Stop Forum Spammers

For a long time I put up with having to check my phpBB forum every day to check for and delete bogus registrations by spammers. Since phpBB only logs the IP when a post is made but not during registration, there is no way to grab the spammers IP when he registers to ban it. I figured out a way to modify phpBB to log the IP but the spammers send from proxies from all over the world so you can't keep up with them. On this web page I will show you how to block spammers from registering with a spam URL and log their IP even if they get through your filter.

phpBB doesn't make an index.html file for itself so make one in the main forum directory so your files aren't naked to the world. If you know how to use .htaccess, you can use it to redirect anyone going there to the index.php page.
In the same directory, locate profile.php and open it for editing
/* start spam block */ $agent = $_SERVER['HTTP_USER_AGENT']; $IP = $_SERVER['REMOTE_ADDR']; $host = gethostbyaddr($IP); $website = $_REQUEST[website] $email = $_REQUEST[email]; /* # log & block spammers by website # if you add more spam words, separate with # the pipe character (shift-\) # if you add a phrase with a period, escape it with a backslash # example: sex\.biz */ if (preg_match('#penis|9999mb\.com|discount|loans|finance|mortgage|dating|blogspot|meridia|cialis|\.info|drug|valium|xanax|viagra|propecia|ambien|levitra|phentermine|pharmacy#i', $website)) { die("<br /><br /><br /><br /><br /><br /><br /><br /><center><h1>Get lost, spammer</h1></center>"); exit; } # log & block spammers by email if (preg_match('#meridia|cialis|\.info|drug|valium|xanax|viagra|propecia|ambien|levitra|phentermine|pharmacy#i', $email)) { die("<br /><br /><br /><br /><br /><br /><br /><br /><center><h1>Get lost, spammer</h1></center>"); exit; } # block if website ends .ru if ( preg_match( "#\.ru$#", $website ) ) { die("<br /><br /><br /><br /><br /><br /><br /><br /><center><h1>Get lost, spammer</h1></center>"); exit; } # block if email ends .ru if ( preg_match( "#\.ru$#", $email ) ) { die("<br /><br /><br /><br /><br /><br /><br /><br /><center><h1>Get lost, spammer</h1></center>"); exit; } # block if email ends .lv if ( preg_match( "#\.lv$#", $email ) ) { die("<br /><br /><br /><br /><br /><br /><br /><br /><center><h1>Get lost, spammer</h1></center>"); exit; } # log non-spammers $location = $IP; /* end spam block */
You can add spam words to the list but if you include a period, it must be escaped like this \. and you must separate the words with a pipe: | (shift-\)
Go to the forum/language/lang_english directory and open lang_main.php for editing
Find the line that says $lang['Location'] = 'Location'; and change it to $lang['Location'] = 'IP (Logged automaticly)';. This will change the "Location" column in the member list, profile pages and registration form to IP. If a legitimate members want their locations known, they can put it in their sig.
In the same file is a variable named $lang['Reg_agreement']. That is the registration agreement and you can edit it to have a message of your own to spammers. My logs indicate that some spammers actually read it and don't even try to register but most try anyway. Important: If you use an apostrophe, you must escape it like this: \'

Blocking Forum Spammers

The steps above will stop most spammers dead but if you keep notes, you may notice that some comes from the same IP ranges, usually kornet, chinanet and brazilian ISPs. To stop them, you can use .htaccess file.

If you don't already have one, create a file named ".httacess" in the directory containing your forum, . Note the period preceding httacess. That is not a typo. The resulting URL should look something like this: http://eclecticdjs.com/forum/.htaccess. When you catch a spammer's IP, you can block access to it by adding a line like this to your .htaccess file:

deny from 59.30.238.75

It may be that the IP the spammer used is part of a "bad neighborhood" and you want to block the whole range of IPs. Take that IP to Geektools to get the range. In this case, the range is 59.0.0.0 - 59.31.255.255 and the ISP is kornet.net. If you ever see an IP from kornet or chinanet, just block a range. Those are the two sleaziest ISPs on the internet and letting their customers post in your forum is like letting a crack head babysit your kids. Block a range like this:

deny from 59.30

Be very careful about blocking other ranges. If you are on Verizon and you block a range of Verizon IPs that include your own, you will block access to yourself!

Your IP is 38.107.191.104

Hide user website in member list

Human spammers sometimes check to make sure that your member list page shows the website they register. You can make your forum unattractive to them by hiding their website. If a legitimate user registers, his/her website will show on their profile page but since the spammer never posts anything, there is no link to their profile. Edit forum/templates/subSilver/memberlist_body.tpl and remove

<th class="thTop" nowrap="nowrap">{L_FROM}</th>

and

<th class="thCornerR" nowrap="nowrap">{L_WEBSITE}</th>

to prevent the website column from showing in the member list

Back to the Dance Away Santa Barbara Forum