Some time back I wrote about how to deal with spam forum registrations and spam posts. Since I wrote these posts, spammers have changed tactics and phpBB has a number of new solutions to help address these issues. So a brief update:
- With the release of phpBB 3.2 Rhea, the phpBB group has integrated Google’s new reCAPTCHA. The old one had been thoroughly hacked. You may have seen this one already on other websites. It asks if you are a human and gives you a checkbox to click on. This is generally all you have to do to “solve” the CAPTCHA. So if you are running phpBB 3.2 you may want to use this Spambot countermeasure as it is simpler than the Question & Answer countermeasure, previously the best solution if it was done right. Since the old reCAPTCHA was eventually defeated by spammers, I suspect this new version will have limited shelf life too, so if you use it keep an eye on it and if it starts failing use something else.
- Extension developer RMcGirr83 has released a Stop Forum Spam extension. It works on both phpBB 3.1 and 3.2. It works by querying the stopforumspam.com database. This should catch the vast majority of spammers, but it may let a few slip through. If you allow guest posting, it can also be configured to check guest posts.
The Cleantalk service remains an option. It costs $8/year for a website and requires the installation of an extension or modification (depending on your version of phpBB) as well as getting a key from the website to enable it. I have had one client with an issue with it falsely identifying a user as a spammer. I worked with them to address it. Otherwise, my clients have noted no issues and recommend it highly.
