Update on dealing with forum spam

Some time back I wrote about how to deal with spam forum registrations and spam posts. Since I wrote these posts, spammers have changed tactics and phpBB has a number of new solutions to help address these issues. So a brief update:

  • With the release of phpBB 3.2 Rhea, the phpBB group has integrated Google’s new reCAPTCHA. The old one had been thoroughly hacked. You may have seen this one already on other websites. It asks if you are a human and gives you a checkbox to click on. This is generally all you have to do to “solve” the CAPTCHA. So if you are running phpBB 3.2 you may want to use this Spambot countermeasure as it is simpler than the Question & Answer countermeasure, previously the best solution if it was done right. Since the old reCAPTCHA was eventually defeated by spammers, I suspect this new version will have limited shelf life too, so if you use it keep an eye on it and if it starts failing use something else.
  • Extension developer RMcGirr83 has released a Stop Forum Spam extension. It works on both phpBB 3.1 and 3.2. It works by querying the stopforumspam.com database. This should catch the vast majority of spammers, but it may let a few slip through. If you allow guest posting, it can also be configured to check guest posts.

The Cleantalk service remains an option. It costs $8/year for a website and requires the installation of an extension or modification (depending on your version of phpBB) as well as getting a key from the website to enable it. I have had one client with an issue with it falsely identifying a user as a spammer. I worked with them to address it. Otherwise, my clients have noted no issues and recommend it highly.


January 2017 work summary

With the release of phpBB 3.2 (Rhea) I got a number of upgrade requests this month. Some were premature. I do expect that upgrade requests will fall off, given that 3.2 makes updating much easier once you are on the 3.2 platform. Fortunately I also generate some income from teaching so that will keep me occupied when phpBB work does not.

Anyhow in January:

  • Moved a forum to new host and domain. Nine million rows in logs table made downloading full database backup impossible. I had to truncate the table to make a complete export. First moved the phpBB 3.0.8 forum as is, and then updated to 3.1.10. I installed the American English language pack. I changed the domain name in ACP.
  • A user’s update from phpBB 3.1 to 3.2.0 failed. Not sure why. The database update seemed to have succeeded. I uploaded reference files from 3.2.0 and cleared the cache and it came back up.
  • Siteground moved client to a different server, so the nameservers changed. Went into his domain registrar and pointed to the correct name servers.
  • A forum stopped working. I installed phpMyAdmin and discovered all the tables were emptied. Database needed to be recovered if possible. Looked in cPanel but could not find a backup. Unfortunately, he’s out of luck.
  • Updated forum from phpbB 3.1.4 to 3.1.10. Customer was not ready to move to 3.2 quite yet.
  • Updated forum from phpBB 3.1.8 to 3.2.0. I had to add a line to .htaccess file to say to use PHP 5.4 to run the database update.
  • Normally I keep my client information anonymous, but this client was kind enough to leave a comment praising my work. Here’s the moved forum. I moved forum off Aabaco web hosting running phpBB 3.1.10 and onto a new domain and a better quality host. Client had moved files and just needed the database moved. Some images were missing in the files and images folder, but client was able to get them off of old host. Aabaco Small Business is the worst host on the Internet IMHO.
  • Siteground reported alleged malware on a site with a forum. I went into the web host to investigate. The messages were not specific. I think it was triggered due to old phpBB files in the web root that pointed to nonexistent programs inside nonexistent folders. The real forum is in phpBB3 directory. I moved these files to a junk folder and took away public access. In case there were infected forum files, I deleted source code for the phpBB3 directory and uploaded from a reference. There were some files in there that belonged to earlier versions of phpBB that are no longer in the archive. Working with Siteground client was able to fix remaining issues.
  • I updated prosilver forum from phpBB 3.0.12 to 3.2.0. User had some ad serving script in header and footer which I replicated, after making it HTML 5 compliant. I hid the logo placement in the blue bar and changed the site name text there. I installed and enabled the Cleantalk extension, enabled the Q&A spambot countermeasure, and requested he get an account on cleantalk.org and enable Cleantalk by putting in the key in the ACP.
  • I updated a forum from phpBB 3.1.9 to 3.2.0. I replicated the picture of the day and header on the new version of prosilver. I also updated four extensions, but ShareOn is not yet compatible with 3.2 so interface does not work. Cleantalk, Board Announcements and Lightbox worked fine. I changed PHP to 7.0.2. Some months back I had written some custom code for the client so users could report and see events of interest. To support PHP 7, I had to modify the two programs I wrote to remove mysqli calls and use the PDO interface instead for queries and inserts into MySQL.
  • I updated a forum from phpBB 3.1.9 to 3.1.10. User wanted to upgrade to phpBB 3.2 but dozens of extensions were installed. Some are not updateable at present.
  • I updated a forum from phpBB 3.1.5 to 3.2.0 on small, vanilla forum.
  • Ordering of forums on the index page was garbled on a phpBB 3.1.9 forum running prosilver_se. Ran fixid.php which I found on phpbb.com to solve that problem. Then I updated the forum to 3.2.0. However, prosilver_se style didn’t look right, so I removed it and defaulted to prosilver.
  • I removed three ads from overall_header.html for a client and changed the URL linked to one of the images.
  • Continuing work for a client in December. For now the work is WordPress related, as client wanted to move content from Joomla into WordPress. I was able to resume and complete a successful import of Joomla content into WordPress. Client is working on updating the WordPress theme. When complete I will upgrade the forum.