog
1298750321 - Rewritten - Phil
1354381122 - Added note re UTC -12 and added question examples - stevemaury
1369438616 - Added the McGirr Method and changed the "1st 3, last 3" example - stevemaury
1385134392 - Changed "What programming language is phpBB written in?" - stevemaury
1385134793 - Added Sortables CAPTCHA - stevemaury
1406545860 - Expanded ACP acronym - Oyabun1
1458815040 - Edited to note McGirr method not available in 3.1.x - stevemaury
1460846074 - Edited to add the "What are the first letters in the board's name" type of question - stevemaury