Hi there, I've started up a phpBB forum and have started to receive spam from China and Latvia. It's currently a small forum with only two moderators, while spam posts average only a few per week it's starting to piss me off. They not only manage to get around phpBB default captcha but also one with my own personal questions, which leads me to think that these spammers may be taking the time to manually sign up. What's the best way to prevent this? I'm contemplating blocking all IPs from these two countries as experience shows me that I had few if any actual players from there (my forum relates to a browser game I created and am reviving); what would be the best method to do this? I am a competent programmer so if anyone could point me in the direction of some PHP or JS libraries that can do the job, I'd be grateful. Cheers.
Yeah, you might block them especially if you think that you probably won't ever have anything relevant. Another thing you should probably do is add a CAPTCHA to the registration process. There are several good options from the PHPBB forums that can probably help you out. PM me if you need help!
Thanks for your comments. I've already tried two variations of captcha. The original obfuscated letters and my own custom question and answers - both have failed!
Hmmm, that's odd... it might be manual but if you are getting a ton of spam, then that's unlikely. It does sound like you need to just ban those IP's that are abusing your forum.
Yea, captcha's not going to help, the spam bots already cracked them all.  What you have to do is customize the registration process somehow.  I'm not too fond of phpbb, personally, I think it's a spam/hack magnet, but there should be some way you can customize the registration, and if you make it custom enough it will trip up most of the spam  bots. Â
Cheers PeterDavis. I've customised the Q&A captcha somewhat. I do actually have my own captcha system I created for blog software I'm working on, so I suppose is this continues to fail I'll have to mod phpBB to use it.
Hey OP. I've received tons of spam on my past PHPBB. I don't know why on PHPBB only, as I've also owned vBulletin and never had the problem. But as soon as I discovered I can set my own Q&A to prevent spam (which I clearly didn't realize before), that solved the problem forever and regained my trust towards PHPBB. I don't now how they're possible getting around your own custom Q&A. Are you creating question and answers such as: Question: What's 22+33? Answer: 55 Cuz the simplicity of that is not gonna cut it when it comes to spam bots. Also, set the registration attempts to 5 or something, cuz I've created bots in the past that scrolled through an array of letters forming thousands of words in a matter of seconds to bypass Q&A spam measures on certain popular sites. If only they'd limit the registration attempts, that would have raped the the bot. Try to make your Q&A complex, such that the answer to a question would most like be a phrase and not a common, short-lettered word. Also, if you're getting tons of spam accounts, obviously someone isn't registering accounts manually per se, but if the person(s) are specifically targeting your site, they can easily check the answer to you question once in PHPBB registration page and code their bot to answer your question correctly. That's what I hate about PHPBB question and answer. It doesn't allow you to create multiple Q&A and have them selected randomly upon registration. Don't know if that changed or there's any plugins. That's the only thing CAPTCHA has over Q&A. Your best bet would be to change to change your COMPLEX Q&A regularly per day, and allow the admin to verify accounts for the while, disallow multiple accounts (several accounts from one IP), and if all fails.... yup, range ban the whole of CHina or wherever the spam originates from, although that should be the last solution IMO. GL raping those spammers!! Oh and to answer your question on range banning a whole country, in PHPBB, just ban the IP's using wild cards (using the * character). For example, if all the spam IP addresses start with 190.32.....then in PHPBB, ban the IP 190.32*.... Cuz IP's from the same area usually start with the same numbers, so any IP starting with those numbers will be banned. But any n00b hacker can get around that. Still worth a try. Put all measures together and see how things go.
I would try to install the MOD sortables. I have used it before and it works wonders for me. Since it takes a bit more effort to solve, it will be harder for the spam bots to get through.
This can help. I installed the MyBB mod on a forum of mine and it dose very good what is supposed to.