PHPBB Member List Link Spam

When I overhauled my sailing community website (now at www.daysailer.org), I decided to use a free and popular web forum package called PHPBB. My home-brewed forum was getting old in the tooth anyway. PHPBB has features that not only make the forum better, but easier to maintain.

The downside is that PHPBB is everywhere, and that makes it a target for spammers and their automated bots. In this case, PHPBB has a Member List page which displays the site’s members and optionally, their web address. The link spammers create bogus user accounts to take advantage of this and get their spammy website listed. I’ve only been running the forum at daysailer.org for a month, and I was seeing about one spam signup a day. One day I had three. I knew I had to do something or otherwise I’d show up on the site one day and there’d be a thousand of them. For some reason most of the spam links were for sites in Russia, but there are probably others out there.

Since these automated bots rely on PHPBB’s user registration form looking a certain way, I decided to change the form a bit. I found this forum post to be a helpful description of how to do it. I followed those instructions, but varied things a bit for our site. The technique is to put a hidden field on the form that the bots don’t know about, and fail if someone tries to register without submitting that hidden piece of data. It can’t prevent someone from signing up with a junk link manually, but it seems to work with the bots. We haven’t had a bogus account signup in over a week now. We’ll be safe until the bots figure out how to grab and send the hidden data.

Publishing interactive content on the web seems to be one small battle after another….

Update 2006-12-18: A lot of people seem to be finding this post. Please be sure to read the other articles in my PHPBB Category as I have also tried other spam-prevention ideas.