|Simple Machines Forum: How to Stop Spam/Spam-Bots?|
Invasion on a new forum...
As I mentioned in another thread, I launched a small forum for one of my more popular sites.
Visitors have started to register and I do have legit threads going, but the invasion has begun!
Not aliens, not foreign nations, but spammers and spam-bots!
I check the boards every few hours and delete spam posts and delete spam accounts.
I have it set up to where a new user must confirm via an email. I see lots of mods for security. Any recommendations on which to use, or what to do to try and fight the spam invasion?
You would have to put some code to rule out the bot factor at least. Both for account registration and post submission. It will ease moderation.
Some basic ways are by using js, session renew and button click verifications so the forms are submitted only by a human. And there are way even with CSS to protect the forms like using a number of invisible buttons surrounding the form one of which is visible and active. Bots cannot tell the difference and automated submission will fail.
For the manual spam submission you could have some code to make any hard link posted into a js wrapper (spiders could not see) so spammers have no incentive messing with your forum.
This is what I'm using, note this is for phpBB and has specific code for phpBB. For example the function get_remote_file is phpBB function. I didn't write it and I got it from this mod. You'd have to modify it and find where you would place it:
global $phpbb_root_path, $phpEx;
include($phpbb_root_path . 'includes/functions_admin.' . $phpEx);
$stop_forum_spam_urls = array(
//'api?username=' . urlencode($data['username']),
//'api?email=' . urlencode($data['email']),
'api?ip=' . $user->ip,
foreach ($stop_forum_spam_urls as $url)
$errstr = $errno = '';
$file = get_remote_file('stopforumspam.com', '', $url, $errstr, $errno);
if ($file !== false)
$file = str_replace("\r\n", "\n", $file);
$file = explode("\n", $file);
$appears = $frequency = false;
foreach ($file as $line)
if (strpos($line, '') !== false && strpos($line, '') !== false)
$start = strpos($line, '') + 9;
$end = strpos($line, '') - $start;
$appears = (substr($line, $start, $end) == 'yes') ? true : false;
else if (strpos($line, '') !== false && strpos($line, '') !== false)
$start = strpos($line, '') + 11;
$end = strpos($line, '') - $start;
$frequency = (int) substr($line, $start, $end);
if ($appears && $frequency >= 3)
$message = $user->lang['ACCOUNT_INACTIVE'];
$message = $message . '' . sprintf($user->lang['RETURN_INDEX'], '', '');
This will check the stopforumspam databas. In this case it's only checking for the IP but you can uncomment the lines for email and username.
In this line you would set the threshold for how frequently the name appears.
($appears && $frequency >= 3)
For phpBB users you in includes/ucp/ucp_regitration.php find:
// Register user...
$user_id = user_add($user_row, $cp_data);
and add the code before it. When a registration that is listed in the database is found the registration will appear to go through but they are never actually added as member and the activation email is never sent.
When you guys find a spammer or spam-bot account, do you "ban" then or delete their account?
I don't delete anything because I want records, spam posts go to the "trash" which is a hidden forum. For example if a moderator bans someone for spamming I can always go back and look if I get a complaint and unban if necessary.