Master of Magic - Implode's Multiplayer Edition

I'm getting a tad annoyed at the number of spam users being created on the forum, even though most of them aren't actually making posts (& if they do, then I just clean them off straight away). If anyone has experience with php & phpBB, enough to make some small mods to the forum, and wouldn't mind helping out then I'd sure appreciate it :D

Thanks,

Implode.

Well, you already have the board accessible only to members (which by the way isn't such a great idea in my opinion)...

I would assume that phpBB has an option to force new users to validate their e-mail address by clicking a verification link after creating their account. Thus, my suggestions, that shouldn't require any modifications to the scripts:

- Allow guests to read all boards (it's user-friendly)
- Disallow guests from posting, also disallow any user group from posting that has not passed the e-mail verification
- Have new users require the e-mail verification
- Ban registrations coming from *@spambob.org (may not be necessary)

Unless the bots know how to work around the e-mail validation, this should help.

However, this would leave you with the problem of bots signing up just to spam the member list and fill their profiles with spam links. How to prevent it? Well, I'm not sure. One way would be to write up a php script to automatically delete members with 0 posts, and run that script daily via a cron job.

I haven't worked with phpBB myself, just Invision. But 2 cents that may or may not be worth anything... :)

And good work on the project, too! (Nice to see it hasn't vanished like many other closed-source projects revolving around MoM - hope it doesn't, either ;))

saboteur wrote:Unless the bots know how to work around the e-mail validation, this should help

They must do, since there's still tons of bot users being created.

Not sure if my hosting will allow me to set up cron jobs... although even if I can't, I could kick it off manually. Of course that'll delete any genuine users with 0 posts which would be a shame...

saboteur wrote:Nice to see it hasn't vanished like many other closed-source projects revolving around MoM

If I was going to give up, it would have been in the last few months while making the huge changes to get fog of war working. Now I'm this far I don't see myself just suddenly packing it in. So just hope I don't get run over by a bus in the next few years :)

Implode.

Implode wrote: Not sure if my hosting will allow me to set up cron jobs... although even if I can't, I could kick it off manually. Of course that'll delete any genuine users with 0 posts which would be a shame...
Implode.

Not if you allow everybody to view the forums as a guest. Those who really need to post won't have post count 0 and they won't get deleted. Those who don't post don't really need accounts anyway :-)

Is it just me or did we just get a huge... jump in members?

It's been awhile since I ran a phpBB, but I also remember the spammers getting very clever and being able to get past email validation. A quick search on phpBB's mod's website found this:

http://www.phpbb.com/mods/db/index.php? ... ib_id=1573

the announcement posting:
http://www.phpbb.com/community/viewtopic.php?t=375262

maybe it'll help -- it just removes the website field from the forum reg page, so if a bot enters a form with the website data, the mod blocks them from registering. unfortunately, it looks like some bots have ways of getting around it (but it should help a bit, at least).


this one:
http://www.phpbb.com/community/viewtopi ... 5&t=465600

is customizable, allowing you to remove exactly which fields you don't want. hope it helps!