How to Stop Spam On phpBB Forums

February 2009 Update: it seems that this page got very popular, and it’s not surprising: the method described here is simple and really works. Unfortunately due to the large number of help requests I am getting, I can’t provide you personal assistance in implementing the solution described. If you would like one of my developers to implement this solution on your forum, feel free to contact us at Stop Forum Spam Now and we will be glad to help you.

I am running several phpBB-based forums, and they all started receiving serious amounts of spam recently. It seems that the spammers are now able to break the captcha in the registration and even pass the e-mail activation. I found a very simple solution for this. And from that moment on – the spam stopped.

The idea is to ask the spam bot a question which it does not expect, but it will be no problem for the users to answer. I’ve added to the registration form the question “How much is 5+2 ?”. Most of the new forum members were able to answer it on the first attempt. But spam bots had no clue.

So until someone bothers to write a spam bot specifically for my forums – I am okay. When it happens, I’ll just change the question. It can be many things: “What was the color of the white horse of Hammurabi?” or “How long did the six-day war lasted?” and so on. You got the point.

Here is how to do it.

In the template directory, edit profile_add_body.tpl, and add a new row the the form:

<tr>
    <td class="row1"><span class="gen">How much is 5+2 *</span></td>
    <td class="row2">
        <input type="text" class="post" style="width: 200px" name="math_question" size="6" maxlength="6" value="" />
    </td>
</tr>

Browse to the registration page on your forum to see that it looks right.

In includes/usercp_register.php, look around line 260, and add the condition that checks if the question was answered properly:

   else if ( $mode == ‘register’ )
    {
        if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
        {
            $error = TRUE;
            $error_msg .= ( ( isset($error_msg) ) ? ‘<br />’ : ) . $lang[‘Fields_empty’];
        };

        if (!isset($_POST[‘math_question’]) || $_POST[‘math_question’] != ’7′) {
            $error = TRUE;
            $error_msg .= (isset($error_msg) ? ‘<br/>’ : ) . "Incorrect answer to the mathematical question…";
        }
    }

This entry was posted in howto. Bookmark the permalink.

174 Responses to How to Stop Spam On phpBB Forums

  1. cody says:

    Sounds like you pasted it incorrectly because php has found an else statement where it wasn’t expecting one.

    This was the part you should have pasted in, (make sure you didn’t overwrite a curly brace “}”

    if (!isset($_POST[‘math_question’]) || $_POST[‘math_question’] != ‘7′) {
    $error = TRUE;
    $error_msg .= (isset($error_msg) ? ‘’ : ”) . "Incorrect answer to the mathematical question…";
    }
    }

  2. Chevy says:

    Thanks Cody

    I just tried what u said and still no luck here is the next error

    Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /mnt/w0301/d12/s14/b02d048b/www/twistedmuscle/twistedmuscle/forum/includes/usercp_register.php on line 287

  3. Chevy says:

    if u have MSN ADD me on it
    shawnfernandez@hotmail.com

    that could be alot faster than this.

  4. cody says:

    The T_CONSTANT_ENCAPSED_STRING error is again because php is getting an instruction where it is not expecting one. It’s caused by a syntax error in the code so you need to check the code immediately before the point of the error.

    That error frequently occurs when you miss out a semi colon ;

    The semi colon tells php that it has reached the end of an instruction and the following code should be treated as a new one.

    If you paste the code here that surrounds the error it will help us find it for you.

  5. Chevy says:

    if ( isset($HTTP_POST_VARS['submit']) )
    {
    include($phpbb_root_path . ‘includes/usercp_avatar.’.$phpEx);

    // session id check
    if ($sid == ” || $sid != $userdata['session_id'])
    {
    $error = true;
    $error_msg .= ( ( isset($error_msg) ) ? ” : ” ) . $lang['Session_invalid'];
    }

    $passwd_sql = ”;
    if ( $mode == ‘editprofile’ )
    {
    if ( $user_id != $userdata['user_id'] )
    {
    $error = TRUE;
    $error_msg .= ( ( isset($error_msg) ) ? ” : ” ) . $lang['Wrong_Profile'];
    }
    }
    else if ( $mode == ‘register’ )
    {
    if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
    {
    $error = TRUE;
    $error_msg .= ( ( isset($error_msg) ) ? ” : ” ) . $lang['Fields_empty'];
    }
    }
    if (!isset($_POST[‘math_question’]) || $_POST[‘math_question’] != ‘7′) {
    $error = TRUE;
    $error_msg .= (isset($error_msg) ? ‘’ : ”) . “Incorrect answer to the mathematical question…”;
    }
    }

    if ($board_config['enable_confirm'] && $mode == ‘register’)
    {
    if (empty($HTTP_POST_VARS['confirm_id']))
    {
    $error = TRUE;
    $error_msg .= ( ( isset($error_msg) ) ? ” : ” ) . $lang['Confirm_code_wrong'];
    }
    else
    { This line is 295

  6. cody says:

    The following code is wrong Chevy;


    $error_msg .= ( ( isset($error_msg) ) ? '' : '' ) . $lang['Fields_empty'];
    }
    }

    It should be;


    $error_msg .= ( ( isset($error_msg) ) ? " : " ) . $lang
    [‘Fields_empty’];
    };

  7. Chevy says:

    thanks Cody

    But it still hasnt changed it at all.
    im about to lose it. LOL

    anymore suggestions

  8. cody says:

    Click on my name above to go to my website; contact me via the form on the contact page; I’ll send you my email address and then you can send me the whole file.

  9. I hate spammers, and can’t wait to install some scripts to get rid of them. The online pharmacy industry, porn, and ring tones are the most common kind of spam I have been getting. It used to be really bad on my blog before I installed askimet, now I am about to try some similar methods, (perhaps the one you mentioned) to get rid of spamming on my forum.

  10. Gary says:

    I have a great banlist here:
    World’s Greatest phpBB Banlist

    I’ve personally banned hundreds and hundreds of IPs that generated spam on my phpBB forum. Just copy and paste it into your banlist, and cut the spam by 90% (according to a few people that told me of the results they had from doing it).

    Chances that any of these IPs are dynamic or are used by someone who is legit, are about the same as winning the lottery.

    I don’t use captcha or email verification (both of which are useless for stopping spam, and only annoy real users), and I am down to one spam per week on my main forum!

    Note: A couple hundred of the IPs on the list came from other forum-masters who gave their banlists to me and in one case, a list of spam-generating IPs were captured in a sort of spider-trap forum designed to trick spammers into posting there. I just don’t want to take credit for the whole thing.

  11. AlexTrufant says:

    Hello everyone,

    First step is great but second step results in:
    Parse error: parse error, unexpected T_CONSTANT_ENCAPSED_STRING in /var/www/html/phpbb/includes/usercp_register.php on line 279

    Line 279 is the following:
    if ($board_config['enable_confirm'] && $mode == ‘register’)

    Please help

    Thanks in advance

    the code:

    $error_msg .= ( ( isset($error_msg) ) ? ” : ” ) . $lang['Fields_empty'];
    };

    if (!isset($_POST[‘math_question’]) || $_POST[‘math_question’] != ‘7′) {
    $error = TRUE;
    $error_msg .= (isset($error_msg) ? ‘’ : ”) . “Incorrect answer to the mathematical question…”;
    }
    }

    if ($board_config['enable_confirm'] && $mode == ‘register’)
    {
    if (empty($HTTP_POST_VARS['confirm_id']))
    {
    $error = TRUE;

  12. Pacific says:

    I applied the spam list in batches of 500 or 600 as the server took over 30 seconds to accept higher numbers than that.

    There are about 5000 IP address in that list. Thank you for offering it.

    However, it didn’t seem to put a dint in the spam I receive. Spammers are making comments withuot signing up as a member, I have the setting set to ‘members only’ can make a comment.

  13. Levi says:

    hey ive installed the script just like you said but all i seem to get is a blank page when i click my link to register. any idea why?

    cheers

  14. ConferenceRivals says:

    Anyone get this error?

    Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/crivals/public_html/smacktalk/includes/usercp_register.php on line 283

  15. Raymond Day says:

    I updated to phpBB 3.0.2 and now can’t do this because it don’t have a usercp_register.php in it.

    I thought the update my have somthing like this all ready. But after a long time I am getting spam on my phpBB board again now.

    Is there something like this for phpBB 3.0.2 ?

    -Raymond Day

  16. Sandor says:

    This MOD is great. No registrations from bots since…. THANKS!!!

  17. Raymond Day says:

    3.0.2 does have a built in checker. Got to:

    Administration Control Panel

    Then the “General” tab at the top.

    On the left side under “BOARD CONFIGURATION” click on “Visual confirmation settings”

    Make sure the Enable visual confirmation for registrations and guest postings are clicked on to “Enabled” and save.

    I did this a wile ago and have got no spam yet.

    -Raymond Day

  18. scott says:

    i have put the first part of the fix in and it works however i’m having problems getting the second part working. i saved a copy of the “includes/usercp_register.php” as “includes/usercp_registerold.php” so that i always have the original code to go back to but all the things i’ve tried with the “includes/usercp_register.php” continue to give me an error when i try to go do a test registration. this is what im getting: Parse error: syntax error, unexpected ‘>’ in /mnt/w0602/d09/s48/b02c4332/www/mineralareamusic.com/forum/includes/usercp_register.php on line 278
    I’ve seen some other people on the forum having the same or similar problems but i havent really found the answer to how to fix it.

    thanks a load in advance.
    Scott

  19. scott says:

    i have put the first part of the fix in and it works however i’m having problems getting the second part working. i saved a copy of the “includes/usercp_register.php” as “includes/usercp_registerold.php” so that i always have the original code to go back to but all the things i’ve tried with the “includes/usercp_register.php” continue to give me an error when i try to go do a test registration. this is what im getting: Parse error: syntax error, unexpected ‘>’ in /mnt/w0602/d09/s48/b02c4332/www/mineralareamusic.com/forum/includes/usercp_register.php on line 278
    I’ve seen some other people on the forum having the same or similar problems but i havent really found the answer to how to fix it.

    thanks a load in advance.
    Scott

  20. Sean says:

    3.0.2 does have captcha as already established it doesnt work! hence this series of posts. Or am i wrong. I have had visual confirmation enabled since i first start my forum and now i get around 30 or more spammers registering every day! Is it possible to use this is php3.0 ? as i am getting pretty cheesed off with these numpties.

  21. nellam says:

    I’m also getting the ” Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING”

    Here is the code:

    else if ( $mode == ‘register’ )
    {
    if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
    {
    $error = TRUE;
    $error_msg .= ( ( isset($error_msg) ) ? ” : ” ) . $lang['Fields_empty'];
    };

    if (!isset($_POST[‘math_question’]) || $_POST[‘math_question’] != ‘7′) {
    $error = TRUE;
    $error_msg .= (isset($error_msg) ? ‘’ : ”) . “Incorrect answer to the mathematical question…”;

    }
    }

  22. nellam says:

    I used this link” from nightrider above and it worked.

  23. pageh says:

    Hello,
    I could use this helpful tool, but…

    I’m using mxpublisher style, phpbb 3.0.3 and I have the “includes” directory, but no usercp_register.php. I don’t have the templates directory, but have the styles directory, but I don’t see the profile_add_body.tpl anywhere in there.

    any clues?

    also, as instructed in the mod, I looked at http://www.phpbb.com/mods/ and don’t find and hit searching on “math question during registration”

    any help appreciated, thanks.

  24. pageh says:

    I would love to have this tool – thanks – but…

    I have phpbb 3.0.3, and using mxpublisher style. I have the “includes” directory, but no usercp_register.php. I see no “templates” directory, but have the “styles” directory with mxpublisher (and others), but no profile_add_body.tpl to be found.

    any clues?

    Incidentally, I followed the instuctions in the mod to “Please Check: http://www.phpbb.com/mods/ for the latest version of this MOD.” but do not find “Math Question During Registration” mod there.

    Any help appreciated!