Welcome to WebmasterWorld Guest from 126.96.36.199
Forum Moderators: rogerd
1. I use a captcha and also only activate new users personally as the administrator. But I get up to a hundred system-generated emails per day for me to check. The backlog is so great I have given up, which means real users will never get activated. Basically the forum software is straight 'out of the box' with no mods. What would be the most effective thing I can do to prevent spammers getting this far?
2. The member list now has several thousand entries for unactivated spammers, often with links to medi or porn websites. I'm sure this puts off potential users! But I can't find an option to prevent potential users adding a website to their details.
3. Again re the member list. It's impracticable to delete the spam entries one at a time via the admin panel. Is there anything that can help with this?
4. Or is there a forum software that avoids these issues? Would paying for vBulletin or something similar be worth considering?
The two key points are: remove the public memberlist completely, and use the "User List" mod to bulk-delete the spammers and get back control over the list.
Once that's done, you will need to strengthen the sign-up process, there are some very good suggestions in this thread:
phpBB is often targetted due to its ubiquity, but assuming you have installed the latest update, the security issues have mostly been ironed out, you will need to concentrate on removing the footprints which attract the automated spammers.
My situation is the forum is attached to a family history site. It's very niche and only serves for occasional messages for individuals trying to get information. I installed it so that individuals could talk to each other directly rather than sending me emails which I then had to forward. Unfortunately the spam issue has made it more labour intensive!
I will be shortly moving the web site to a new host, and temporarily have removed the link to the forum (although of course this hasn't stopped bots).
Before reinstalling the forum I need to make a couple of decisions.
If I stay with phpBB it would be best to hide the footprint. Currently the home directory is /forum/. If I changed that to something less obvious, would I be able to restore from a backup from the old forum?
Is there any forum/messageboard software which is really simple (but very secure) which would avoid my getting involved in security mods, etc. It can be really, really, simple. There is no need for sub-forums, email links, member contacts, etc. It's just a message board for occasional use, probably no more than a few threads per month.
Is there anything like that?
I was getting a ton of porn spam on an educational forum and it was upsetting many users.
I just implemented the mod where you can not post urls or images until you have made 10 legit posts or have been an active member for 7 days.
It seems to be working really well so far. If not I might have to adjust the days and number of posts.
[edited by: Beagle at 1:50 am (utc) on Sep. 25, 2007]