|
|
The time now is Wed Jan 07, 2009 9:07 am
All times are UTC + 10
|
|
|
| A Tutorial on how to secure your phpBB Forum |
I have noticed over the last 12 months or so, many requests for help on phpBBHacks.com in trying to stop SPAM bots registering on phpBB forums so I have put together this little tutorial to try to help everyone out and beat the bots once at least for the time being.
With phpbb being as popular as it is, it has become a constant source for SPAM bots to register and spam forums worldwide.
It is something that I had problems with until around the beginning of 2006 when I set about making changes to the registration process and adding a number of mods/hacks to try to overcome the problem. Since I have changed the way registrations are made, I have not had one single SPAM bot register on my forums which have the following mods in place.
The developers of phpbb have from time to time added more security to different versions of phpbb in order to overcome the problem. That in itself only added a new challenge to the bot script writers and each new addition has in time been beaten by them.
NOTE: I have written this tutorial with more than 4 years of using and modifying phpBB behind me so it has all come with experience from phpbb 2.0.4 right through to phpbb 2.0.22
So how do you overcome the problem of SPAM bots registering? |
| |
Step 1: The first thing you do is activate all the security already included in phpbb such as User Email Activation and Visual Confirmation. NEVER set your forum up so they can automatically sign in as soon as they register.
Step 2: Never make it easy for spammers and hackers to join your forum. The next thing we do is add a number of security measures and then we personalise our registration process and make it unique to our own forums.
Now once you have the standard phpbb settings in place you will need to add a few mods which I will list here with the links to download them.
Live Email Validate
The first mod to install is Live Email Validate. This mod ensures that the registration process will fail if the email address being used is not a live email address and SPAM bots rarely use live email address's.
Download link:http://www.phpbbhacks.com/download/4969
Email Confirmation
The second mod to install is Email Confirmation. This is to ensure that the email address that is being entered is entered correctly and we know how many people can make a simple mistake with their email address so it helps everyone concerned.
Download link:http://www.phpbbhacks.com/download/3137
Add Name and Address to Profile
The next mod to add is the Add Name and Address to Profile. The information added is private and viewable only by the Adminstrators and the member themselves. No other member can view this information and because some of the information is "required" to complete registration, SPAM bots do not know about it and the registration will fail.
Download link:http://www.phpbbhacks.com/download/6602
| |
| Other mods that are designed to prevent spammers from joining which you can install if you like are: |
| |
The next steps are optional and should be kept in mind should any of the above meaures be compromised by SPAM bots.
Anti Bot Question Hack
This hack is a variable configurable CAPTCHA to prevent spam bot registrations and spam bot guest postings. A question, randomly selected from a question pool, is added to the registration form and/or the post form for guests. This question must be answered correctly to complete the registration or post successfully. You can create your own individual questions or you can use automatically created questions. The hack is completely administrable via the ACP.
This hack is compatible with Select Default Language. Different questions can be defined for each language.
Download link:http://www.phpbbhacks.com/download/6697
Anti-Spam ACP
This hack prevents spam bots from registering on your forum by removing the fields of your choice in the registration and profile form until users reach certain requirements. If a spam bot is detected, you are sent an e-mail notification with the username, IP address and more.
Download linkhttp://www.phpbbhacks.com/download/6864
Custom Profile Fields
This hack allows you to add custom fields to the profile, memberlist and mini profile that appears to the side of each post. Admins can also add admin only fields. Add checkboxes, text fields or more. Includes an admin control panel for easy field setup. This mod is handy to add more personal functionallity to your forum.
By adding more fields to the profile field as "required fields" you will stop the SPAM bots from registering because, once again, they are unique to your forum and SPAM bots are not aware that all these new fields are required.
Download link:http://www.phpbbhacks.com/download/6664
Inverted Visual Confirmation
Changes the visual confirmation images that are shown in the standard phpBB visual confirmation. It inverts them so that the background is dark and the letters are light.
Download link:http://www.phpbbhacks.com/download/6667
Capitalize Confirmation Code
Converts the confirmation code that the user types in to capital letters automatically, once the user has clicked off the text area.
Download link:http://www.phpbbhacks.com/download/6495
Photo Visual Confirmation
Adds a new kind of visual confirmation (CAPTCHA) where the person registering for an account must look at photographs and determine if they are photographs of animals or not.
Download link:http://www.phpbbhacks.com/download/7937
Confirmation Topic
This MOD blocks the access for defined forums until the user will confirm one special topic.
Download link:http://www.phpbbhacks.com/download/5744
| |
| Some mods/hacks I recommend should not be used. |
| |
The Humanizer
This hack changes the register form in a simple way in an effort to prevent spam bots. It adds a new question that asks "Are you human?" If you do not click yes, then you cannot register.
My comments: It is an example of a Yes/No question/answer where the answer is always yes. This is a poor attempt to try to trick spam bots but as you can see, because the answer is always going to be yes, it is easily bypassed.
Easy BotStopper
This is a simple program to stop spam bot registrations. It removes the website field upon registration (but it can be added after the user has registered) so humans will not be affected. Bots cannot see that the website field has disappeared however and the hack picks this up and stops the registration process.
My Comments: In the authors own words it is "simple". Naturally this will not stop Spam bots from registering and nor will it stop them from posting a link in the forum. Not worth the time to download it.
CrackerTracker Professional G5
This is a complete security system for your phpBB with many many features. I do not recommend you install this hack unless you are totally, and I mean totally, confident in using and applying php code as it is directed more towards the professionals than the beginner or intermediate phpBB user.
Hopefully this little bit of advice can help you all, as Administrators, enjoy your forums without the annoyances created by SPAM Bots.
_________________
Rod Angell aka ~HG~
Download my hacks from phpBBHacks.com | |
|
Now that you have added some of this new information, much of which is required only by "your" board in order to personalise your own registration procedures, you have virtually defeated SPAM bots and you can rest easy knowing that 99.9% of your new registrations are genuine and your forum is safe from unwanted intruders.
Regularly check phpbb hacks for any new security mods that may be added to the database by going to phpBBHacks.com Security and Privacy hacks: and searching the database.
|
|
| |
FAQ
Search
Members
Groups
Register
Log in