Sunday, February 22, 2009

Suggestions for improved Spam handling in phpBB

I run phpBB3 for my forum, and I really can't fault the package, except when it comes to allowing administrators to handle spam.  My forum is open to anonymous posting which means I probably get hit a little harder with spam than other phpBB3 forums.

phpBB3 currently has the following mechanics for helping to reduce spam:

  1. It has a CAPTCHA on the registration page, and on the posting page for anonymous posters to trip up bots.
  2. It allows you to create custom fields with required values on the registration page.
  3. You can not allow posts to display until a moderator approves it.

Now here's the problems with those items:

  1. It looks like from the sudden spike in spam on my forum that the CAPTCHA has been cracked.
  2. Adding a custom field on the registration page will only trick up a bot when it's registering, not when it's posting anonymously.
  3. Moderating a hundred spam messages a day is no fun.

There are a lot fancy ideas for preventing spam, but for the most part I think phpBB needs to have better controls for handling spam.  Here's my suggestions:

1. Custom CAPTCHA.

Customising your CAPTCHA is the most effective way of tripping up spam bots and when I customised my the spam on my site instantly stopped.  The ability to write a CAPTCHA will require a PHP programmer to write, and I found it extremely simple to integrate into phpBB (just one line of code).  phpBB should document this procedure.

2. Allow custom fields on both the registration page, and anonymous posting page.

Adding custom fields with required values is a great way to trip up bots that are trained for a specific set of answers.  So whilst you can add a field to the registration page, it would be nice to add it to the posting page also.

3. Search for users by web site URL

A lot of spam accounts are created and never used.  Instead they sit in the members list with the sole purpose of displaying their spam URL.  So the only way to spot a spam account is by the URL they are trying to advertise and whilst phpBB will allow you to list members by their URL, you can't search the URLs.  Being able to search for "wow", "gold" or "runescape" would bring up a lot of spam account on my forum.  Being able to search for users who have listed a web site, but never posted would also reveal a lot of spam accounts.

4. Delete multiple accounts at once

It takes three steps to delete one account and you can only delete one account at a time.  Once you've identified a list of spam accounts, it would be nice to be able to delete them all at once.

5. Create a reject word list.

phpBB has a word censor list, but if someone posts a censored word it's simply replaced and the message still posts ok.  It would nice to be able to reject posts that contain certain words, such as "viagra".  I ideally the reject word list would work on URLs also.

That's about it. Mostly, phpBB3 just needs a way to quickly find and remove spammers, but a couple more methods to spoil the spammers attempts would be nice also.

No comments:

Post a Comment