I'm not a part of the phpBB team or anything, but I've used phpbb on and off for a couple of years now. I recently started back with the release of 3.2.x and I found I, too, was receiving massive, massive amounts of bots accessing my site. It wasn't too big of a deal until those same spambots were also trying to run jqueries in mass amounts, bogging down my system resources on a shared server. Every single night from between 12AM until around 5AM my site was unavailable due to the attacks. It got pretty intense, and I'd say my host was probably tired of trying to deal with some of it (
they had to temporarily suspend the site a few times to stop the bot access from taking down other sites on the server).
I searched the forums here. So, this is my current set-up that has reduced the spambots by a tremendous amount:
- Enabled the Q&A spambot countermeasures on registration plugin
- My forum required 18+ age restriction so I just used that as a part of registration as well. It isn't foolproof from some of the spambots but has helped so my question is: "Answer this question truthfully with only one English word. All viewers and members on our site are required to be biologically 18 years old or older. Are you 18+ today?:"
- I installed the extension Stop Forum Spam (3.1.x) (3.2.x)
- I downloaded and installed a php security script called ZB BLOCK
So far, I've seen a lot of positive results. The only issues I've had with the above are:
- The Q&A plugin is, again, not fool-proof and some of the bots (generally the Russian-based ones, for whatever reason) did eventually learn how to answer it appropriately.
- I made an account on the StopForumSpam site to help them out and send my data over when a bot was blocked. Somehow my I.P. there got listed as a spammer as well. I had to work that out by sending four e-mails into that team and explaining the situation. It didn't prevent me from using the extension but it personally concerned me. All was worked out but I am still clueless as to how I was marked as spamming.
- ZBBlock was incredibly easy to install and minorly tweak after I read the guide, but instantly banned the Tapatalk third-party access from the site. It ended up being a very, very good thing (it turns out that they were leaving some access scripting open that was also hogging server resources and creating attack vulnerabilities) but took a bit to work out well. Some members were banned from the server just by accessing the site through Tapatalk so I had to request they remove our site from their database. They were quick, and I just purged the ban-file to start over with ZBBlock. So...no Tapatalk but yay for a happier server.
I've not had any more attacks after ZBBlock ran it's course for about 48 hours. Instead of getting 15+ "contact admin" spam messages a day I get about 2. Spambot registration has been at an all-time low for my site, and even when they somehow do get to register they are usually instantly banned by the StopForumSpam extension at this point. The site has not had to be suspended due to spambot attacks and the server resources haven't been exceeded at all. This has been a positive change ongoing for about 2 months now so I'm fairly pleased at the current state.