Bots can defeat many captchas. Fortunately there are a number of phpBB mods to that can defeat the bots. A simple mod that asks a question of your choosing is enough to defeat the bots.
Blocking IPs is doable but it's possible to accidentally block Australia and Britain. Blocking the bots should eliminate 99% of your problem. The rest can be blocked as they show up.
There are sites with lists of IPs to block,and software/mods that auto-update according to lists as they're generated by reports submitted by people. I'm not a fan of blacklists because imo all blacklists contain errors. I would rather deal with a trickle of spammers on a case by case basis, banning IPs safely than accidentally block innocent site visitors because a newb submitted a block of legit IPs to whatever blacklist you're relying on.
Blocking IPs is doable but it's possible to accidentally block Australia and Britain
I have come across several cases of people blocking themselves from their own forums. IP blocking needs to be dome with great care.
You will probably always get some manually entered spam, often from people with their first web site who don't realise that this is unacceptable. Requiring forum membership will cut down some of this.
Forget setting up a block of IPs to ban. They will always find a proxy somewhere else. Only block if you have some kind of automated tool which you can leave running else you will be going round in circles.
How many registrations do you get a week? If not many then change to admin authorisation mode.
Do you allow guest posting? Turn it off.
Install one of the captcha mods or wait for phpbb 3.0.6 as this has better captcha options.
Turn off memberlist browsing for guests - this is mostly how the spammers find you in the first place.
>>>If not many then change to admin authorisation mode.
One consideration in the case of a slow forum is that it's better for growth to allow speedier registration. Making users wait can cause people to never return and post because it's easier to find their joy on someone else's forum than sit around waiting for an admin authorization.
I agree about the memberlist and go further. I can't justify a memberlist. In terms of spam reduction and SEO, it's best imo to remove all links to the memberlist then remove the memberlist file altogether. One part of Forum SEO is to remove links to as much as possible that is not rank-worthy content.
I don't think making them wait is that much of problem compared to viewing a forum full of spam postings.
If a site is riddled with spam and offensive postings users are not going to register in the first place.
Besides, with admin authorisation a new user may have to wait a while but they should return when they get an account confirmation email.
How many users sign up, get instant notification and don't visit again. And how many users sign up, forget the site for a few hours or a day and then return when they are 'invited' via a nicely worded confirmation email?
Obviously if a board has dozens of registrations a day then it could be a problem. But if a board has dozens of registrations a day it should have a sufficient team of admins / mods to check registrations.
I can tell you phpbb takes the issue of forum spam seriously, the image captcha in phpbb3 held up for a good year or more and still does to some degree because it can be tweaked. As with any captcha system most are broken eventually because they are always the same.
3.0.6 will implement a captcha plug-in system which will allow authors to make their own captcha system. This will greatly expand the captcha capabilities as there will be numerous options for forum owners and what captcha they want to use. If it gets broken you can plug in a new one that is more effective.
More here: [phpbb.com...]
As far as phpBB's current image captcha make sure you have enabled the GD version. Try tweaking the settings a little.
You don't have to enable admin registration necessarily in phpBB and frankly I don't find it very useful anyway. The better option is to enable the "Maximum post count for queued posts" under post settings. When you set this to X amount all their posts automatically go to the moderation queue which have to be approved before they become public until they reach X amount of posts.
The user can register and make their post, any moderator with permissions can approve it and the user gets an approval or disapproval email. The disapproval email is at the moderators option.
|I agree about the memberlist and go further. I can't justify a memberlist. In terms of spam reduction and SEO, it's best imo to remove all links to the memberlist then remove the memberlist file altogether. One part of Forum SEO is to remove links to as much as possible that is not rank-worthy content. |
This can be set by permissions in phpBB, by default profiles and the memberlist are denied to bots and guests. They still get a page if they go to the URL but it's "You do not have permission". Bots are in a special group, standard links for profiles the memberlist and search page are parsed as plain text or don't even exist. You're actually cloaking to some extent but no one has had any trouble with it as far as I know. I modded my own forum so if they do find a link somewhere they get the correct header whether it's 403 or whatever.
If you want to remove the memberlist or any of those features there really is no sense hacking it out because you can do it through permissions.
Thanks for all your replies. I will look into the options.
When I first started the forum I got hundreds of spam postings. Now it can be about 10 per night. I am not sure how these spammers found the forum it as I haven't publicised it at all and the other forum no longer gets any spam.
If you are running PHPBB2 then the easiest way to do it is to install the hashcash mod from [phpbbhacks.com...]
I found that it stops every spam bot that is able to get through the CAPTCHA, and it is invisible to a human, requiring no interaction.
Add a hidden box to your signup page too, visitors won't enter anything in it and you can insta-ban any bot that does.