| 12:15 am on Sep 2, 2007 (gmt 0)|
I posted the following introduction a couple of years back, it's a bit out-of-date in places but the basics are still the same (at least for phpBB 2.x, version 3.x is significantly different): phpBB Security Best Practices [webmasterworld.com]
The two key points are: remove the public memberlist completely, and use the "User List" mod to bulk-delete the spammers and get back control over the list.
Once that's done, you will need to strengthen the sign-up process, there are some very good suggestions in this thread: Two Modifications Virtually Eliminate Spam Posts [webmasterworld.com]
phpBB is often targetted due to its ubiquity, but assuming you have installed the latest update, the security issues have mostly been ironed out, you will need to concentrate on removing the footprints which attract the automated spammers.
| 12:02 pm on Sep 2, 2007 (gmt 0)|
Thanks encyclo, very helpful.
My situation is the forum is attached to a family history site. It's very niche and only serves for occasional messages for individuals trying to get information. I installed it so that individuals could talk to each other directly rather than sending me emails which I then had to forward. Unfortunately the spam issue has made it more labour intensive!
I will be shortly moving the web site to a new host, and temporarily have removed the link to the forum (although of course this hasn't stopped bots).
Before reinstalling the forum I need to make a couple of decisions.
If I stay with phpBB it would be best to hide the footprint. Currently the home directory is /forum/. If I changed that to something less obvious, would I be able to restore from a backup from the old forum?
Is there any forum/messageboard software which is really simple (but very secure) which would avoid my getting involved in security mods, etc. It can be really, really, simple. There is no need for sub-forums, email links, member contacts, etc. It's just a message board for occasional use, probably no more than a few threads per month.
Is there anything like that?
| 9:28 am on Sep 8, 2007 (gmt 0)|
There is a phpBB Mod known as the VIP Mod which will completely eradicate all spam registrations.
Here's the link:
It should only take around 10 mins to install.
| 10:24 am on Sep 8, 2007 (gmt 0)|
Thanks. I took a quick look and it seems like a very good idea.
| 5:21 pm on Sep 19, 2007 (gmt 0)|
remove the public memberlist completely
What's the reason for doing this?
| 1:12 am on Sep 20, 2007 (gmt 0)|
Max - by making the memberlist public (eg, visible to guests), you're making all of your members' email addresses visible to guests - making it much easier for spammers to find them.
| 7:35 pm on Sep 24, 2007 (gmt 0)|
Thanks for all of the info.
I was getting a ton of porn spam on an educational forum and it was upsetting many users.
I just implemented the mod where you can not post urls or images until you have made 10 legit posts or have been an active member for 7 days.
It seems to be working really well so far. If not I might have to adjust the days and number of posts.
| 1:46 am on Sep 25, 2007 (gmt 0)|
When moving to the new host, you might want to consider using something simpler. Even a lot of blogging programs would give you what you need. Check out opensourcecms.com for a number of options for blogs and simpler forum set-ups. Not that those aren't capable of being spammed, but as encyclo mentioned, you're now using a program that a lot of spammers have right in their crosshairs.
[edited by: Beagle at 1:50 am (utc) on Sep. 25, 2007]