The Thinker

Spam Solutions for phpBB and MovableType

I was pleased to discover two real spam solutions for phpBB and MovableType recently.

phpBB is open source forum software. As you might expect it is written in the PHP programming language, which is installed by default on virtually every UNIX or Linux based web server. I run a message board using phpBB as well as earn some spare change installing and writing modifications to this popular software. However, spam has been a real problem lately for phpBB message boards. Spammers have created software that automatically creates and registers phony users for phpBB message boards. Their software is clever enough to defeat the Visual Confirmation modification, which is now integrated into phpBB. (This modification shows a word embedded in an image that you have to enter into the registration form in order to register.) Once “registered” these spam robots sometimes post spam as topics on the message board. They always place in the “Interests” and “Home Page” fields or the Member List pointers to spam sites.

My workarounds to date have had limited success. That is until I found the Anti-bot Question Modification. This is a clever solution. It requires, as part of the registration process, that the user answer a question that only a human could answer. Since I have installed it, I have had zero spam registrations. (I used to get dozens a week.) One small problem is that the modification was written in German. The English translation is workable, however. Therefore, if you have spam and a phpBB forum then installing this modification should be a no-brainer. In the event that the spam robots learn how to defeat the standard questions, simply create your own. You can also change the name of the registration form variable that collects the answer to the question easily through the Administrator Control Panel, further adding complexity which will drive away spam robots.

MovableType is the software I use to run this blog. With MovableType, the problem has been comment spam. The solution I found is mt-keystrokes. It uses Javascript to infer that a human entered information into a comment field. When a user types information into the comment text field, it triggers a Javascript event. This in turn causes the value of a hidden field posted with the form to change. This plug-in then has to check for the correct value in this field. If it has not changed, it assumes the form was submitted by a robot and is consequently spam. Otherwise, it assumes a human entered the comment. So far, it has worked flawlessly. As a result, my Junk Comments folder has been gloriously empty. There is no reason to sift through it looking for that one comment that might be legitimate. However, I was unable to get it to work correctly unless I used the form variable they provided. Consequently, this solution may be a temporary balm.

Now if only I could permanently banish email spam from my life. I have found a combination of solutions, but nothing that guarantees me that I will not miss a legitimate message or two. I strongly suspect the whole email architecture of the Internet will have to change before that problem is solved.


Leave a Reply

Switch to our mobile site