My most-hated fight with phpBB (forum/community software) has come to an end. Spam and phpBB is synonymous with each other. My experience with running and maintaining forums has taught me one major lesson – stay away from phpBB. Unfortunately, phpBB has been my most-familiarized forum software, and there was really a time when phpBB was worth it. It’s open-source, 100% free, easy to modify, supported by thousands of users and developers, and has tons of free ready-made themes. Everything still holds true for the software, but spammers have taken control.
One of the main reasons phpBB attracts so much spam is it’s popularity. Spammers weigh the ratio of how much work they’ll devote (creating spam scripts) over the number of available sites to spam. In one of my forums – bilyar.NET – it came to a worst-case scenario 30 bot registrations and 35 spam posts per day. I’ve invited a number of people to moderate the forums, but human brute force is nothing compared to automated spamming. Believe it or not, I’ve met people who’ve said “Ay bilyar.NET? Puro viagra naman dun eh.” Ouch.
There are a number of different third-party mods to fight phpBB spam. I’ve tried a few, but I’ve never really raved as much as I have over this. The mod is called RAC or Registration Auth Code. By the way, forget about Visual Confirmation (Captcha) in phpBB, spambots get around those easily. The mod adds a random admin-generated code that is linked somewhere within the site. See it in action here, look at the field “Authorization Code:” Once a spambot figures out a way around the code, I simply add a new code and change the link where the code is located. The mod installs in about 3 minutes. See the official link to the mod here. So far since installing this mod, number of spambot registrations = 0.