TIPS and TRICKS
How to stop spam on your phpBB forum
Many webmasters use the phpBB software to run a discussion forum that allows users to interact with each other. PhpBB has many pro's: it's free, offers a good-looking and comfortable interface for users and is relatively easy to install and maintain. Besides, phpBB is so widely used that should you run into a problem, the chances are that someone else has encountered the same issue and the solution is available online. Since the software is - as its name suggests - written in PHP, you can easily alter it to suit your needs by installing third party MODs.
OK, so what are the cons? With the 2-series, the biggest one I can think of is lack of spam protection. Sometimes one can run into issues with users attempting to over-zealously promote their sites, but the main threat is from automated robots. If you're reading this page, you've probably noticed that keeping a standard version 2 phpBB board clean of spam is nearly impossible. If you don't know what I'm talking about, simply install phpBB and put up a few high-PageRank/high-traffic links that point to the forum. It won't take long...
The point of this article is to offer advice to those who run a 2.X.XX-phpBB board on how to stop spam - or at least most of it. So let's get to it. Note that we won't discuss the phpBB 3-series here, as I haven't decided to upgrade my forum to it yet.
Stopping automated link posting on your phpBB
My experience suggests that spam problems originate from two main sources. The first and overwhelmingly worst is robots that post messages containing amazing amounts of links without signing up for an user account. They simply hit boards, hoping that they allow guests to post.
Of course, one way to deal with this is to disable guest posting. However, for many boards, especially lower traffic ones, that's not an option. In order to get posts and traffic, it's a good idea to make posting as effortless as possible. So, how to allow guests to post but keep the unwanted spam out at the same time?
To reach the solution, we have to remember the roots of the problem. Why do spammers spam? They simply want to advertise their product or service, usually by posting links to different websites, but sometimes by posting other contact information such as a phone number. If we can prevent the posting of contact information, we'll prevent the vast majority of spam - but still can allow honest users to post without registering.
My favorite tool to do just this is bbAntiSpam's free Links Rejector. It prevents any guest posts that contain links, phone numbers, e-mail addresses and so on. If any contact details are found, Links Rejector displays a message prompting the user to remove the contact information and resubmit the message. Since robots are not especially bright, they won't do this and the spam never gets sent.
Links Rejector stops something like 99% of spam on my phpBB 2 board. However, to improve effectiveness, in addition to installing Links Rejector I've made two modifications to it that you might also consider adding
- A lot of the spam my forum gets is in Russian. As I have no content in Russian, I filter guest posts for the exotic characters that are typically present in these messages but not in others.
- As my forum is not in English, I check guest posts for common English words such as "and, you, the".
So, contact information, some exotic characters and English language words trigger my spam filter. Result? From >25 spam posts per day to zero. Neither Links Rejector or my mods filter posts from registered users. If someone wants to post links or something else that is forbidden by the filter, they can simply register and do what they want. Guests still have freedom of expression, albeit in a slightly more limited form.
Preventing automated account registration
The arrangements outlined above pretty much take care of the most irritating problem, spam via posting of commercial messages by robots. You'll still see limited amounts of spam, a part of it by humans, but weeding out these individual messages shouldn't be a problem compared to the flood caused by robots. Thus, we can move on to the next issue - robots signing up for accounts.
Preventing automated account registrations is a good idea for multiple reasons. First, it stops spammer robots from bypassing your newly-installed guest posting protection through registering for an account. Second, it gives you a realistic idea on how many members you really have and makes forum maintenance easier. It also diminishes the returns spammers get from their robot-campaigns, making their life a bit harder.
Usually, there are two reasons why spam-robots register accounts. We just covered the first, making posting possible on boards that do not allow guest posting or somehow filter posts made by guests. The second reason is that by default, phpBB allows users to include a link to their site in their profile. This causes spammers to register accounts on thousands and thousands of boards, boosting the PageRank of their sites.
The first thought would be to remove the links from user profiles. Unfortunately, this just removes the rewards of spamming - it won't stop the spam. Many robots aren't smart enough to simply move on, they'll register anyhow. Another negative aspect is that by taking out the links, you're punishing your legitimate users as well.
For this situation, I use another free tool from bbAntiSpam, namely Textual Confirmation. Once it's installed, you can disable the phpBB CAPTCHA, as nearly all robots will be stopped. The idea behind Textual Confirmation is simple. To distinguish robots from humans, a simple question is asked during the registration process. This can be something like "What's the language used on this forum?" or "In the alphabet, which letter comes after A?"
Obviously, the goal is to make a question everyone with a human mind can answer. The question itself might even provide the answer. What is important is that the questions are unique for the site, so that robots can't rely on databases of commonly used questions to provide the answer.
Summing it up
Note that the free versions of both Links Rejector and Textual Confirmation mods automatically send you an E-mail when they stop a spamming attempt. This can get annoying pretty quickly. To prevent it from becoming a problem, sign up for the full version or follow the instructions given here.
Installing the two mods mentioned in this article should pretty much stop the spam your phpBB 2 board gets. The few individual spam messages that will remain can be handled by you and your moderators, in the same way as offensive posts are deleted. This makes it 1-0 in the match between you and spammers, but be on your toes - one never knows what they might come up with next.