- Block as much as possible of spammers with DNSBL check, TZ check (UTC-12 trick) and DNS MX check and reduce the number of false positives to Zero (ABM)
- A usefull required custom profile filed to stop some of the spam bots (phpBB3 core)
- Let the newly registered users confirm their e-mail addresses (ADAP - Double Activation)
- Use Admin Activation to verify every successfully registered new user account manually to be sure and to catch human spammers (ADAP - Double Activation).
- ACP User Verify page for single point user verification to activate, disallow, ban or delete newly registered as soon as possible. (ADAP)
- Use Auto user pruning always to have a maintained user database containing always only active users. (ADAP)
- Uninstall or at least disable all CAPTCHAs and all other Anti-Spam MODs you have enabled or installed before. (except ADAP )
- Empty your BAN TABLE, at least the IP address entries and entries like *@mail.ru or *@googlemail.com . !!!
- Install Advanced Block MOD.
- Be sure that you have installed newest version of ABM. To be sure look on author's website.
- Got to ACP -> SERVER CONFIGURATION -> Security Settings and check if Check IP against DNS Blackhole List, Check e-mail domain for valid MX record and Check timezone setting are enabled and if all blocking actions will be added to the block log.
- Got to ACP -> BOARD CONFIGURATION -> Visual confirmation settings and disable visual confirmation for registrations. !
- Now look what will be happen! Take a daily look to the block log for one or two weeks!
=> Most of spambot registrations will be blocked by the UTC-12 trick. A lot of spam bot registrations will be blocked by DNSBL check. Some spam bot registrations will be blocked by DNS MX check. A rare number of spam bot registrations will be done successfully if you have seletcted None for Account activation.
With the topical DNSBL list I haven't noticed any false positives over months on two boards in spammers focus. But if you should get some feedback about it or if you should find false positive entries in the block log please look here: http://www.martin-truckenbrodt.com/cgi/ ... f=48&t=216 .
- Go to ACP -> CLIENT COMMUNICATION -> E-mail settings and check if board-wide e-mail is enabled.
- Go to ACP -> BOARD CONFIGURATION -> User registration settings and select User (or User + Admin if still have installed ADAP) for Account activation.
- Look again what will happen.
=> Some spam bots will register successfully. But they are not confirming their e-mail addresses. So their accounts will not be activated.
Here you can stop if you will have no more spam bot registrations now. In my experience with two spammed boards within the last months now you can stop here!
- Install ADAP
- Go to ACP -> BOARD CONFIGURATION -> Auto prune user settings and set a time period of 1 day for the auto user pruning to enable it. Check if there are set values between 4 or 12 weeks for the settings Prune deactivated users and Prune users which never have been active.
- Look again what will happen.
=> Some or a lot of former successfully registered spam bot accounts will be purged immediately.
=> The successfully registrations that you have noticed above will be deleted now with the set time periods automatically.
- Add a required custom profile field e.g. for the first name. But give the profile field an strange or cryptic internal name.
- Go to ACP -> BOARD CONFIGURATION -> User registration settings and select User + Admin for Account activation. Enable the extended Admin Activation E-mail.
- Look again what will be happen.
=> If your board is quite active sometimes or very often you will get notification e-mails to activate new user accounts.
- Always open the first link from the notification e-mail to get the user verify page directly. With the account details you will see now you can decide if it seems to be a good registration or not.