Then after I had placed these posts in their own new forum iwth the links removed, I did an IP BAN on eall the various IPs they were using. But that wasn't good enough for me so I found a Spam eliminator MOD on the phpBB Hacks site. I downloaded and installed it, and I have since not had any more spam posts in my forums.
The MOD is real ssimple and you only edit one file so it will be included with this post for you to copy and paste so you can prevent this sort of annoyance from happening or stopping it if you are currently getting this type of KRUD on your site. What the program does is add an auth encrypted signature and looks for a post that took more than 5 seconds after the posting area was generated other wise if a post was made within the 5 second time frame (faster than a human) it just shows a preview and not the actual post, so the bot never really posts and you don't ever see it.
Below is the code for both PHP-Nuke with phpBB forums and also the phpBB2 stand alone bulletin board. Hope this help other PHP-Nuke users like it did me!
CODE
#-----[ OPEN ]------------------------------------------
#
posting.php
#
#-----[ FIND ]------------------------------------------
#
$refresh = $preview || $poll_add || $poll_edit || $poll_delete;
#
#-----[ BEFORE, ADD ]------------------------------------------
#
switch ($mode) {
case 'newtopic':
$secretkey = 'f' . $forum_id;
break;
case 'quote': // If we're quoting, we need to determine the topic ID
$sql = 'SELECT topic_id FROM ' . POSTS_TABLE . ' WHERE post_id=' . $post_id;
if (!($query = $db->sql_query($sql)))
{
message_die(GENERAL_MESSAGE, 'Could not obtain quoted topic information', '', __LINE__, __FILE__, $sql);
}
if (($row = $db->sql_fetchrow($query)))
{
$topic_id = $row['topic_id'];
}
else
{
message_die(GENERAL_MESSAGE, 'No_such_post');
}
// Fall through to 'reply' case
case 'reply':
case 'vote':
$secretkey = 't' . $topic_id;
break;
case 'editpost':
$secretkey = 'p' . $post_id;
break;
}
// Generate a signature to validate this page
$authkey = md5("nana" . $secretkey . "foofoo");
$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $HTTP_SERVER_VARS['REMOTE_ADDR']);
$timekey = md5("time" . $secretkey);
$timepad = preg_replace('/[^0-9]/', '', $HTTP_SERVER_VARS['REMOTE_ADDR']) + 0;
$timeval = time() ^ $timepad;
// Check the signature - if this is a submit which doesn't jive with the above, turn it into a preview
if ($submit && (!isset($HTTP_POST_VARS[$authkey])
|| $HTTP_POST_VARS[$authkey] != $authval
|| !isset($HTTP_POST_VARS[$timekey])
|| ($HTTP_POST_VARS[$timekey] ^ $timepad) > time() - 5))
{
$submit = false;
$preview = true;
}
#
#-----[ FIND ]------------------------------------------
#
// Generate smilies listing for page output
generate_smilies('inline', PAGE_POSTING);
#
#-----[ BEFORE, ADD ]------------------------------------------
#
// Insert our signature into the form
$hidden_form_fields .= '<input type="hidden" name="' . $authkey . '" value="' . $authval . '">';
$hidden_form_fields .= '<input type="hidden" name="' . $timekey . '" value="' . $timeval . '">';
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
#
posting.php
#
#-----[ FIND ]------------------------------------------
#
$refresh = $preview || $poll_add || $poll_edit || $poll_delete;
#
#-----[ BEFORE, ADD ]------------------------------------------
#
switch ($mode) {
case 'newtopic':
$secretkey = 'f' . $forum_id;
break;
case 'quote': // If we're quoting, we need to determine the topic ID
$sql = 'SELECT topic_id FROM ' . POSTS_TABLE . ' WHERE post_id=' . $post_id;
if (!($query = $db->sql_query($sql)))
{
message_die(GENERAL_MESSAGE, 'Could not obtain quoted topic information', '', __LINE__, __FILE__, $sql);
}
if (($row = $db->sql_fetchrow($query)))
{
$topic_id = $row['topic_id'];
}
else
{
message_die(GENERAL_MESSAGE, 'No_such_post');
}
// Fall through to 'reply' case
case 'reply':
case 'vote':
$secretkey = 't' . $topic_id;
break;
case 'editpost':
$secretkey = 'p' . $post_id;
break;
}
// Generate a signature to validate this page
$authkey = md5("nana" . $secretkey . "foofoo");
$authval = md5($HTTP_SERVER_VARS['HTTP_USER_AGENT'] . $secretkey . $HTTP_SERVER_VARS['REMOTE_ADDR']);
$timekey = md5("time" . $secretkey);
$timepad = preg_replace('/[^0-9]/', '', $HTTP_SERVER_VARS['REMOTE_ADDR']) + 0;
$timeval = time() ^ $timepad;
// Check the signature - if this is a submit which doesn't jive with the above, turn it into a preview
if ($submit && (!isset($HTTP_POST_VARS[$authkey])
|| $HTTP_POST_VARS[$authkey] != $authval
|| !isset($HTTP_POST_VARS[$timekey])
|| ($HTTP_POST_VARS[$timekey] ^ $timepad) > time() - 5))
{
$submit = false;
$preview = true;
}
#
#-----[ FIND ]------------------------------------------
#
// Generate smilies listing for page output
generate_smilies('inline', PAGE_POSTING);
#
#-----[ BEFORE, ADD ]------------------------------------------
#
// Insert our signature into the form
$hidden_form_fields .= '<input type="hidden" name="' . $authkey . '" value="' . $authval . '">';
$hidden_form_fields .= '<input type="hidden" name="' . $timekey . '" value="' . $timeval . '">';
#
#-----[ SAVE/CLOSE ALL FILES ]------------------------------------------
