In that case I would use the built in Q&A antispam.
Since it's non public If you want a simple way to stop all bots password protect it with .htaccess password. You should be able to do this through your hosting control panel. The user is presented with dialog box before the page loads, you can keep the username and password simple. The browser will store these passwords and they should not be presented with another dialog box unless they clear the browser cache. You can even direct them to HTML page with username and password published they can bookmark for later reference.
Most bots are going to find pages. Is the forum in the root of the domain? Instead of the root did you install in a common directory (e.g. yourdomain.com/forum)? Are you blocking that directory with robots.txt? The downside to robots.txt is rogue bots will utilize it to find things that you don't want indexed. Did one of your users post a link elsewhere?So my question is this.... How do the spammers find the board (they're all typically in Hanoi and using fake eMail addresses)? Is there a "directory" of phpBB boards or is my board advertising it's presence to the world some other way?
To be honest it's in the default install directory for the domain and I get the point about robots.txt too. There's no users registered so far apart from myself and a friend who's testing the board, it's not being linked to by the users. I'm guessing from the first reply that somewhere there's a couple of DNS servers with scripts attached to flag up new DN tables.thecoalman wrote: ↑Tue Aug 17, 2021 8:50 pm Most bots are going to find pages. Is the forum in the root of the domain? Instead of the root did you install in a common directory (e.g. yourdomain.com/forum)? Are you blocking that directory with robots.txt? The downside to robots.txt is rogue bots will utilize it to find things that you don't want indexed. Did one of your users post a link elsewhere?
No. Spam is not a security issue. They are people or bots registering just like a genuine person would. They are not bypassing anything to get in. It's just one of those things that every software with a registraion page has to deal with. It's a constant game of cat and mouse to produce something the bots can't solve.