phpBB: How to handle spammy registrations?
Solution 1
Some steps to take:
I found some info in phpBB's forum, but it was too well hidden for new (forum admin) users:
ACP, General, User Registration settings, New member post limit - set to whatever number you want. ACP, General, User Registration settings, Set Newly Registered Users group to default, Yes.
Then there's the suggestion to put new new users on the moderation queue, but no info on how that's done:
Permissions may be set on this group much like any other group -- an example use is to place the Newly Registered Users group on the moderation queue for all forums.
Here's how:
- ACP, Users and Groups, Group's forum permissions.
- Set "Lookup user group" = "newly registered users", submit.
- Select all forums, submit.
- Wait for the long list of forums to load...
- Set role = "on moderation queue" for every forum, then submit.
I don't remember if I made the role "on moderation queue" myself or if it's a default role. Create or review the role here:
- ACP, Permissions, Forum Roles.
- Then either click the "gear" icon for the role, or create it using the text field under the list.
- Scroll past the "Users/Groups assigned..." section to the "Forum permissions" section at the bottom of the page.
- Select the "Misc" tab.
- Make sure the setting "Can post without approval" is set to "Never".
All the above should be default settings for new phpBB installations, but isn't.
Also in the User Registration settings, turn on reCaptcha and click Configure to fill in required site keys (which can be created through a link on that config page). Submit the configuration, then go back to User Registration settings and (again) turn on reCaptcha, then Submit that change.
Also, try this MOD: http://www.phpbb.com/customise/db/mod/daropl_antispam/
Solution 2
I know you already got recaptcha working, but I thought I'd add the link to the recaptcha documentation for phpBB anyway, in case anyone else finds this question in future:
http://code.google.com/apis/recaptcha/docs/phpbb.html
Would be nice if more people used this, rather than letting their phpBB fill up with spam. Ditto for blogs...
Solution 3
Are you using a captcha ? - if not, definitely do so it should help a fair bit.
http://en.wikipedia.org/wiki/CAPTCHA
Solution 4
Instead of using reCaptcha (which reportedly has been broken by bots now), I upgraded my phpBB forum to the latest version last week and then configured it to use a Q&A captcha with a few custom questions defined (in additon to requiring activation by user emails, and moderation all new users until they have a few approved messages), and haven't had a single spam account be registered so far. Now I just have to finish pruning the thousands of messages and accounts that were already in the moderation queue!
Related videos on Youtube
08 : 21
09 : 06
25 : 24
04 : 34
11 : 13
AdrianM
Hello, world! I enjoy using my experience to help others. That is why I am active at a number of other sites in the StackExchange network on topics that interest me. I'm something of a Swiss army knife both professionally and in private, able to juggle a wild variety of things at once. I've worked in every kind of business that uses software. I'm also very good with tools, both IT and mechanic. Whether you need software design or assembling some IKEA furniture, I'm your man for the job. I'm generally soft-spoken but driven by clear principles. I'm a twin, I've lived in five countries, I speak four languages fluently and two more embarrassingly. Also, being a father routinely develops my patience which is useful for moderating on StackExchange too. To learn more about me, see my Google+ profile.
Updated on September 17, 2022Comments
-
AdrianM almost 2 years
I'm managing a phpBB-based forum that gets hit hard by spammers signing up fake accounts. To combat this, we enabled "administrator activation required", but it's not working so well: When a new user signs up, I get an email with a link to activate that user. However, there's no link to let me easily look at the user first; it goes straight to activation.
I'd like to try a different approach, along these lines:
- I'd like to allow registrations without my approval; instead, the user must get a mail with an activation link.
- I'd like a designated moderator group to approve all posts made by newly registered users. This should be done through the forum's web-based moderation control panel.
- When a new user posts a spammy message, I want the moderator group to kill the message and the account.
- When a new user has posted a few non-spammy messages, he's whitelisted and further postings require no approval.
How do I achieve this setup? -or- Is there a similar but smarter approach?
UPDATE: I finally found a watertight solution: http://CleanTalk.org -- it's a paid service but for a measly $8 per year it's well worth the money. So far the filter has worked 100% accurately, without any spammers getting through and without blocking legit users. I am impressed.
-
AdrianM over 13 yearsYes I use Captcha, but it's easily broken. I've just turned on reCaptcha instead, let's see if things improve. I've also just added a long answer of my own about moderating new posts; I think that's going to be helpful too.
-
AdrianM over 13 yearsThis would've been helpful as a comment, but not as an answer to this question because it describes how to code up Captcha in PHP yourself, which is not a smart way of solving problems with existing software products like phpBB.
-
dunxd over 13 yearsWell spotted - I meant to paste the link that specifically discusses implementation in phpBB. Corrected.
-
AdrianM over 13 years-1 converted to +1 :-)
-
aloo over 12 yearsCAPTCHAs are a good idea, but ReCaptcha doesn't seem to be working for us - we're still getting lots of spam registrations.
-
Michael Hampton over 8 yearsThis would be much better if you linked to the captcha module rather than your own web site. Otherwise it looks self-promotional!
