I’m starting to have a real problem in my forums. Apparently “midget anal porn” is the hottest new thing. I didn’t think midgets were into that kind of thing but apparently I’m wrong (apologies to any midgets out there). I knew that spam may be a problem on my board but I didn’t think that I would be a target just yet. I only have 16 registered users (including the spam bots). How in the world did they find me? Just like junk mail I figure this problem is only going to get worst since I am now apparently on the list. Does anyone have a solution to this problem?

I am using phpBB. Perhaps a plug-in is out there for this type of thing? Also does anyone know how to get the IP of a user that registered? If I had that then I could ban the subnet.

The first step in fighting against bots is Image Validation. As you probably know, it shows a random string as a part of an image, and the user should re-type it. On my forums (IPB 2.0.0), however, bots somehow manage to overcome this obstacle. The next move is activating e-mail validation. After completing the registration, the user is sent a validation link to the specified e-mail address. That should keep them away.

Unfortunately, some of them DO get through! At least I have that problem. Now, this might be because those aren't actually bots, but rather real people spamming. But whoever it is, there is one possible solution to the problem. I don't know a lot about phpBB, but in IPB, you can hide (disapprove) posts. This is used to hide every first post of a member. That way the spam will be hidden, and you will be able to manually approve all the other posts. I know this isn't very practical, but that's the only idea I have got.

Well worse case scenario you have to start banning ip addresses. But what you do is create a htaccess file banning them through that way.



you can also try invisionize. and see what they have for mods or some other mod site for the forum you use.

Best thing you can do is let your mods and other members report th porn spam and just ban, suspend, block those who do it.

This post has been edited by saint-michael: Nov 9 2006, 06:19 PM

What version of phpbb? 2.2.21 is the latest version (I think).
phpbb3 is in Beta2 right now, so problem might be solved in the new release?
I think the changes you want to make are in the Admin Control Panel of phpbb2 > Board Settings.
Force email registration and make them validate is a good idea, yes. Might even make the Forum fully private in the settings.

Check your .htaccess and place a robots file on your account, too. Any 'decent', or respectable, bot will check that file before accessing the account files, so if you still have problems, set the Forum folder to deny the problem robots in the robots.txt file, maybe. Look throught the detailed Log Report to find the entries. There should be a record of the Bots accessing the robots.txt file each time they visit. Allow the good ones, deny the others.

Also, I believe if you have Admin privleges for your User, the IP numbers are available, too. There is a small gif with "IP" on it. Top right hand side of the Posting. Click on that to view a report of all the IP's the Member has posted from.

I have noticed that this has been an increasing problem lately on some of the forums that I frequent. Apparently bots are getting smarter (and in some cases developing quite a sense of humor )

lol.. i guess you have a bot magnet..

i usually use generated images for verification.. you dont know when you need to block certain access..
dont use splited images.. just draw them on the fly or use voice validation.. [recording of the validation key to be entered]

I know a couple of times bots have been able to post in trap17 hosted section forum which is only access by hosted members and above.

I agree with you foolakadugie the people who are programming these because all the bots have to do is post randomly without the need for the user to type anything.

Like what has been mention all the mods and admin can do is ban and suspend those accounts and delete posts or set up a spam section in your forum and move them there.

If you do that you could get a collective idea what ip numbers to ban and what not.

Hey budy, that truely sucks, i don't understand why you are bieng spammed so early with only 18 members. Maybe its teh content. Try the following link and see what works http://phpbbhacks.com/searchresults.php?ve...p;search_type=1

They have a lot of nice stuff for PHPBB. Hope this helps, i haven't used PHPBB for about a year so i don't can't say much.

I know there are a lot of add-ons for phpBB. Any recommendations?

As a follow up to my question I am posting what I have done to help with the SPAM on my phpBB forum. In the course of my investigation I found that most of the SPAM is not to advertise to my members but to get a better search engine ranking. Below is a list of procedures. I’m not sure if any of these will work; I will eventually give an update.

Update – I updated my phpBB version from 2.0.19 to 2.0.21. There didn’t seem to be any security related fixes for my current problem but it is always a good idea to stay current.

Enabled User Email Confirmation – I should have done this from the very beginning. Under the General Configuration option there is “Enable account activation” which was set to none. By setting this to user, a user will have to verify their email first.

Stop Spambot Registration Mod – (http://www.phpbb.com/phpBB/viewtopic.php?t=435694) This is one of the many mods out there that tries to stop SPAM bots. The comments were pretty good for this one. Basically it displays “do not add any profile information” and if you do then you get canned. This compares with some other mods that have a hidden field for the URL and if they enter it then they get canned (no human would see it anyway). There are some comments that the bots are catching on to this so I will have to just wait and see. Installation was fairly straight forward although I do no use the sub_silver skin and had to modify the skin that I use.

Admin Userlist Mod – (http://www.phpbb.com/phpBB/viewtopic.php?t=117359) This isn’t strictly a SPAM mod but it is a good administrator add-on. It lists all of the users and lets you quickly ban or delete. I think this should have been added a long time ago. Fairly easy to install and no problems.