How to Stop Spammers from Overrunning Your Newly Created PhpBB Forum

by Jerry Dickinson

So, you've been wanting to start an online forum of your own, and after looking through and testing a few different forum softwares, you decided to just use the trusty ol' phpBB forum software.  Sometimes this is easy to do, since many times this forum software is included in the extras presented by your hosting provider, that you can install on your site, simply through one-click installation, no downloading and uploading to your site required.

And after doing so, you set up all the different categories and subforums on your phpBB forum.  How satisfying!  Now all you need is people to come register and make it a pleasant place. 

After some days, suddenly you see a lot of signups.  Excellent! you think.

However, soon you will realize these new signups have usernames like "outfigjuimi", "intoruroshatt", "asdfgt27t", and whatever non-sensical things.  Some of them have more sensible names, but it seems there's no difference in what they are - spambots, out to spam rubbish on your forum, posting in the completely wrong categories, and sometimes posting multiple times in a short period of time.  Before you know it, your forum looks like a weed garden of irrelevant rubbish.   

These spambots register on forums all over the internet, with the sole intention of spamming.  Some of them lay dormant without posting, until they either post or not, because even if they don't post, in their forum profile they still have their websites linked to, and of course all these links on all these profiles all over the internet increase their rankings in search engines.  

How to have less spam? 

Firstly, you need to have as little as possible automated spambots successfully registering.  To do that, here's what you need to do: 

1.  Log into your forum under your own admin username. 

2.  At the bottom, you will see a link to log into the Administration Control Panel.  Log into it.  You'll need to reprovide your username and password. 

3.  In the "General" Tab, under "Board Configuration", you'll see a heading "Spambot Countermeasures".  Go there. 

4.  Here you will see "Available Plugins".

Now, under this heading you will see Q & A, GD 3D image, Simple Image, GD Image and reCaptcha. 

Now for some reason, if you use those, it seems it should work to combat automated spammer registrations, but it doesn't...

Now for some reason, if you use those, it seems it should work to combat automated spammer registrations, but it doesn't.  Q & A means they have to answer a question you specify, like what is 1 + 3.  The other methods have letters that seem jumbled up or are on a "3D" surface, probably meant so that automated software can't read it.  However, it seems spambots have long cracked all these methods, because even with those activated the spambots still come. 

So, what will work?

5.  Choose reCaptcha.  You will need a Google account to use it.  If you already have a Google account, you can register easily by just clicking once or thrice.  Now you can use the reCaptcha. 

reCaptcha is currently the only spambot countermeasure that seems to have any effect in reducing automated spambot registrations.

When reCaptcha is set up, click Submit.  

6. Now, on your Administration Control Panel page's very lefthand menu, where you selected "Spambot Countermeasures", still under the heading "Board configuration", you now select "User registration Settings".  

Under User Registration Settings you should see Account Activation, with settings to select that confirmation be done either by the user, the admin, or to have no confirmation email sent.  Here, select "By User".  (You may also select "By Admin" here, so that you will be sent an email everytime someone registers and you can click a link to activate the user, or not click to activate them if they seem iffy from their profile.  However, you may start to get irritated with all the activation emails coming in.)

Click Submit. 

Now you should get anything from very little to no spambot registrations, as all registrations will have to be done manually by prospective forum members.  Of course some of them may still be real human spammers or just register and then use automated software to post, but at least because of this extra effort on their part, you will see a dramatic reduction in auto-spammers on your phpBB forum.

It won't be perfect and you still will get maybe one or two spam posts on your forum a day, but nothing you can't easily delete and ban the offending member.  If it becomes irritating for you, maybe you should just bugger the forum altogether, for it can be a pain in the butt to keep clean.  Maybe it's just not you.  But maybe you still find it worth it.    

Let's also hope that you didn't have too many spambot members that slipped in already before you activated reCaptcha, but if there are, just delete those members and their posts whenever they pop up by clicking "Administrate User" on their profiles and selecting "Delete Posts" under "Delete User" and clicking Submit.  Before long you should have most if not all spambot members deleted. 

Viola!  Your forum should now be a better place for all.  Now let's just hope you don't have too much trouble finding new real people to sign up, which is also something that's becoming more and more difficult.