5 anti-spam measures for phpBB 3.0
This is an English translation of my German blog post. I updated it so the measures described here are compatible to the latest phpBB 3.x version.
phpBB is an open-source forum software, which is popular and widely used and, therefore, an ideal target for spammers. The phpBB developers implemented an improved Captcha in version 3.0. But spammers have already adapted to this and have implemented improved bots that are able to break the new Captcha and to automatically create junk posts. In the following, I describe five anti-spam measures that effectively reduce spam in every phpBB 3.x instance. The main goal of these measures is to block as many spam posts as possible without affecting normal forum users.
Measure #1: links
Typically spammers try to advertise certain websites. About 95% of all spam posts contain links or URLs. The most effective way to block those posts is to completely forbid links. However, this also affects normal forum users.
Spammers usually sign in to a forum and then immediately start posting junk. We can make use of this and forbid links only to guests and users with less than a certain number of posts. Once a normal user has reached this number, links will be enabled. Typical spam bots will never reach this number since all their posts will be blocked.
To forbid posting links you have to add the following to the function submit_post()
in the file includes/functions_posting.php
.
This code should be put at the beginning of the submit_post()
function
to check all posts before they are saved to the database.
Measure #2: images
Spammers often try to trick spam filters by posting images instead of text.
They put their junk messages and links into image files and then attach them
to forum posts. You can use the same technique as the one described in
measure #1 to block images for guests and users with less than a
certain number of posts. Put the following code in the function submit_post()
in the file functions/functions_posting.php
.
Measure #3: Russian and Chinese posts?
A lot of spam posts are written in Russian or Chinese or simply contain a lot of special characters and garbage. If your forum is targeted to English users you can check if a post is written in English before it is submitted. Posts that mostly contain special characters or foreign characters can then be treated as spam.
Cory Mawhorter has developed a
PHP funktion
(is_english()
) that is able to recognise special characters. You can
use this function to differentiate English posts from any other.
Measure #4: http:BL
Project Honey Pot offers an system to keep spammers and mail address harvesters away from websites. http:BL matches the website visitor’s IP address against a database. If the IP address is known to be used by a spammer, the visitor will be blocked before the website is even rendered. The system uses DNS which makes queries very fast.
In order to use http:BL, you first have to sign up for Project Honey Pot.
You will receive a special key that is used to authenticate against
the system. They already offer a MOD for phpBB
but it is only compatible to version 2.0. You may be able to make it
compatible to phpBB 3, but alternatively, you can simply put the following
code at the end of the file common.php
.
Update (2013-08-06): As Paul M. Edwards pointed out in the comments, there is an updated http:BL MOD that supports phpBB3: https://www.phpbb.com/customise/db/mod/advanced_block_mod/
Thank you very much, Paul!
Please make sure to put your http:BL access key in the variable $httpblkey
.
Measure #5: Akismet
Another technique to block Internet spam is Akismet. This system is usually used in WordPress blogs to block comment spammers. Just like for Project Honey Pot, you need to sign up to receive an API key.
You can use Akismet to block posts in phpBB 3 forums as well. The system
may produce false positives (normal posts accidentally identified as spam).
I therefore recommend to only check the first posts of new users until
they have reached a certain number of posts. The following code
uses the file Akismet.class.php
that can be downloaded from
Alex Potsides’ GitHub repository. Put
the code in the function submit_post()
in the file includes/functions_posting.php
.
Put your Akismet API key into the variable $akismet_key
. The URL
you entered during sign-up has to
be put in the variable $akismet_url
.
Akismet can also be used reasonably to block spammers who try to
sign up to your forum. Put the following code into the function
user_add()
in the file includes/functions_user.php
.
Conclusion
The measures presented here help drastically reduce spam in phpBB 3.0-based forums. Since I implemented them in the Spamihilator forum a couple of years ago, only a very small number of spammers were actually able to post. However, none of their messages contained links, URLs or images. They mostly consisted of a number of meaningless and motley words.
Forbidding links and images is in my experience the most effective way to block spammers. Searching for special characters and foreign languages blocks all other spam posts that do not contain links or images. Normal users are typically not affected by these measures. As soon as a normal user reaches a certain number of ‘good’ posts the anti-spam measures are disabled. Up to now, in the Spamihilator forum, no spammer was able to reach this limit. 3 or 5 posts is in my experience a good threshold. If ever needed, this limit can easily be raised.
Spammers often try to put links and images into signatures. I highly recommend to disable this in phpBB’s administration area. You may also try to apply the link and image filters from measure #1 and #2 respectively to signatures.
Many phpBB forums plagued by spammers disable guest posts. Users have to be registered to post. For support forums like Spamihilator’s this can be tedious for users who would like to easily post support requests without having to go through the complete sign-up procedure. The measures presented here allow forum administrators to leave guest posts enabled.
Posted by Michel Krämer
on 30 March 2013
Next post
Spamihilator website now Open Source
I’ve just published the website of my popular anti-spam freeware Spamihilator as open source. The website is built with the static site generator Jekyll. If you want to contribute, send me a pull request on GitHub.
Previous post
bson4jackson 2.0 has just been released!
I’m excited to announce bson4jackson 2.0! The new version supports Jackson 2.0. Also, with a little help from the community, a few bugs have been fixed. Upgrading is recommended for all users.
Related posts
10 recipes for gradle-download-task
gradle-download-task is a Gradle plugin that allows you to download files during the build process. This post summarizes common patterns and use cases of gradle-download-task and provides useful tips and tricks.
5 Anti-Spam-Maßnahmen für phpBB 3.0
phpBB-basierte Foren sind ein häufiges Ziel von Spammern. Version 3 führt zwar bereits ein besseres Captcha ein, es gibt aber noch mehr Möglichkeiten, Spam einzudämmen. In diesem Artikel stelle ich fünf sinnvolle Maßnahmen vor.
Scala projects with Eclipse PDE Build
The Scala IDE does not support Eclipse PDE yet. This article explains how to configure your OSGi-based project, so you can run your PDE build in headless mode and compile your Scala code.