homepage Welcome to WebmasterWorld Guest from 54.227.182.191
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
phpBB and spam problem
inundated with registration emails
HarryM




msg:3438769
 6:07 pm on Sep 1, 2007 (gmt 0)

I know very little about phpBB, so am hoping someone can help me out. I have four questions.

1. I use a captcha and also only activate new users personally as the administrator. But I get up to a hundred system-generated emails per day for me to check. The backlog is so great I have given up, which means real users will never get activated. Basically the forum software is straight 'out of the box' with no mods. What would be the most effective thing I can do to prevent spammers getting this far?

2. The member list now has several thousand entries for unactivated spammers, often with links to medi or porn websites. I'm sure this puts off potential users! But I can't find an option to prevent potential users adding a website to their details.

3. Again re the member list. It's impracticable to delete the spam entries one at a time via the admin panel. Is there anything that can help with this?

4. Or is there a forum software that avoids these issues? Would paying for vBulletin or something similar be worth considering?

 

encyclo




msg:3438921
 12:15 am on Sep 2, 2007 (gmt 0)

I posted the following introduction a couple of years back, it's a bit out-of-date in places but the basics are still the same (at least for phpBB 2.x, version 3.x is significantly different):

  • phpBB Security Best Practices [webmasterworld.com]

    The two key points are: remove the public memberlist completely, and use the "User List" mod to bulk-delete the spammers and get back control over the list.

    Once that's done, you will need to strengthen the sign-up process, there are some very good suggestions in this thread:

  • Two Modifications Virtually Eliminate Spam Posts [webmasterworld.com]

    phpBB is often targetted due to its ubiquity, but assuming you have installed the latest update, the security issues have mostly been ironed out, you will need to concentrate on removing the footprints which attract the automated spammers.

  • HarryM




    msg:3439169
     12:02 pm on Sep 2, 2007 (gmt 0)

    Thanks encyclo, very helpful.

    My situation is the forum is attached to a family history site. It's very niche and only serves for occasional messages for individuals trying to get information. I installed it so that individuals could talk to each other directly rather than sending me emails which I then had to forward. Unfortunately the spam issue has made it more labour intensive!

    I will be shortly moving the web site to a new host, and temporarily have removed the link to the forum (although of course this hasn't stopped bots).

    Before reinstalling the forum I need to make a couple of decisions.

    If I stay with phpBB it would be best to hide the footprint. Currently the home directory is /forum/. If I changed that to something less obvious, would I be able to restore from a backup from the old forum?

    Is there any forum/messageboard software which is really simple (but very secure) which would avoid my getting involved in security mods, etc. It can be really, really, simple. There is no need for sub-forums, email links, member contacts, etc. It's just a message board for occasional use, probably no more than a few threads per month.

    Is there anything like that?

    PeteM




    msg:3444884
     9:28 am on Sep 8, 2007 (gmt 0)

    Harry,

    There is a phpBB Mod known as the VIP Mod which will completely eradicate all spam registrations.

    Here's the link:

    [phpbb.com...]

    It should only take around 10 mins to install.

    Pete

    HarryM




    msg:3444897
     10:24 am on Sep 8, 2007 (gmt 0)

    Pete,

    Thanks. I took a quick look and it seems like a very good idea.

    Harry

    Maxnpaddy




    msg:3455132
     5:21 pm on Sep 19, 2007 (gmt 0)

    remove the public memberlist completely

    What's the reason for doing this?

    Oldiesmann




    msg:3455527
     1:12 am on Sep 20, 2007 (gmt 0)

    Max - by making the memberlist public (eg, visible to guests), you're making all of your members' email addresses visible to guests - making it much easier for spammers to find them.

    ddmedia




    msg:3459487
     7:35 pm on Sep 24, 2007 (gmt 0)

    Thanks for all of the info.

    I was getting a ton of porn spam on an educational forum and it was upsetting many users.

    I just implemented the mod where you can not post urls or images until you have made 10 legit posts or have been an active member for 7 days.

    It seems to be working really well so far. If not I might have to adjust the days and number of posts.

    Thanks again.

    Beagle




    msg:3459798
     1:46 am on Sep 25, 2007 (gmt 0)

    When moving to the new host, you might want to consider using something simpler. Even a lot of blogging programs would give you what you need. Check out opensourcecms.com for a number of options for blogs and simpler forum set-ups. Not that those aren't capable of being spammed, but as encyclo mentioned, you're now using a program that a lot of spammers have right in their crosshairs.

    [edited by: Beagle at 1:50 am (utc) on Sep. 25, 2007]

    Global Options:
     top home search open messages active posts  
     

    Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
    rss feed

    All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
    Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
    WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
    © Webmaster World 1996-2014 all rights reserved