PHPBB Anti-spam Registration Question

I’ve been meaning to document this for a while now, and I finally made myself write it up. The simple measure I will describe has been working for my PHPBB website since last December. It has kept spam accounts from registering and posting anything on my site.

This idea involves asking a question during registration that spam bots do not know how to answer. You can choose any question and answer that you want. The website that I run PHPBB on is a sailing website, so I asked a question that sailors could answer. For this example I chose another question.

You have to change two files, templates/(your template)/profileaddbody.tpl and includes/usercp_register.php.

In templates/(your template)/profileaddbody.tpl, add this after the <!– END switch_confirm –> line (about line number 68):

<!– BEGIN switch_add_profile –>
  <td class=“row1”><span class=“gen”>Anti-Spam Question:</span></td>
  <td class=“row2”>
    <span style=“font-size: small;”>Enter the name Luke Skywalker’s
    father. Check your spelling!
    Requiring this question to be answered will hopefully limit
    spammers who try to sign up.</span><br />
    <input type=“text” class=“post” style=“width: 200px”
      name=“bonusq” size=“25” maxlength=“255” value=“” />
<!– END switch_add_profile –>

In includes/usercp_register.php, add this after else if ( $mode == ‘register’ ) { (about line number 275):

// mod by MB to require human data to prevent spam bots
if(trim(strtolower($_POST['bonusq’]))!='darth vader’) {
    $error = TRUE;
    $error_msg .= ( ( isset($error_msg) ) ? ’<br />’ : “ ) .
      'You did not answer the Anti-Spam question correctly…’ .
      'please try again.’;
// end mod

So there you have it. I’m sure there are some sophisticated PHPBB mods out there that will do the same and more for you, but this simple change has saved me a lot of trouble. I’m keeping my fingers crossed that it will last.

Update 2007-05-23: I omitted one other mod to make this work. You also need to edit your includes/usercpregister.php file. Find the line if ( $mode == 'editprofile’ ) (about line number 941) and modify that block to look like this:

if ( $mode == 'editprofile’ )
blockvars('switcheditprofile’, array());
} else {
  // Else block is Mod by MB 2006-08-11
blockvars('switchaddprofile’, array());

Update 2007-06-24: Several folks wrote in expressing confusion about where these blocks of code belonged. I apologize, and I amended the article to give approximate line numbers where the mods belong. I used PHPBB 2.0.22 as my reference. Note that if you have made other modifications to your PHPBB files, the line numbers might not be quite right.

Update 2007-06-27: Bug fix. See comment #7 below.

Update 2007-09-29: A lot of people have written in having trouble with this modification when it comes to users editing their profile. To avoid problems, I have applied the modification to a new copy of PHPBB 2.0.22 and tested it. I made copies of the modified files and they are available to download. The modification as it appears in this blog post is what I used, and it works fine for me. I did not make any of the other changes from the comments (except the bug fix from June which has already been incorporated into this post).

Update 2008-02-27: The update works just fine for me in PHPBB 2.0.23 as well. Neither profile
addbody.tpl nor usercpregister.php were changed between 2.0.22 and 2.0.23.