phpBB forum security: How do I keep out spam?

This is a problem most of us who run any kind of database run into. How do I keep out spam? Of course there is an easy solution which is that you as a moderator approve each user request that comes in to determine if its a real person or bot but who has time for that? I know I do not. That is a full time job when you are running several applications requiring user registration – especially when 1000s of bots would try to register each day. So here are the things you can do, and these are specifically for phpBB forums but can be used for any software that requires registration and I am going to say whether these things are effective or not:

Non effective ways to prevent spam (bots just tear right through these but they still might help a little bit. Just do NOT rely on these):

– Email activation
– Captchas (the images where you write the numbers/letters that you see in the box)
– Asking for special characters on username/password
– Confirming email address

Effective ways to prevent spam

– Few registration attempts – this gives the bot less times to guess
– Questions – this will pretty much stop all spam. You need to ask questions that the computer will not know. Please not that bots have lists of 1000s of questions so you need to ask questions that are specific to your site only but is easy enough for your user base to answer. 2+2 is not good. But the last name of the author of this blog is ____, would be a good question. I have found these block nearly 100% of my spam. If you do start getting spam that means your questions are too easy.
– Using a service like akismet, which is awesome but doesnt currently have a plugin for phpBB. This works great for wordpress though.

So how do you add those questions in phpBB to prevent spam? There are two way and I encourage you to do both:

Method 1:

in the Admin control panel go to->spambot countermeasures->available plugins->Q&A->configure. From here you would create your questions.

Method 2:

In the admin control panel go to->users and groups->custom profile fields->then you would create a new field. From here make sure you require the question at registration.

For an example of a forum using these methods, check out my surfing forum and try to register: http://www.njsurfingclub.com/messageBoard

Posted in opensource, technology and tagged , , , .