phpBB3 spam annoys me

The past few days I think I've uninstalled and reinstalled a phpBB3 bulletin board about 30 billion times... ok, 30 billion may be an exaggeration, but you get the idea. A while back I decided I wanted to start a forum to sit under the main site of my pet project Guitar FX Depot. To be honest, the forum had not shown signs of becoming overwhelmingly popular (there were only around 10 legitimate members), but it was functional.

Beginning about a week ago I noticed that the forum was getting a decent number of new members joining on a daily basis. Great, I thought... until I looked more carefully. All the new members appeared to be spammers, either bots or real people, I couldn't figure it out. The board had been live for quite a while without issue, then all of a sudden, whammy! All of a sudden I had members with names like "OnlineViagraSales" and "brxdftoqs", some of whom were posting stuff that would make the average person blush, while others not posting at all.

Seeing as though I hadn't been able to figure out how to mass delete members, I tried installing some anti-SPAM mods and ended up screwing up the board. Much head scratching, and many installs later the board is back, but all posts and member data has been whipped. The one positive out of all of this is that I discovered, albeit a little too late, that I could install and run AutoMOD which made installing phpBB3 mods a whole lot easier. If you are running a phpBB3 board and haven't already, I'd recommend installing AutoMOD, as it makes installing mods so easy even I can do it.

Now, I just need to find a decent anti-SPAM mod and I can start rebuilding. GRRR! I hate spammers.

EDIT (17 JUNE 2009): I've closed comments on this post due to the large volume of SPAM it seems to be attracting. Is it ironic that a post about SPAM attracts so much SPAM? Or has Alanis Morrisette destroyed my comprehension of irony?

22 Comments on phpBB3 spam annoys me

  1. It is an ongoing problem with forums…

    Although nothing I know of can really secure forums against that kind of stuff, I have seen people set up an entire category on the forum for “Post your advertisements here” …

    I imagine it would reduce some spam from humans going to disruptive categories… Plus it can give people who are actually good members a legit place to post a referral link for a good deal or something…

    There’s got to be a way to make spammers battle against each other or him/herself… A.k.a. the Akido Martial Art!

  2. Are you serious?

    I have the exact same problem. My phpBB3 installations – yes, many! – have gone mad with spam, spam and spam. I have gone through the same steps as you, re-installed a million times – to no avail.

    For some reason it all started, all of a sudden, on the 1st of February 2009 – I never had any forum spamming problems before that and I never even knew spambots could get past CAPTCHA until now! This is unbelievable.

    My SMF (Simple Machines Forum – forums have been fine though; it seems they are attracted to phpBB3 more than others, possibly because of a poor setup of some kind related to user confirmation – or not at all.

    The next revision of phpBB3 better include an extremely powerful built-in anti-spam package that will have either much more effective CAPTCHA or Textual Confirmation including simple mathematics like on this commenting system – I got asked “Do the math – Spam protection: Sum of 1 + 9?” – Answer is obviously 10, so that is what you enter to confirm that you are human, to be allowed to post. Even thought bots can calculate math much faster than us humans, it still isn’t smart enough to read such sort of authentication.

    If anyone is going through spam on their forums… I know how you feel!

  3. Thanks for the comments Milos. I’m hoping the next version of phpBB3 really tightens up the security issues. Until I can be a little more confident though I think I’ll continue to leave the board disabled.

  4. I know if I had a specific way to spam PHPBB boards, I’d write a web spider program to automatically seek out PHPBB boards, but I’d need code in those boards which tells me which forum and which version it’s running. By default, most forums have the name of the forum and version number at the bottom, and I’m assuming somewhere in the meta tags too. Some forum creators don’t want you removing that info either… I’m not sure about phpbb though.

  5. Thanks for the AutoMod info! I’m suddenly getting a flood of spam from bots that manage not to trigger the “new messages” info when I log on – I have to manually check the forums or wait until I get the subscription notification – which is quite delayed. V. frustrating.
    A mass delete feature would be GREAT.

  6. I’m surprised that I haven’t found a mass delete mod yet. If I knew what I was doing I’d try and do one myself, but phpBB is a bit of a mystery to me at the moment.

  7. Hey.. As a fairly new site owner, and a phpBB3 operator, I have been getting the EXACT same hits as ya’ll.. And yah. there bypassing all my notifications and such.. I’ve gotten so used to it now that I have actually bookmarked my “Prune Users” and leave myself logged in lol.. The whole idea of a math equation instead of captcha is great.. I have actually made a forum JUST FOR the spammers.. Kinda sad, but it works.. You can start banning IP’s too.. Mine all are coming in from Russia and Romania, so I just ban the whole block of addresses registered to whoever the IP is.. Have dramatically cut down on the ghost posts.. 🙂

  8. Excellent site and I am really pleased to see you have what I am actually looking for here and this this post is exactly what I am interested in. It’s taken me literally 2 hours and 19 minutes of searching the web to find you (just kidding!) so I shall be pleased to become a regular visitor 🙂

  9. OMG, February 2009!? Dude, the first of AMV-Canada’s forum spam is on February 14th 2009, and we’ve had it up since summer 2008, with no spam at all.

    There’s definitely something going on here, that February thing isn’t mistery. Please, please, update if you find anything.

  10. it’s bloody annoying isn’t it! Started happening for me about early Feb too. The last 2 weeks it’s become plague proportions. The only mass-delete I know of is going into your database and finding the users table. I look for records of registrants with a different time zone and tick those record boxes and hit the delete link in phpMyAdmin.

    Because nearly all my users are local and I don’t care if I delete the occasional overseas visitor by accident – I think I need to investigate doing a block IP address ban. Not tried that yet.

  11. Oh dear – what’s with the advertising links that are added to key phrases in the comments? Nasty.

  12. It’s advertising, it’s actually not that uncommon. Pays a lot apparently.

    Anyway, I got this wonderful page:

    And I’ve installed the two mods validated by the PHPBB Mod Team. That is, Advanced Visual Anti Bot
    and Anti Bot Question

    Very useful, the first is an enhanced captcha with a random background image you can customize to your desire, and the second is the famous user-set question/answer. That one’s very efficient for bots since it’s unpredictable, you make it anything you want. You could even make it something hard to figure out for non-english (or any language you use) speakers, example, Russians (sorry for the authentic Russians out there that do not spam).

    Anyway, just tried these on my forum and haven’t received a single spam yet, ‘been half a day. I’ll keep you updated on its efficiency.

  13. Pacoup, I found that PHPBB3 thread today too. I’ve added the custom profile questions and hopefully that will get most of the bogus registrations before I need to do the next step and add mods.

    Advertising… well I’m one of those strange people that don’t care for extra revenue at the cost of a good old-fashioned clean website. And there’s advertising and there’s advertising. Links that are totally erroneous to the context of the sentence or article you are reading just make using the internet so irrelevant for me.

  14. What’s worse. Since posting on this site, I’m now receiving spam at that email address. Nice pickle – not.

  15. lol really, spam? I think Gmail has great spam filters though.
    My father had a really spammed account and it got rid of all of it without false positives. It’s just that his junk box gets 120+ junk mails per day…

    Anyways, I’m totally right with you, too much advertising is just too much. That’s why I don’t use those in-page link advertising solutions on my site, just regular Google ads.

    But hey, when you run your business with advertising, example, Engadget, you really don’t have a choice. (well, you do for the in-line text ads, but I mean, not for having ads or not)

  16. @pixelmama – you think you are getting spam because you posted a comment here? Don’t know how that’s possible seeing as though email addresses don’t get published. Sounds like a weird coincidence.

  17. :S it was a pun – a sort-of joke. Yous have a good sense of humour and better to hang on to that – not worry about it. Spam – yeah probably a coincidence then. Advertising is spam too. A one-way conversation. 2-way is good – like this. I see black, you see white… somewhere in the middle is gray – we learn something. It’s good. I once read that the background to “rapping” was that in some african cultures men from different tribes fought it out by “out-retorting” each other – thus over years the battle of witty come-backs was developed. People got to say what they needed to say, and be heard. Many things were resolved before it came to blows – no sticks and stones. AND I’m happy to report there no more bogus registrations on my forum. Woohoo!

  18. I’m seriously considering ditching my forum seeing as though I’m not getting the time to keep it under control. Might try using SMF instead.

  19. As for you guys that have problems with the spammers, I had it as well. Mention how I can say “had”.

    What I did was completely disable registrations. Well this is a very dramatic option. But for you that have some dev skills, read on.

    I went through all the code of the registration page, and made one myself. I coupled the registration to the registration to the site. Which made me have 2 things by these spammers:

    1) my site registration (completely custom) was coupled to the board one, which is great since only 1 signup is required.
    2) no more spammers joined, since my custom register page isn’t recognized as a register page from phpBB.

    You should try doing that ;). It finally keeps of those damn spammers.

Comments are closed.