Welcome to WebmasterWorld Guest from

Forum Moderators: rogerd

Message Too Old, No Replies

phpBB and spam problem

inundated with registration emails

6:07 pm on Sep 1, 2007 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 21, 2002
votes: 0

I know very little about phpBB, so am hoping someone can help me out. I have four questions.

1. I use a captcha and also only activate new users personally as the administrator. But I get up to a hundred system-generated emails per day for me to check. The backlog is so great I have given up, which means real users will never get activated. Basically the forum software is straight 'out of the box' with no mods. What would be the most effective thing I can do to prevent spammers getting this far?

2. The member list now has several thousand entries for unactivated spammers, often with links to medi or porn websites. I'm sure this puts off potential users! But I can't find an option to prevent potential users adding a website to their details.

3. Again re the member list. It's impracticable to delete the spam entries one at a time via the admin panel. Is there anything that can help with this?

4. Or is there a forum software that avoids these issues? Would paying for vBulletin or something similar be worth considering?

12:15 am on Sept 2, 2007 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
votes: 2

I posted the following introduction a couple of years back, it's a bit out-of-date in places but the basics are still the same (at least for phpBB 2.x, version 3.x is significantly different):

  • phpBB Security Best Practices [webmasterworld.com]

    The two key points are: remove the public memberlist completely, and use the "User List" mod to bulk-delete the spammers and get back control over the list.

    Once that's done, you will need to strengthen the sign-up process, there are some very good suggestions in this thread:

  • Two Modifications Virtually Eliminate Spam Posts [webmasterworld.com]

    phpBB is often targetted due to its ubiquity, but assuming you have installed the latest update, the security issues have mostly been ironed out, you will need to concentrate on removing the footprints which attract the automated spammers.

  • 12:02 pm on Sept 2, 2007 (gmt 0)

    Senior Member

    WebmasterWorld Senior Member 10+ Year Member

    joined:Oct 21, 2002
    votes: 0

    Thanks encyclo, very helpful.

    My situation is the forum is attached to a family history site. It's very niche and only serves for occasional messages for individuals trying to get information. I installed it so that individuals could talk to each other directly rather than sending me emails which I then had to forward. Unfortunately the spam issue has made it more labour intensive!

    I will be shortly moving the web site to a new host, and temporarily have removed the link to the forum (although of course this hasn't stopped bots).

    Before reinstalling the forum I need to make a couple of decisions.

    If I stay with phpBB it would be best to hide the footprint. Currently the home directory is /forum/. If I changed that to something less obvious, would I be able to restore from a backup from the old forum?

    Is there any forum/messageboard software which is really simple (but very secure) which would avoid my getting involved in security mods, etc. It can be really, really, simple. There is no need for sub-forums, email links, member contacts, etc. It's just a message board for occasional use, probably no more than a few threads per month.

    Is there anything like that?

    9:28 am on Sept 8, 2007 (gmt 0)

    Full Member

    10+ Year Member

    joined:Mar 16, 2004
    posts: 283
    votes: 0


    There is a phpBB Mod known as the VIP Mod which will completely eradicate all spam registrations.

    Here's the link:


    It should only take around 10 mins to install.


    10:24 am on Sept 8, 2007 (gmt 0)

    Senior Member

    WebmasterWorld Senior Member 10+ Year Member

    joined:Oct 21, 2002
    votes: 0


    Thanks. I took a quick look and it seems like a very good idea.


    5:21 pm on Sept 19, 2007 (gmt 0)

    Junior Member

    joined:July 5, 2007
    votes: 0

    remove the public memberlist completely

    What's the reason for doing this?

    1:12 am on Sept 20, 2007 (gmt 0)

    New User

    10+ Year Member

    joined:Oct 28, 2004
    votes: 0

    Max - by making the memberlist public (eg, visible to guests), you're making all of your members' email addresses visible to guests - making it much easier for spammers to find them.
    7:35 pm on Sept 24, 2007 (gmt 0)

    New User

    5+ Year Member

    joined:Sept 20, 2007
    votes: 0

    Thanks for all of the info.

    I was getting a ton of porn spam on an educational forum and it was upsetting many users.

    I just implemented the mod where you can not post urls or images until you have made 10 legit posts or have been an active member for 7 days.

    It seems to be working really well so far. If not I might have to adjust the days and number of posts.

    Thanks again.

    1:46 am on Sept 25, 2007 (gmt 0)

    Senior Member

    WebmasterWorld Senior Member 10+ Year Member

    joined:Apr 8, 2005
    votes: 0

    When moving to the new host, you might want to consider using something simpler. Even a lot of blogging programs would give you what you need. Check out opensourcecms.com for a number of options for blogs and simpler forum set-ups. Not that those aren't capable of being spammed, but as encyclo mentioned, you're now using a program that a lot of spammers have right in their crosshairs.

    [edited by: Beagle at 1:50 am (utc) on Sep. 25, 2007]