Pi in the Sky

phpBB and spam

Posted on April 19th, 2007 at 3:02am by Pi.
Categories: Development.

I just spent three hours trying to fix one of the phpBB boards I administrate so it could fight spam better. However, it wasn’t as easy as I thought. This was a very needed change for more than a year, but I felt very lazy about digging old code I changed and how to adapt new code to my changes.

The details: the board had phpBB 2.0.18, with some custom changes. It had no way to stop spammers from registering. I’ve been more than a year, since the first spammer registered, manually deleting the users and their spam posts. I also used exclusion rules for email domains and IPs, but they aren’t enough. They help, but far from perfect.

About a year ago, I discovered phpBB KittenAuth, a KittenAuth implementation for phpBB. It provides a nice test when registering in the board, and such test can’t be passed by spam robots, as happens with captchas. I think that captchas are enough for the usual robots, and only big places do need to worry about sophisticated robots. A robot with capabilities to defeat captchas will not worry about small sites, they target big sites.

Newer versions of phpBB include a captcha, unfortunately my version didn’t. So I had to choose, upgrade phpBB and use a captcha, or stay with my version and add KittenAuth, a better option for spam prevention than captchas. Ok, so I chose KittenAuth.

After one hour trying to adapt phpBB KittenAuth to my version, I discovered that I had to upgrade to phpBB 2.0.20 at least so KittenAuth could successfully substitute the captcha with its own test. I thought that KittenAuth would add a test, not substitute phpBB’s test. I was wrong, so my efforts went to hell. Fortunately, I did a backup so I could recover the original site.

After all that effort, it seemed that I had to upgrade to at least 2.0.20, which in fact has a captcha. It wasn’t easy, due to my changed code. The only sane option was using a patch. However, that has to be applied with a program called Patch (how original) which comes from Unix, and whose Windows versions are not exactly compatible. I had a hard time trying to find a working Patch program which would work with phpBB patch files, under Windows. These things really make me mad, but in the end I was able to apply the patch, upload the new board to the site, and finish the upgrade there. After some tests, I think the upgrade is ok, the captcha is working, and everything is fine. The board was updated to the latest stable phpBB, exactly version 2.0.22.

Now, instead of installing KittenAuth, I will look how the default phpBB captcha works. In the last month, I’ve removed one spam user every day (as average), despite what the board users might think (yes people, I kept removing them daily). Let’s see how many appear now. If one, even only one appear, I will change the captcha to a more advanced one. And if one appears after that, then I will install KittenAuth. I have the images ready, whose preparation took me the remaining hour I spent with all this. But for now, I’m done.

4 comments.

If you think you saw everything… »« Notice

Pi in the Sky is powered by WordPress. Dressed with Vistered Little. Hosted at MochaHost.