phpBB Spam Control – phpBB Anti-Spam Options for Fresh Forum Installations

by Yang Yang on March 15, 2009

phpBB is pretty much the best php forum software out there that is free, and comes the first choice of many webmasters. However, after a few weeks of first installation, many complain that spam bots start to overwhelm their forums, flooding with automated spam registrations and spam posts.

Unfortunately, that is generally because:

  1. phpBB disables account activation by default so that any registered account would be instantly able to write and submit posts.
  2. The default image captcha at registration is much too easy for anti-captcha programs to break.

So, taking phpBB 3.0.4 for an example, to prevent the majority of simple phpBB forum spam bots, with every new phpBB installation, you will:

  1. Enable registration activation: Administration Control Panel => General => (Board Configuration) User registration settings => (General settings) Account activation => Now select ‘By User‘ from ‘None‘ => Submit.Thereby all new registered accounts will be required to validate the email address which no automated spam bots would do with fabricated ones, at least for not-so-valuable new forums.
  2. Use harder captcha images: Administration Control Panel => General => (Board Configuration) Visual confirmation settings => (General options) => GD CAPTCHA foreground noise => Select ‘Yes‘ instead of ‘No‘ => Submit.This would make the captcha a lot harder to break but also less user friendly / accessible because the texts are also much harder for human recognizing. To ease the pain, you may want to set the numeric values just below the option for background noises of x-axis and y-axis higher or zero. I use 200.

After all these efforts you should be receiving much less spam now. If they still laugh at your defense and keep on coming, you should consider using more advanced image captcha such as reCaptcha.net.

For an idea of what captcha works best

Below is a list of famous Chinese websites image captchas that have allegedly been broken by automated text recognition programs with an accuracy percentage and price for each of them. From them you can get an idea of what captcha works the best and what can be easily worked around.

Origin Samples Accuracy Price Comments
9you captcha broken by spam bots 100% 500
$100
Very Easy
tiancity captcha broken by spam bots 100% 500
$100
Very Easy
cncard captcha broken by spam bots 100% 500
$100
Very Easy
the9 captcha broken by spam bots 100% 500
$100
Very Easy
the9 captcha broken by spam bots 99% 1000
$200
Easy
kingsoft captcha broken by spam bots 98% 1000
$200
Easy
taobao captcha broken by spam bots 95% 1000
$200
Easy
dvbbs captcha broken by spam bots 95% 1000
$200
Easy
126 captcha broken by spam bots 95% 1000
$200
Easy
163 captcha broken by spam bots 95% 1500
$300
Middle
shanda captcha broken by spam bots 90% 1500
$300
Middle
qq captcha broken by spam bots 90% 1500
$300
Middle
xiaonei captcha broken by spam bots 85% 1000
$200
Middle
sdo captcha broken by spam bots 85% 1500
$300
Middle
ourgame captcha broken by spam bots 80% 1500
$300
Middle
chinaren captcha broken by spam bots 85% 2000
$400
Middle
monter captcha broken by spam bots 80% 2000
$400
Middle
baidu captcha broken by spam bots 80% $3000 Difficult
qq captcha broken by spam bots 75% $3000 Difficult
ebay captcha broken by spam bots 60% $4000 Difficult
myspace captcha broken by spam bots 30%
google captcha broken by spam bots 30%
hotmail captcha broken by spam bots 30%
yahoo captcha broken by spam bots 45% $8000
Subscribe to Kavoir: blog feed

You should also read:

{ 8 comments… read them below or add one }