1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.
  2. Better Analytics for WordPress Get It Free

phpbb spam

Discussion in 'phpBB' started by siraxi, Feb 9, 2006.

  1. #1
    Hello

    I have a phpbb forum with 5000+ posts. Recently I noticed many new members with spammy usernames such as user_63653290 or user_28765309 or other variations.
    They don't post, just have profiles with links to porn, poker or pharmacy websites.

    Could someone explain me what can I do to protect my forum from them?

    Could I quickly delete them from the MySQL database using phpMyAdmin?
     
    siraxi, Feb 9, 2006 IP
  2. Mystique

    Mystique Well-Known Member

    Messages:
    2,556
    Likes Received:
    88
    Best Answers:
    2
    Trophy Points:
    145
    #2
    Looks like an automatic script creating such users as a variant of the activity performed targeting guestbooks and blogs.

    I have not that much experience with phpBB but I figure out is similar to invision where the profile of those user_XXXX says the IP where they come from.

    Grab those IP's and block them; once again invision has an option to do this so it maybe something similar in phpBB or you can block them through Cpanel or another script included in your main index.php if your hosting has another type of control panel. Another option is do it manually through the .htaccess file.


    Once you have blocked them go to phpMyAdmin and from the members table (or users) check the boxes of those registries you want to get rid of and you are done.

    Do not forget to run optmize all the tables at the end of the task
     
    Mystique, Feb 9, 2006 IP
  3. Cristian Mezei

    Cristian Mezei Notable Member

    Messages:
    3,332
    Likes Received:
    355
    Best Answers:
    0
    Trophy Points:
    203
    #3
    Just put a captcha module in PhpBB , for users to type some letters/numbers at registration.

    That should keep out robots.
     
    Cristian Mezei, Feb 9, 2006 IP
  4. just-4-teens

    just-4-teens Peon

    Messages:
    3,972
    Likes Received:
    168
    Best Answers:
    0
    Trophy Points:
    0
    #4
    bann the ip, email addreess used and there delete their account, it can be hard work but will eventually stop.
     
    just-4-teens, Feb 10, 2006 IP
  5. Seiya

    Seiya Peon

    Messages:
    4,666
    Likes Received:
    404
    Best Answers:
    0
    Trophy Points:
    0
    #5
    You can disable users having links to websites too :)
     
    Seiya, Feb 10, 2006 IP
  6. yfs1

    yfs1 User Title Not Found

    Messages:
    13,800
    Likes Received:
    922
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Or just make it so you have to have 3 posts to have live links so you don't punish existing members
     
    yfs1, Feb 10, 2006 IP
  7. mdvaldosta

    mdvaldosta Peon

    Messages:
    4,079
    Likes Received:
    362
    Best Answers:
    0
    Trophy Points:
    0
    #7
    I've got a hidden variable on the registration form that only gets submitted when someone fills the form out by hand. 99% of those spam registrations submit the variables without actually filling out the form. For the other 1% that have software actually filling out the form, I've removed the website input box so that you have to go into your profile after you register to add it. I still get an occasional 1%'er but they don't get their website link. Also, it seems that almost all of those were coming from the same email domain so after blocking registrations with that email address I haven't gotten any in a couple weeks.

    But, prior to taking these steps I was getting 5-10 spam registrations per day.
     
    mdvaldosta, Feb 10, 2006 IP
  8. BryceW

    BryceW Active Member

    Messages:
    139
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    55
    #8
    You can just switch on "Visual Confirmation" from the Configuation panel. It forces the user to type in a letter/number combination. If those signups were done by real people then it wont help, but if it was by bots (which im sure it is) it should stop them.
     
    BryceW, Feb 27, 2006 IP
  9. seolion

    seolion Active Member

    Messages:
    1,495
    Likes Received:
    97
    Best Answers:
    0
    Trophy Points:
    90
    #9
    Have you tried word censors? That too can be found in the admin control panel.

    I am using a mod called 'cspam' which will insert nofollow to outbound links in the post. This along with word censors can help a bit.
     
    seolion, Feb 27, 2006 IP
  10. alchemy

    alchemy Peon

    Messages:
    20
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #10
    I did a search for vulnerabilitys of popular php based forums on secunia.

    phpbb is ranked worst for vulnerabilitys in free forums.
     
    alchemy, Feb 27, 2006 IP
  11. Ivan10

    Ivan10 Guest

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #11
    exactly! And anti-spam protection is weak if you are using the default installation.
    Those who run phpBB-driven boards can pass thefree security check here: http://www.phpbb-security.com/check.php to know how secure they are.
     
    Ivan10, Mar 3, 2006 IP
  12. RectangleMan

    RectangleMan Well-Known Member

    Messages:
    2,825
    Likes Received:
    130
    Best Answers:
    0
    Trophy Points:
    160
    #12
    Interesting link. My site has a 0. Personally I have found phpbb to be fairly secure as long as you update it. It doesn't take a genious to figure that out.
     
    RectangleMan, Mar 3, 2006 IP
  13. Ballz

    Ballz Peon

    Messages:
    649
    Likes Received:
    20
    Best Answers:
    0
    Trophy Points:
    0
    #13
    banning ip is useless.... get some good captha... prolly real long ones.. that shud deter them
     
    Ballz, Oct 5, 2006 IP
  14. Gunther

    Gunther Peon

    Messages:
    27
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #14
    some captchas are already useless. i got the idea to insert a invisible form into your source. that is only seen from robots. the users won't type in data. the robots will. so you can check if it is a robot signin up or a human. additionally you can install a time check.. for signups under 3 seconds you suppose robots
     
    Gunther, Oct 5, 2006 IP
  15. aditya_sfs

    aditya_sfs Peon

    Messages:
    2,272
    Likes Received:
    388
    Best Answers:
    0
    Trophy Points:
    0
    #15
    The best way is open the registration template file and delete the website field so that users arent able to specify websites during registration... also enable image validation.

    Both are enough to fight spam
     
    aditya_sfs, Oct 7, 2006 IP
  16. snjomann

    snjomann Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #16
    I haven't received a single spam message for two months, since I modded my forum. Before that I received 4-5 a day.

    The mod is simply to change the captcha, and instead of the letter/digit code ask a simple question. For example, "What is the opposite of Antarctica?", or a question related to your product/theme. No bot has cracked it yet, and if they do, I simply change the magic question.

    vikjavev.no/highslide/forum
     
    snjomann, Jan 12, 2007 IP
  17. MattKNC

    MattKNC Peon

    Messages:
    2,580
    Likes Received:
    108
    Best Answers:
    0
    Trophy Points:
    0
    #17
    No one can access my PHPBB forum without getting approved by me first. I get about 20 spammy sign ups per day and most are spam. I simply spend a few minutes per day deleting the fake accounts and that is that.
     
    MattKNC, Jan 12, 2007 IP
  18. olpa

    olpa Guest

    Messages:
    3
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #18
    Recently I wrote "phpBB Antispam HOWTO" (use Google to find it). It's a bit biased to my phpBB mods, but has step-by-step instructions for impatient, and links to further reading and megabytes of discussions.

    In short: I think the problem of phpBB spam is solved by the community. With my suggestions, you need only few minutes to protect your phpBB forum. Enjoy!
     
    olpa, Jan 19, 2007 IP
  19. Trisha

    Trisha Peon

    Messages:
    428
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #19
    I have recently installed phpbb and this morning a number of objectionable spam emails were sent out apparently from my website. Could this be anything to do with the forum? Any ideas on what to do about it please? This has happened once before when I was testing an ecard script.
     
    Trisha, Jan 20, 2007 IP
  20. olpa

    olpa Guest

    Messages:
    3
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #20
    Unluckely, unless your phpBB forum is of an old version.
     
    olpa, Jan 20, 2007 IP