Updates to common spamming software have led to severe shortcomings in the stock, image-based CAPTCHAs. The below information has been written in light of this. Do note that any and all specifics are written for phpBB
This topic discusses common methods for spam prevention. For a brief overview of what spam is, see the spam FAQ
Effective Solutions
At this time, the below solutions seem to be most effective when fighting spambots.
Q&A CAPTCHA
For this technique to be effective, you must use simple but non-obvious question and answer combinations. For instance, "Who do you see in the mirror?" can be an effective question, while "What colour is the sky?" or "2+2 = ?" are not. These questions are particularly effective on niche forums where one can ask a question that is not immediately obvious to the general populace. Avoid simple colour or number answers. Remember, a difficult question does not always have a difficult answer.
An example of a hard question but easy answer:-
Q: Hydrogen appears at what position in the periodic table ?
A: 1
An example of a easy question but hard answer for (say) a car marque forum:-
Q: What is this forum main content?
A: Ford Mustang
The secret is to have a unique answer for your forum, and if/when it gets known and programmed into the SPAMbots, just change it to another unique Q&A
To enable the Q&A CAPTCHA, browse to Spambot countermeasures on the General tab of the Administration Control Panel (ACP), then select "Q&A" under "Installed Plugins". Select "Configure", setup your question and answer pairs, then submit the forum. Notice you may need separate Q&As for each language you use.
Downloadable CAPTCHA Plugins
The key to effective spam prevention is making your forum unique. An effective way to do this is to utilize a third-party CAPTCHA plugin. A list of validated CAPTCHA plugins (and other antispam Extensions) is available here Do note that all antispam MODs are not equally effective--you should review feedback in each item's Support area in the Customisation Database before deciding on the solution that is right for you. Any Extension from the Extensions in Development topic has not been approved, so read the topic very carefully and use at your own risk.
KeyCaptcha (Highly successful as the 3.0.x MOD and ported to 3.1.x and then 3.2.x at my request. Works extremely well although it has not been submitted for inclusion in the CDB as yet)
Newly Registered Users Group - This feature, which is enabled by default, allows the administrator to define a minimum post count; if a user is below this limit they will be a member of the Newly Registered Users group. Permissions may be set on this group much like any other group -- an example use is to place the Newly Registered Users group on the moderation queue for all forums. The user is automatically removed from the group when they reach the defined post amount.
Custom Profile Fields - There is an article in the Knowledge Base detailing utilising Custom Profile Fields as a spam deterrent. This seems to be effective against most bots.
Admin Activation - This is not practical on most boards, but is an excellent option on smaller, less-trafficked boards. Many spam registrations utilise Gmail addresses or .cn domains, and use a seemingly random combination of letters and numbers for their username.
Broken Visual CAPTCHA Plugins
These CAPTCHAs are included in the stock install but have been broken by spambots. They are ineffective and should not be used.
Simple Image CAPTCHA
GD CAPTCHA
GD 3D CAPTCHA
reCAPTCHA
These steps, used individually, should work to slow or stop your spam problem. Please seek support for the EXT's listed above in their respective topic.
[size=150][b][color=#0000FF]Stopping Spam - Techniques and Strategies[/color][/b][/size]
[size=120]Updates to common spamming software have led to severe shortcomings in the stock, image-based CAPTCHAs. The below information has been written in light of this. Do note that any and all specifics are written for phpBB
This topic discusses common methods for spam prevention. For a brief overview of what spam is, see the [url=https://www.phpbb.com/support/docs/en/3.0/kb/article/what-is-spam/]spam FAQ[/url][/size]
[list][b][size=150][color=#0000FF] Effective Solutions[/color][/size][/b]
[list][*]At this time, the below solutions seem to be most effective when fighting spambots.
[*]Q&A CAPTCHA
For this technique to be effective, you must use simple but non-obvious question and answer combinations. For instance, "Who do you see in the mirror?" can be an effective question, while "What colour is the sky?" or "2+2 = ?" are not. These questions are particularly effective on niche forums where one can ask a question that is not immediately obvious to the general populace. Avoid simple colour or number answers. Remember, a difficult question does not always have a difficult answer.
An example of a hard question but easy answer:-
[list]
Q: Hydrogen appears at what position in the periodic table ?
A: 1[/list]
An example of a easy question but hard answer for (say) a car marque forum:-
[list]Q: What is this forum main content?
A: Ford Mustang[/list][/list]
[list]The secret is to have a unique answer for your forum, and if/when it gets known and programmed into the SPAMbots, just change it to another unique Q&A[/list]
[list]To enable the Q&A CAPTCHA, browse to Spambot countermeasures on the General tab of the Administration Control Panel (ACP), then select "Q&A" under "Installed Plugins". Select "Configure", setup your question and answer pairs, then submit the forum. Notice you may need separate Q&As for each language you use.[/list][/list]
[list][b][color=#0000FF][size=150] Downloadable CAPTCHA Plugins[/size][/color][/b]
[list]The key to effective spam prevention is making your forum unique. An effective way to do this is to utilize a third-party CAPTCHA plugin. A list of validated CAPTCHA plugins (and other antispam Extensions) is available [url=https://www.phpbb.com/customise/db/extensions/anti-spam-41]here[/url] Do note that all antispam MODs are not equally effective--you should review feedback in each item's Support area in the Customisation Database before deciding on the solution that is right for you. Any Extension from the [url=https://www.phpbb.com/community/viewforum.php?f=456]Extensions in Development[/url] topic has not been approved, so read the topic very carefully and use at your own risk.
[*][url=https://www.phpbb.com/customise/db/extension/sortables_captcha/][CDB] Sortables CAPTCHA[/url]
[*][url=https://www.phpbb.com/customise/db/extension/phpbb_3.1_stop_forum_spam/][CDB] Stop Forum Spam[/url]
[*][url=https://www.phpbb.com/customise/db/extension/ban_hammer_2/][CDB] Ban Hammer[/url]
[*][url=https://www.phpbb.com/customise/db/extension/antispam_by_cleantalk/][CDB] AntiSpam by Cleantalk[/url]
[*][url=https://www.phpbb.com/customise/db/extension/phpbb_3.1_activation_justification/][CDB] Activation Justification[/url]
[*][url=https://www.phpbb.com/customise/db/extension/akismet/support][CDB] Akismet Anti-Spam Extension[/url]
[*][url=http://keycaptcha.com]KeyCaptcha[/url] (Highly successful as the 3.0.x MOD and ported to 3.1.x and then 3.2.x at my request. Works extremely well although it has not been submitted for inclusion in the CDB as yet)
[*][url=https://phpbb.hifikabin.me.uk/viewtopic.php?f=3&t=153][RC] Obscure Registration Code[/url][/list]
[b][size=150][color=#0000FF]Other Solutions[/color][/size][/b]
[list][*]Newly Registered Users Group - This feature, which is enabled by default, allows the administrator to define a minimum post count; if a user is below this limit they will be a member of the Newly Registered Users group. Permissions may be set on this group much like any other group -- an example use is to place the Newly Registered Users group on the moderation queue for all forums. The user is automatically removed from the group when they reach the defined post amount.
[*]Custom Profile Fields - There is an article in the Knowledge Base detailing utilising Custom Profile Fields as a spam deterrent. This seems to be effective against most bots.
[*]Admin Activation - This is not practical on most boards, but is an excellent option on smaller, less-trafficked boards. Many spam registrations utilise Gmail addresses or .cn domains, and use a seemingly random combination of letters and numbers for their username.[/list] [/list]
[list][b][size=150][color=#0000FF]Broken Visual CAPTCHA Plugins[/color][/size][/b]
[list]These CAPTCHAs are included in the stock install but have been broken by spambots. They are ineffective and should not be used.
Simple Image CAPTCHA
[img]https://phpbb.hifikabin.me.uk/images/images/simple_image_captcha.jpg[/img]
GD CAPTCHA
[img]https://phpbb.hifikabin.me.uk/images/images/GD_CAPTCHA.jpg[/img]
GD 3D CAPTCHA
[img]https://phpbb.hifikabin.me.uk/images/images/GD_3D_CAPTCHA.jpg[/img]
reCAPTCHA
[img]https://phpbb.hifikabin.me.uk/images/images/reCAPTCHA.jpg[/img][/list] [/list]
These steps, used individually, should work to slow or stop your spam problem. Please seek support for the EXT's listed above in their respective topic.