*The current phpbb2 forum on sumbit.com is a "honeypot" (a fake forum set up as a trap to collect and obtain information on bot spammers).  That is this site's forums only purpose.  Results from that forum and several others are shared approximately every 60 days and will be shared again on this page on or about the first week of October..

Some webmasters have the attitude of "ignore the problem and it'll go away".  This is the silliest concept I have heard.. There are three problems with this thought process:

1. Many of these spammers are organized and actually share / trade their lists of spammable boards, if yours is an easy target, it can only get worse once they share their lists with other spammers..  Overtime they will completely inundate the majority of your memberlist.
2. By ignoring the problem you are making it worse for everyone else by simply making it "easy for them"..
3. If you are concerned about SEO (especially your page rank), these memberlist spammers and spam posters are literally draining your websites Google PR.

Let's be honest here, it would be impossible to eliminate all phpBB spam, but here are some steps to stop at least 95% of it (Primarily due to the mods located towards the end of this page):

NOTE: All Blacklists are now in 'easy to import' 1 step copy and paste format.

Word Censoring List (geared towards the url censor mod described further down below):

Click here to download our Word Censoring List  Updated August 3rd 2007  (Currently this list must be added manually)

(The words contained in this list were gathered from repeat offenders posting more than once on more than one forum and should stop the majority of SPAM URL's from being promoted).  If you use the URL censor mod (described further down below) that censors urls/sigs/etc.. This is an aggressive list that will kill at least 85% of the most popular spammers:
(depending on the content your forum has, you may want to remove some of these from the list).  When using this, be sure to leave spaces in your "Replacement" section - i.e.: "please ban me" this will truncate the urls they post and as a result is will not only disable the hyperlink but make it stand out like a red flag so it is easier to identify spammers..
For example: Some spammers will type a message using blue font and incorporate hundreds of links in their post by linking to some of the characters in the post (thereby making it difficult to detect the links as the color is the same and your cursor will only change if you put it over the top of the correct characters) Depending on the users of your forum you may or may not want to use all of the wild carded tld extensions.  For example, the *.info tld was blacklisted as ALL posts with a .tld extension over multiple forums were SPAM (It appears that the *.info tld is the "ghetto" of the internet, it's one of the cheapest and one that is utilized most heavily by spammers from impoverished foreign countries).
Recommended actions: 

Aside from using the blacklists provided above, these are additional measures you can take to eliminate most spambots:

1. Enable your forums Captcha -Turn on your captcha in your ACP, most bots work around this, but it may help eliminate a small percentage of older bots.
2. Enable "Account Activation" (via the users email) - Using the Admin activation may eliminate spam however in the end it will be just as much work as deleting spam and your forums activity will most likely suffer as most users sign up because they wish to immediately and impulsively reply to something they've read...  If you enable their account manually at a later time, they may not return. 
3. Hide from spammers - Make it harder for spammers to find you, without sacrificing surfers being able to find you:
   1. Do not use /phpBB2/ as a forum location. - If your boards address is sitename.com/phpBB move your board to another address such as sitename.com/widgets.  - This takes less than 30 seconds to do (with the exception of changing links on any HTML pages and emailing your members about the change.
   2. Remove phpBB text - Remove the "Powered by phpBB 2.0.21 © 2001 phpBB Group" and replace it with an image of the text (so SE's do not pick up on the "phpbb"
   3. Use Robots.txt to block SE's from indexing non vital areas of your forum. If your forum url is http://yoursitename.com/widgets  create a text file and place the following in it (substituting widgets with the forums location, name it robots.txt and upload it to http://yoursitename.com/robots.txt )

User-agent: * Disallow: /widgets/profile Disallow: /widgets/groupcp Disallow: /widgets/memberlist Disallow: /widgets/post- Disallow: /widgets/posting Disallow: /widgets/search Disallow: /widgets/updates-topic Disallow: /widgets/stop-updates-topic Disallow: /widgets/ptopic Disallow: /widgets/ntopic Disallow: /widgets/profile Disallow: /widgets/groupcp Disallow: /widgets/login Disallow: /widgets/modcp Disallow: /widgets/privmsg Disallow: /widgets/memberlist Disallow: /widgets/mark-forum


Recommended mods: (I am not one for gurantee's.. but the combination of these make me want to make one)

• IP logged upon Registration - good for banning memberlist spammers who do not post, but continually rejoin (May results mentioned further below illustrated that 53.3% of signups were memberlist spam and that 60% of those that posted used a different ip address to post than what they used to sign up.)
• URL Censor - good for censoring bad spam urls in posts, memberlist web addresses, signatures, etc
• AutoDelete Non-Activated Users - good for removing memberlist spammers who do not confirm
• AntiSpam Question (easy to install and modify). We've made this mod more successful based on other antispam mods.. I would recommend that you change the default question "What color is a lemon " and the answer "yellow" to something that requires thought.  Using the default question and answer will not be as effective as more people use this mod.. Better yet, if your forum is a regional forum change it to something users in your country or region would know the answer to, but foreigners most likely would not.  If a spammer does figure out the answer and shares it with other spammers, simply changing the question 1-2 times will more than likely dicourage them from wasting their time in the future.
• either one of these:
  • Deter Comment Spam adds a rel-nofollow tag to all urls so SE's do not pick them up.  This also includes an add-on mod separately that will allow you to configure it to make exceptions for allowed urls (this add-on is not needed).  This is not a bot or spammer deterrent as spambots won't know about this, however it prevents spammers from ruining your sites Google PR and eliminates the benefit of giving them SE link popularity, however they still can get surfer traffic. The downside is that good members will not have the benefit "SE-wise" of posting their urls.  If this is an issue, the next mod may be a better alternative.
  • There is another mod out there that will restrict new users from posting urls until they have reached X posts and have been a member for X days.. (This creates more work for spammer, most won't go through the trouble.. However this mod can be a forum killer as many new members may also become frustrated)

Need help installing one of the above mods?  We can install the first 4 mods for $50. Simply paypal $50 to contact@submitasite.com and then email us so we can gain the information neccessary to install the mods. We will also perform FREE UPDATES to your AntiSpam question and answer for at least 1 year!!! (in exchange for certain information about spammers who bypass the question).  (Price based on a forum that is not heavily modded and that does not have multiple templates.. if your board has many templates and is heavily modded, email us at contact@submitasite.com for a quote).

These are the mods we've found to be most successful, there are numerous other mods out there as well (i.e.: textual confirmation, etc...).

On June 5th we installed these mods along with the blacklists on two forums that were being hit 10x per day (300+ per month).  Since that time only 2 spammer have joined one of the forums, and the other had no spam member joins.  

Since June we have installed these mods on countless forums and ALL of them report 0 (ZERO) spam posts since then!!!!

Additional notes:

Always check all new joins, most of these spammers use the same things in their interest: "sport, sports, music, dance, racing, or whatever"  Their location is usually a generic "USA" or some other country, (If you're a regional forum and you see someone from another country, odds are they are spammers).  Most of these spammers are not the most intellectual users around and should be easy to identify due to poor grammar, spelling, etc..  I would have to guess most are from impoverished countries and are low income with little or no formal education...  Most also provide a bogus ICQ#, statistically the average  user usually does not fill out this field (with the exception of many webmaster oriented forums).

May Sumbit Honeypot Results:

The only protection this honeypot forum employs is the default visual confirmation and email verification (Guest posting allowed in one forum)*.

26 day average 3.4 spam sign ups a day (last 7 day average: 5.3 spam sign ups a day).  Based on the 7 day average, a board that has been online for 2 years would have 1934.5 spam members.  If you look at any phpbb forum that has been online for some time and view their  memberlist, you'll see this is a low estimate. 

88 members between 9 May 2007 10am and 05 Jun 2007 10am

Memberlist spam (Inactive Members): 53.3%
Members Posting spam (Active Members):  44.4%
Guest spam posts : 2.3%

Of those posting spam 60% used a different ip address to post than what they used to join. 

I would assume that 60% used their real ip address to join and then a proxy server to post because they know an unmodded forum by default only records the ip addresses of someone posting and does not log their ip addresses on registration.

*Note: On August 3rd, ip address blacklist and email blacklists were added to the forum at 12:00 EST to make updating easier. Also the url censor mod was installed to replace http:// with spam:// as we did not want to promote these spammers porn and pharmacy websites.