Eliminating Bot Spam on phpBB 2 Boards

If you run a phpBB 2.0.x message board, you likely get spam. If you don’t get spam, you likely have either just started your board or have a special blend of security settings and modifications that you have found to work.

Thanks to inspiration & code (used with permission) from the Raven’s Antispam Plugin for WordPress, I have put together the 1 phpBB modification that you shouldn’t be living without!

Why do I say that? Because it works. I have been using it on The Fellowship Hall, and it has become so spam-free that I have enabled guest posting & disabled visual confirmation without worry.

Download Raven’s Antispam from the Extras page.

So what does the Raven’s Antispam phpBB MOD do? How does it stop spam at the door?

The principle is simple: whenever a guest accesses the posting screen or the registration screen, Raven’s Antispam goes into action. It dynamically generates a unique pair of random strings which are not only unique to the board being accessed but also to the day upon which it is accessed. This prevents bots from “learning” the answer, and yet the MOD does not require database modification, unlike similar antispam MODs! That’s right, you should not have to mess with your database just to remain spam free!

After the pair of strings are generated, they are plugged into the registration or guest posting screens. One of the strings is used as a form input name; the other is the expected value of that field. The dynamic form field name is important — it keeps bots from recognizing the field upon repeat visits or upon seeing the similar field on multiple boards. Again, the name is going to be unique per board per day!

One of the beautiful things about Raven’s Antispam is that, if JavaScript is enabled in the guest’s browser, there is nothing the user has to do! The field is dynamically filled in using JavaScript, and the user can post or register unhindered in any way.

If JavaScript is disabled, the user is required only to fill in a form field — no difficult to discern visual tests are required!

Why does this MOD work?


* Most spam is posted by automated bots.
* Most, if not all, bots do not interpret JavaScript.

So, the required form field isn’t automatically filled out, nor does the bot know that an additional form needs filled out to register or post, and so spam bots are effectively stopped!

Download Raven’s Antispam from the Extras page.

Caveats: This MOD will not stop spam posted by humans, nor is it meant to.
This MOD will also not stop spam bots that are developed to understand JavaScript, nor is it meant to. If such bots exist, I’ve yet to hear about them.

I recommend having a backup plan to block spam in place. On the Hall, we’re set up with bbProtection as our second-line of defense. However, bbProtection is no longer reporting a usage graph for the Hall for the past month, as Raven’s Antispam has blocked all spam prior to having to be screened by bbProtection!

5 thoughts on “Eliminating Bot Spam on phpBB 2 Boards”

  1. I’ll test this one. Currently I’m using textual verification and email verification, but somehow the spam bots seem to find their way through.

    Will try this one and hope that things will work fine.

    will keep you updated and thanks for sharing.


  2. Just in case I sounded ungrateful in my last post… Thanks a million for making this available. It has done in one go what loads of other mods failed to do. I have not had a single spam sign up since installing it last week. I was getting 20 a day!

    thanks again

Leave a Comment

Your email address will not be published. Required fields are marked *

Use your Gravatar-enabled email address while commenting to automatically enhance your comment with some of Gravatar's open profile data.

Comments must be made in accordance with the comment policy. This site uses Akismet to reduce spam; learn how your comment data is processed.

You may use Markdown to format your comments; additionally, these HTML tags and attributes may be used: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.

the Rick Beckman archive
Scroll to Top