Fighting SPAM in phpBB

At tag2find, we are using phpBB2+ for our forum. This forum unfortunately is continuously being spammed by bots, despite the active CAPTCHA. Even at the strongest setting of the CAPTCHA, SPAM postings were coming through, but the CAPTCHA drove off a lot of potential forum posters which could not get past it.

Therefore I wanted to implement the approach I took for our blog: disable the possibility to submit postings containing links. Unfortunately phpBB out of the box does not permit this. After searching a while I found a promising MOD which I now added to the forum. Its not directly preventing posting links, but is more or less a RegEx-based blacklist of words which must not be used by users who are not registered for a certain number of days and have not yet posted a certain number of posts. The regular expressions supplied aim at preventing posting links, but I had to modify them, as they also contain “.net” which we must allow since our application is written in the Microsoft .NET Framework, so this term is going to turn up legitimately.

Let’s see if this measure will actually change the amount of SPAM being posted to the forum.

Simple Way of Fighting WordPress SPAM

As I am one of the developers of tag2find, I am also writing in the tag2find developer blog from time to time. This blog is a WordPress blog. One of our main problems there is fighting SPAM. We get literally dozens of SPAM comments a day. To limit the amount of SPAM visible on the blog itself, I found a very simple solution, which up to now did not produce any false positive: if a posting contains more than zero links, it will be held in the moderation queue.

WordPress offers this possibility out of the box, but the default is set to more than 2 links. I tried to limit it down to one, but this still missed to many SPAM attempts. Therefore I now have set it to zero. This works remarkably well. No SPAM postings anymore and we had just one or two false positives, which are not so bad as the comments are not deleted but just held for moderation.

I know, this is a very low-tech approach and puts some work on the maintainer of the blog, but it works almost out of the nature of SPAM, which most of the time wants to deliver links to pages to influence Google PageRank and/or lure people onto the website.