My phpBB based ESMS forum has been lately suffering from an influx of spammers. Bots register to the forum in order to appear in the member list and thus increase the search engine count for their websites (my forum becomes another site that links to them). Thankfully, they don’t post obnoxious messages.

When I enabled the built-in captcha, it didn’t really help. Yesterday I decided to look into the problem and quickly found out that the phpBB captcha has been broken. In fact, if you look at it, it isn’t very surprising. Here is a sample generated image:

The text isn’t too obfuscated, and this fascinating blog entry explains in detail how it is cracked using simple image processing methods. Until phpBB release a stronger captcha, people should turn to other options, like various MODs.

I installed two MODs related to the problem. One is called Humanizer - it’s a Yes / No question - “Are you human?” defaulted to No. Bots will leave it at No and won’t be admitted. People report it works very well. It gave me more ideas for very simple questions that bots won’t be able to answer but humans will. If the Humanizer won’t work, I’ll try those.

The second MOD is not anti-spam per-se, but it’s a simple way to administer multiple users at once, something that the default admin panel in phpBB lacks. It’s called Admin Userlist and takes about 2 minutes to install. Using it I deleted 100 bots in just a few minutes. It will help against sneaky bots that do manage to break through Humanizer.

I hope this will help. Only time will show - and soon, I think, since in the past weeks I get 3-4 bogus registers a day.

Related posts:

1. Fighting blog and forum spam - a temporary victory
2. Blocked by Blogger’s spam bots

This entry was posted on Wednesday, April 4th, 2007 at 7:03 pm and is filed under Internet. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.