It seems to me that most phpBB anti-spam measures fall into one of three categories. First, stop spammers from registering on your board. Second, if they do register, keep them from showing up. The last category includes MODs for removal or clean-up. I recently started development of a MOD in that last category that I call the phpBBDoctor Spammer Hammer.
I have tried my hand at creating MODs that make it more difficult for spammers to register. I have essentially given up in that area. I think no matter what you do, spammers are just as creative and determined to circumvent them. It’s a battle that I am willing to cede in order to have time for (in my opinion) more productive and enjoyable efforts.
MODs like my Memberlist Controls (see below for related links) allow a board owner to control who shows up on their memberlist. It includes three different settings including active status, number of posts, and last visit. One type of spammer doesn’t want to post, they just want to have their site listed. So if you set up your memberlist so that it requires activation + a minimum number of posts you have essentially managed to avoid their presence. And if they don’t visit your board every so often to “renew” their membership they’re going to drop off anyway. I think this is a good MOD in the fight against spammers, and it’s a real simple installation. But it’s not the point of this post.
What if spammers manage to register, activate, and then go on a wild posting spree? This happens all the time, at phpbb.com as well as other boards. But it had not happened to me on any of my larger boards until a few days ago. We got nailed by a posting “bot” that hit various forums (and topics) on my largest board… they not only started new topics, they posted within existing topics as well. There were over 40 posts in a matter of minutes. It was not fun to clean up.
Hit ‘em with the Spammer Hammer
Enter the Spammer Hammer. (Credit to my wife for coming up with the snazzy name; I had something all picked out but this is much better. ) The Spammer Hammer takes several steps towards making the cleanup process more efficient, but stops short of a full-out removal. I have very specific reasons for that which I will detail in a bit. There are generally several steps required to clean up after a spam-bot attack:
- Delete the posts or topics and clean up afterwards
- Delete the user
- Select banning options
There are already standard phpBB features in place that will allow you to delete a user. If you have only one user to remove, the admin panel option is effective and already available. (If you need to delete multiple users there are other phpBB MOD options available.) If you need to ban a user there are several options available there too. You can ban by IP address, by email address, or you can ban a specific username. Different board owners might choose different tactics. For example, I don’t generally ban by IP address because it’s a bit too broad in my opinion.
So that leaves one glaring weakness to address: the actual cleanup of posts and topics. We have, via the moderator control panel, the ability to mass-select topics for deletion. We have the ability to split out a series of posts at the end of a topic, or even individual posts within a topic via the standard “split” process. Once split, those posts can easily be deleted. But if you have 40+ posts spread out across your board, some of them embedded within existing topics, there is no effective way to quickly locate and remove those posts. Especially if some posts are tagged within existing topics that you want to preserve.
And while your moderator team is busy cleaning out the existing spam-bot posts the spammer might still be on the board actively posting new ones! I have experienced this myself at phpbb.com in my role as moderator there. It can be extremely frustrating.
I’m still finalizing some of the features of the MOD, and will post a more detailed specification in a few days.