How to Stop Spam On phpBB Forums
Dec 21st, 2006 by thesamet
The idea is to ask the spam bot a question which it does not expect, but it will be no problem for the users to answer. I’ve added to the registration form the question “How much is 5+2 ?”. Most of the new forum members were able to answer it on the first attempt. But spam bots had no clue.
So until someone bothers to write a spam bot specifically for my forums - I am okay. When it happens, I’ll just change the question. It can be many things: “What was the color of the white horse of Hammurabi?” or “How long did the six-day war lasted?” and so on. You got the point.
Here is how to do it.
In the template directory, edit profile_add_body.tpl, and add a new row the the form:
<td class="row1"><span class="gen">How much is 5+2 *</span></td>
<td class="row2">
<input type="text" class="post" style="width: 200px" name="math_question" size="6" maxlength="6" value="" />
</td>
</tr>
Browse to the registration page on your forum to see that it looks right.
In includes/usercp_register.php, look around line 260, and add the condition that checks if the question was answered properly:
{
if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? ‘<br />’ : ” ) . $lang[‘Fields_empty’];
};
if (!isset($_POST[‘math_question’]) || $_POST[‘math_question’] != ‘7′) {
$error = TRUE;
$error_msg .= (isset($error_msg) ? ‘<br/>’ : ”) . "Incorrect answer to the mathematical question…";
}
}
Until a spammer will use “Ask Jeeves” to bypass this also…
Or,….
Hire humans to answer your registration questions…
Or… Trick humans into answering your registration question… Automatically
As long as it is possible for legitimate human beings to register and post, it is *possible* for spammers to find a way to get in and do that. If they can hire humans - then it would be hard to tell apart if the human is legitimate or not.
But in practice (and that’s what important in this case), spam is so ineffective, that in order to make a positive return of investment they must be able to spread their message across thousands of forums at low cost. It is highly unlikely that someone would program a bot specifically for my forums.
And if a spammer found an automated way to get answers from AskJeeves for any question a registration form poses, then he can make much more money doing other things but spam.
i have put the first part of the fix in and it works however i’m having problems getting the second part working. i saved a copy of the “includes/usercp_register.php” as “includes/usercp_registerold.php” so that i always have the original code to go back to but all the things i’ve tried with the “includes/usercp_register.php” continue to give me an error when i try to go do a test registration. this is what im getting: Parse error: syntax error, unexpected ‘>’ in /mnt/w0602/d09/s48/b02c4332/www/mineralareamusic.com/forum/includes/usercp_register.php on line 278
I’ve seen some other people on the forum having the same or similar problems but i havent really found the answer to how to fix it.
thanks a load in advance.
Scott
Hey,
Thanks a lot for this just installed it there, hopefully will stop all these damn annoying registrations!
Cheers
Mark
woops, the software parsed the MOD script so it is not displaying correctly. You might as well delete it…
You could use this link for the MOD script.
Nightrider, Thanks for implementing this as a mod (and for giving the credit)!
Ironically, the spam filter of this blog suspected that your first post is a spam and asked me to manually approve it.
Well, I stumbled on this post looking for a way around the bots. I know this is an older post, but seems like a much easier fix than the rest. I’ll try it, and let you all know how it worked on my forum. One question, does this code have to be added to ALL the templates? I have several besides the sub silver as default.
Thanks!
Hi Peggy,
The profile_add_body.tpl has to be modified in all templates. Let us know if it works well for you!
Would anyone be willing to help me install this MOD onto our site. I tried to follow the directions but i couldn’t even find the sercp_register.php doc.
Thanks so much
Would anyone be willing to help me install this MOD onto our site? I am not good at code issues etc? I tried to follow the directions, but i couldn’t even find the sercp_register.php doc. If anyone is willing to help out, please mail me at cinetarr@yahoo.com.
Thanks so much,
Lisa
Would anyone be willing to help me install this MOD onto our site? I am not good at code issues etc. I tried to follow the directions, but i couldn’t even find the sercp_register.php doc. If anyone is willing to help out, please mail me at cinetarr@yahoo.com.
Thanks so much,
Lisa
Hi,
Well, I can’t believe it, feel like I am dreaming, but, NO bots since I installed this! (Not any new members either, sure hope they can add!) Thank you SO much. This has saved me and others tons of work!
On the templates, I had recently over-rode the templates to just use sub-silver, so I am trying it without changing them all. It seems to be working, or do I still need to do it in order not to mess something else up?
Thank you, thank you, thank you!
Can new users uses other templates when they register? If the answer is yes — then you must do it for the other templates. The problem is that all other templates will not show the question to the user, and therefore they will be unable to register.
It’s great to hear that it is working for you!
Hmmm, good point. I’m not quite sure. When I go to the forum, and try registering as a new member, it shows sub-silver, and the question is there on the registration page. That is the page where they can choose another template, not after they register, so I am a little confused about that.
Thanks for your help, I was just about ready to shut the whole dang thing down!
Since I wasn’t sure, I went ahead and added that to all templates, to be on the safe side. Still no bots!
THanks again.
[...] Re: Stop (Most) Spam Bot Registrations on phpBB Another easy way to stop spam is to ask a simple question like "How much is 5+2?". I’ve written in my blog an explanation how to stop spam on phpbb forums. [...]
One old american man win in lotto 250 000 000$.
I want win money too!!!!!!!!!!a-a-a-a
Give me money!
…and Wordpress comment spam is another issue
Great Thanks! Hopefully this should work before I throw in the towl and sign up for Vbulletin
Just installed your changes and so far no spam registrations .
I dont suppose you could write a similar script that could be incorporated into guest posting ……..:)
i.e each guest posting would have to answer a maths question before thier comment was accepted
I think there is not a problem doing that in the same technique. Just add the math question to the comment form (in posting_body.tpl), and make sure it is displayed only for guest users (it will annoy the registered ones otherwise).
Then, validate it in posting.php.
This WORKS! Thank you sooooo much. I was getting sick of deleting sooo many bot entries.
Is there a way to put this onto the Posting.php page, to stop automated posts? My boards need to be non-registration required.
Please let me know how to do that.
Thanks!
Simple and effective. Thank you for sharing!
[...] How to Stop Spam On phpBB Forums · Nadav Samet’s Blog I am running several phpBB-based forums, and they all started receiving serious amounts of spam recently. It seems that the spammers are now able to break the captcha in the registration and even pass the e-mail activation. I found a very simple solution (tags: phpbb antispam howto) [...]
How do you access the template directory? I’m running phpBB 2.0.20
Thank you for the tip. I also added a language variable for the error message.
[...] in December I’ve posted about the technique I use to stop spam on phpBB forums. The following enhancement of this idea appeared today on xkcd webcomic [...]
thanks for this man, it is working superbly so far!
When I try and put the code in the usercp_register.php file, I get this message when I go to register:
Parse error: syntax error, unexpected ‘>’ in /home/thinkth1/public_html/forum/includes/usercp_register.php on line 271
I don’t get what’s going wrong with it. Do I just add in the code, or do I have to replace something with it?
In the code there were accidentally backticks: ‘. You have to change them to ‘
I’ll fix that.
I don’t understand what you mean by “backticks.” And if you fixed it already, it’s giving me the same error message as before.
I’m confused.
Hi Michael, I just fixed it now. Let me know if it works for you.
Works like a charm now. All I need to do now is wait and see if any spambots pop up.
Thank you so much for this!
I forgot to ask, but do you plan on altering this so it works with phpBB3 if in fact phpBB3 requires it? Or would the coding and such you have provided not need to change?
I have not tried phpBB3 yet, but when I’ll have to upgrade my forums I’ll come into that.
Can’t thank you enough for this solution. A custom question and answer is so superior to CAPTCHA for this application, I can hardly believe PHPBB hadn’t implemented it long ago. Why fool around with a n easily cracked technology when it would be impossible to circumvent a simple custom question (or set of revolving questions and answers) so long as each administrator implemented their own unique set.
Simply brilliant in it’s simplicity. Sure, if you’re the admin of an uber-popular board, a spammer might go to the effort of setting up special circumstances for your board, but these bots are only ‘useful’ if they can operate on thousands of sites. Certainly not practical with this scheme.
You have my thanks…
Exactly!
For best results, I recommend everyone to customize the question.
This post became quite popular and some spammers are already solving some basic arithmetic.
We should start asking about colors of fruits or something
If red riding hood wore a blue hood, what color hood would red riding hood be wearing?
They can solve math, let them work that out…:)
Wow, what a find! I got a link to this page via another forum. I was getting such a huge amount of junk on my forum that I was wondering whether to shut it down or not. Your coding seems to have solved it. Great! Thanks a lot, people like you on the net are worth gold… especially for a programming-amateur like me…
If you are interested in aviation, please do have a look on my site!
AWESOME! My friend saw this and she added to my forums and 2 days now and I haven’t had to delete any bots!!!
THANK YOU SOOOOOO MUCH!!!!
This is great… thanks. Only one thing, is there a way to hide the question when users are editing their profile? I guess the field will need to be there as a hidden field though.
Hey thank you very much! It installed properly, I hope I get don’t receive any spam in the future.
Thanks again.
Vic
>In includes/usercp_register.php, look around line 260, and add the condition that checks if the question was answered properly:
I installed this but when i checked it didn’t make any difference if I answered correctly or not, i was still able to register. Also, when do you start counting the lines, I noticed there are a few lines of introductory text in the usercp_register.php do you start at the top or after the introductory text?
I am counting lines from the beginning of the file. You probably didn’t add it in the right place. The first few lines of the second code snippet should already be in usercp_register.php. It should help you locate the right spot easily.
Thanks, I found it after finding the code snippet in the original code. Installed it and it works. And I know nothing about php or html.
Immeasurable Gratitude,
bob
Hi, I tried to use your code and have managed to muck it up. The first part worked fine but when i tried to insert the second code i ended up with the following error.
Parse error: parse error, unexpected ‘=’ in /includes/usercp_register.php on line 214
I have removed your code but the problem is still peristing. I have pasted my code that is giving the error below but have removed your code.
________________________________________________
else if ( $mode == ‘register’ )
{
if ( empty($username) || empty($new_password) || empty(irongron_confirm) || empty($email) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? ” : ” ) . $lang['Fields_empty'];
}
}
this is where i inserted and removed your code from
if ($board_config['enable_confirm'] && $mode == ‘register’)
{
if (empty($HTTP_POST_VARS['confirm_id']))
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? ” : ” ) . $lang['Confirm_code_wrong'];
}
else
{
$confirm_id = htmlspecialchars($HTTP_POST_VARS['confirm_id']);
if (!preg_match(’/^[A-Za-z0-9]+$/’, $confirm_id))
{
$confirm_id = ”;
}
$sql = ‘SELECT code
As the error indicates something about line 214, it might worth to look around there. Maybe you’ve accidentally changed that line as well?
Thanks for this, I’ve been deleting spam user registrations from my singer friend’s fan forum for months now and hopefully this will stop them getting through. I just changed the question to something only his real fans will know LOL !
It worked like a dream when I tested it so it will be interesting to see if the spambots can get round it.
I have another way how to get rid of automatic registrations. See here: PHPBB Anti Spam Bots
works quite fine, no disturbance yet. And is really easy to do.
Thanks very much. I instaled your alterations without problems and unwarranted posts stoped straight away. It’s been 72 clean hours now, I would have normally expected about 15 bad posts by now.
Thanks, your the coolest ! No more drugs crap on my site hopefully.
thanks!
hope it works
thank you nadav for a great mod you have! now we dont have spam bots in our forum
I think, that is interesting for all.
Hi all
i would like to get this mod working as i have a lot of youngsters on my forum and im getting a hell of a lot of spam most very unsuitable for kids.
but i get this error
Parse error: parse error, unexpected T_ELSE in /phpBB2/includes/usercp_register.php on line 208
not sure how to correct it as im new to php.
any help would be appreciated.
If i was already using the “i’m human mod” would i still need to adjust the usercp_register.php?
I put the origanal usercp_register.php back in went to register as a new member and the 5+2 quistion is there and i had no errors.
Thanks for the code…you’ve saved me daily headaches. You post is much appreciated by myself and all the other board administrators dealing with daily pornography and virus spam.
I just applied your measures to my new forum. Hopefully I’ll never see a spambot registering on my forum for a long time.
This information rocks! I was so impressed and it worked so well I was actually compelled to come back and post my thanks’. It’s been 4 days sense I incorporated these changes and I went from 3-8 spam accounts per day to……ZERO!!!
Thank you for posting this information!
Awesome !
I was thinking along the same lines but you saved me hours trawling through the code to find the bits I needed.
I’ve added a check for capitalisation for those who want to use words instead of number questions.
What colour is blood? *
else if ( $mode == ‘register’ )
{
if ( empty($username) || empty($new_password) || empty($password_confirm) || empty($email) )
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? ” : ” ) . $lang['Fields_empty'];
};
// ———————————————————————————–
// Insert code below
// ———————————————————————————–
//set humaniser
$answer = “”;
if (isset($_POST['math_question'])) {
$answer = $_POST['math_question'];
$answer = strtolower($answer);
}// end if isset
if ($answer != ‘red’) {
$error = TRUE;
$error_msg .= (isset($error_msg) ? ” : ”) . “Incorrect answer to the colour of blood question…”;
}// end if $answer
// end humaniser
}
// ———————————————————————————–
//end insert
// ———————————————————————————–
if ($board_config['enable_confirm'] && $mode == ‘register’)
{
if (empty($HTTP_POST_VARS['confirm_id']))
{
$error = TRUE;
$error_msg .= ( ( isset($error_msg) ) ? ” : ” ) . $lang['Confirm_code_wrong'];
}
Nice one mate, I was thinking vaguely of doing something like this but you just saved me several hours, not one spam user since implementing it. Thanks!
Ok…it looks good so far! I tested it out and it won’t let registration go through unless you have the correct answer. Thank you….I was SOOOO tired of deleting spam users from my board!
Sweet.I am hoping that it will stop the spam-bots.It took like 2 months after changing the site’s url to a new one to show up on google and start getting hit again.I even banned the google bots ip trying to stop it…lol
Hoho. It’s like Christmas and Birthday all rolled into one. A simple and effective customisable solution. Thanks.
I got the question on the registration page but i can still register without answering it, what have i done wrong?
Hi Jim, Check carefully that you added the code in usercp_register.php without errors and in the right place.
Hi thanks for the reply. ive been looking at it and i just cannot get it right.
I get error on line 214.
This sounds so simple to do, If i add the code at line 260 the error is on 214 if i move the code up the error line moves.
Would someone be willing to help via MSN?
Hi Jim.
Send me your msn username and we can try to troubleshoot your errors.
I’ve gone two weeks totally bot free and it really does make it a pleasure to be Admining.
Just wanted to come back and tell you that I am still bot free, thanks to your mod!
I was like a lot of others, ready to shut it all down. I was spending more time deleting posts than I was on the forum itself!
Once again, thanks so much!
Hi Peggy,
I’m really happy that it is working for you! Let’s hope that from now on, spam will only appear in your forums as a receipe ingredient.
Nadav
Thanks! Hmmmm…wonder if I have a recipe using spam? Probably so!
That was funny, thanks, I needed the laugh!
thesamet….I love you as much as one man can love another without being gay.
Hi my msn name
jimbo204@hotmail.com
Thanks in advanve for any help you can give.
OK. I added you to msn and sent an invite.
Hi,
This sounds like a great solution, i did add the code at my test board, it does ask me the question at the register form but it doesn’t work. It doesn’t matter if i will fill in the box or leave it empty nor giving an wrong awnser. It will say it created a new account which needs to be activated after i press the register button. any Ideas??
Thank in adv..!!!!
Jim’s all up and running at his forum now so I’ll be willing to take a look at how you’ve configured yours.
Do you have Xfire or msn?
Hey arramus
So far so good on the forum, I have not had a spambot yet.
Want to thank you again for the help you gave me really appreciate it.
Hey, this is actually what I was looking for. Can’t wait to install it. Does it take a long time?? Our forum is new and I want to prevent spams before it gets too bad…
I have put in the code, but it doesn’t matter whether or not I answer the question at all!
The question appears, but I can leave it blank and it still allows me to register.
Is there anyone that would be able to help me? I’ve tried moving the code around, but I’ve only gotten errors or no change at all.
My e-mail is Overswarm@gmail.com
Hi, it worked immediatley on mine….believe me, it works! I was spending more time deleting spam bots than I was on the forum itself! I can’t believe the good fortune to run across this blog, and am still so thankful for it. I was ready to shut mine down.
I consider myself pretty good at PHP, just not figuring out the PHPBB system with all the .tpl files, etc. So the second part I got working fine, add a second conditional statement during the registration process. I can’t get the simple part to work.
So I went into the templates directory then into the subSilver directory since I have never messed with the templates, I only use the default. Opened profile_add_body.tpl and added the following…..
Oh..wait, n/m. Thought about it while doing this. It should be placed at the end, after the confirmation part. I was trying to put it immediately after the Username and it wasn’t showing up. Now it’s in there…let’s see how it works to control the spam now. Thanks for this!
12 days out and still holding strong….not a single spam registration!
This worked!
you have saved me minutes every day
Thanks
Hi,
I still have not managed to solve my problem, i have send my msn through the contact form but somehow i get the feeling it didn’t get delivered.
Can somebody help me, my msn:
rudolf_phpbb@hotmail.com
Thanks in adv!!
I wish I could help, but not really all that good at this. I did manage to install it on my forum, and everything is working great! Sounds like to me you may have put something in the wrong place, maybe missed it by a line or something? Hopefully someone can help you figure it out!
I run PPHPBB2 and have zero knowledge of PHP but managed to do this modification via my Cpanel controls on my server
The changes are simple and you don’t have confusing questions for people it just runs quietly hidden away and has stopped 100% of those bots logging in the use ICQ numbers always
the link to it is here http://www.burg.in/en/tutorials/php/phpantispam.html
Installed in 10 minutes !
I tried this mod and it did not work..
In essence added the line to the template file ( field shows A okay) does it matter where i