As anyone who runs an online community knows, spammers are getting more and more sphisticated at spamming forum systems. Seems that ruining our email enjoyment isn’t enough for these people, they have to try to peddle their cheap watches, drugs, porn and instant diplomas on our forums too. At one time, just disabling anonymous posting and requiring email activation was enough to get rid of most of them, but now they of course automate the process using fly-by-night free email accounts - the current favorite is web.de it seems, although Russian free email providers were the favorite before that. Captchas helped deal with that for a bit, but it’s now pretty common for spammers to use image recognition systems to defeat the weaker ones. It’s a constant battle.
I’ve generally avoided modding phpBB too much since a year or two ago there were a number of security problems with it, and modding the system made it harder to keep up with fixes. Luckily phpBB has been a lot more stable security wise lately, just as our small army of moderators started to find that the number of spammers getting through the standard phpBB defenses was becoming untenable. So late last week I carefully reviewed, tested and installed a number of mods to help with the fight. For anyone who is interested, here’s what we’re now using on the OGRE forum systems to try to keep spammers at bay:
- No guest posting. Obviously.
- Email activation (for what it’s worth, and at least we have a contact email if necessary)
- No entry on the memberlist for accounts with no posts, to prevent lurking linkers
- Anti-spam ACP mod - prevents the use of fields like the web link during signup, until a certain number of posts have been made
- Better captcha - much harder to break than the phpBB standard one
- Admin user list mod - makes it easier to review & delete spammer accounts quickly
We now pass the spammer vulnerability check at http://www.phpbb-security.com so hopefully that will make a difference. Hope those links help someone else who is experiencing forum spam.