Hello I have a phpbb forum with 5000+ posts. Recently I noticed many new members with spammy usernames such as user_63653290 or user_28765309 or other variations. They don't post, just have profiles with links to porn, poker or pharmacy websites. Could someone explain me what can I do to protect my forum from them? Could I quickly delete them from the MySQL database using phpMyAdmin?
Looks like an automatic script creating such users as a variant of the activity performed targeting guestbooks and blogs. I have not that much experience with phpBB but I figure out is similar to invision where the profile of those user_XXXX says the IP where they come from. Grab those IP's and block them; once again invision has an option to do this so it maybe something similar in phpBB or you can block them through Cpanel or another script included in your main index.php if your hosting has another type of control panel. Another option is do it manually through the .htaccess file. Once you have blocked them go to phpMyAdmin and from the members table (or users) check the boxes of those registries you want to get rid of and you are done. Do not forget to run optmize all the tables at the end of the task
Just put a captcha module in PhpBB , for users to type some letters/numbers at registration. That should keep out robots.
bann the ip, email addreess used and there delete their account, it can be hard work but will eventually stop.
I've got a hidden variable on the registration form that only gets submitted when someone fills the form out by hand. 99% of those spam registrations submit the variables without actually filling out the form. For the other 1% that have software actually filling out the form, I've removed the website input box so that you have to go into your profile after you register to add it. I still get an occasional 1%'er but they don't get their website link. Also, it seems that almost all of those were coming from the same email domain so after blocking registrations with that email address I haven't gotten any in a couple weeks. But, prior to taking these steps I was getting 5-10 spam registrations per day.
You can just switch on "Visual Confirmation" from the Configuation panel. It forces the user to type in a letter/number combination. If those signups were done by real people then it wont help, but if it was by bots (which im sure it is) it should stop them.
Have you tried word censors? That too can be found in the admin control panel. I am using a mod called 'cspam' which will insert nofollow to outbound links in the post. This along with word censors can help a bit.
I did a search for vulnerabilitys of popular php based forums on secunia. phpbb is ranked worst for vulnerabilitys in free forums.
exactly! And anti-spam protection is weak if you are using the default installation. Those who run phpBB-driven boards can pass thefree security check here: http://www.phpbb-security.com/check.php to know how secure they are.
Interesting link. My site has a 0. Personally I have found phpbb to be fairly secure as long as you update it. It doesn't take a genious to figure that out.
some captchas are already useless. i got the idea to insert a invisible form into your source. that is only seen from robots. the users won't type in data. the robots will. so you can check if it is a robot signin up or a human. additionally you can install a time check.. for signups under 3 seconds you suppose robots
The best way is open the registration template file and delete the website field so that users arent able to specify websites during registration... also enable image validation. Both are enough to fight spam
I haven't received a single spam message for two months, since I modded my forum. Before that I received 4-5 a day. The mod is simply to change the captcha, and instead of the letter/digit code ask a simple question. For example, "What is the opposite of Antarctica?", or a question related to your product/theme. No bot has cracked it yet, and if they do, I simply change the magic question. vikjavev.no/highslide/forum
No one can access my PHPBB forum without getting approved by me first. I get about 20 spammy sign ups per day and most are spam. I simply spend a few minutes per day deleting the fake accounts and that is that.
Recently I wrote "phpBB Antispam HOWTO" (use Google to find it). It's a bit biased to my phpBB mods, but has step-by-step instructions for impatient, and links to further reading and megabytes of discussions. In short: I think the problem of phpBB spam is solved by the community. With my suggestions, you need only few minutes to protect your phpBB forum. Enjoy!
I have recently installed phpbb and this morning a number of objectionable spam emails were sent out apparently from my website. Could this be anything to do with the forum? Any ideas on what to do about it please? This has happened once before when I was testing an ecard script.