If you have run a phpBB forum long enough, you have undoubtedly had to deal with automated registrations done for the sole purpose of adding a website to the profile so that Google will see yet another incoming link to a site.
And while there are dozens of things that can be done to reduce spam, sometimes the simplest things are overlooked.
First off, enable visual confirmation! If you are worried about bots interpreting the image and still registering, replace the phpBB default system with the Freecap version, available in the MODs Development forum at phpbb.com.
Second, enable user activation. Most bots will never bother to retrieve the activation email and subsequently activate their account. Being unable to activate means they will not log in and post spam.
Third, add the “rel=’nofollow'” bit to website links on the profile, memberlist, or view topic links. This can be done fairly simply by finding the appropriate variable in the php files and modifying it.
Fourth, remove the website and signature fields from the registration screen. The user_logged_out switch can be used to hide them. There is a MOD available that will kill any registration which attempts to add a website address which could be used, and it is easily adapted to also look for signatures. If the fields aren’t visible to humans, you know no legitimate registration will be trying to set those variables, so it is safe to block the ones which do.
Fifth, ban common free, easy-to-use-for-spam email domains. For this, you can use my phpBBlocker.
If I think of any more, I’ll add to this list. Maybe I’ll put together a multi-faceted antispam MOD, as others have done with such as SEO MODs.