2012-04-07, 04:27 PM
How to prevent spam on your MyBB Forum.
Hello guys. I know there may be more things written about this, but what I'm going to put here is written on my own experience, because I've had this problem recently and I couldn't find a solution.
For those who want to know why I writting this, is because I've been like a month with a spam problem that I couldn't solve using the online things that I read, and I even asked in this forum.
However, yesterday I mananaged to solve the whole matter with an stupid thing that MyBB brings itself. I'll try to be as clear and short as possible.
When you find out that bots are registering in your forum, act.
- Why ?
+ Because if you do not act, it will become a bigger problem, which happened to me.
- You gotta check that your server isn't filled with bots. Sometimes, host companies ( at least some of them that I saw ) are filled with bots. Maybe because of an attack they received or just because they let them pass.
Anyways, you can solve this problem yourself.
- How ?
First, you gotta configure your MyBB Forum with the default options that it brings.
Go to : Configuration [Tab] > Settings > General Configuration.
You gotta find the Captcha module, then select ReCaptcha since it's much harder than normal Captcha
![[Image: ex2AW3.jpg]](https://camo.mybb.com/065d1d2814d0172fc839b53ecc0419c1abf268b9/687474703a2f2f73637265656e736e6170722e636f6d2f652f6578324157332e6a7067)
If the default ReCaptcha gives you problems, use the plugin that you can find here :
http://mods.mybb.com/view/recaptcha
Personally, I had problems with the default one so that's why I tell you this.
After installing the plugin, lets get it to work :
We'll go to Settings > reCAPTCHA Settings
There you should see something like this :
![[Image: c0izV0.jpg]](https://camo.mybb.com/3fbe29bf921980cc0243cfe89365ffd5526b2f96/687474703a2f2f73637265656e736e6170722e636f6d2f652f6330697a56302e6a7067)
It will ask you for a public key and a private key, something which is common on these plugins. We'll get it here :
https://www.google.com/recaptcha/admin/create
There you will sign-up and get both keys, and you have to place them there. Style and language can be configured in the same part aswell.
Now, go to Settings > User Registration and Profile Options.
If you're being 'invaded' by bots, then you should disable registrations since it will take down your bandwith and you'll have to delete more bots later.
The registration method should be set as Email Verification, you can change it to invitation ( plug-in ) or admin activation.
I do not recommend Instant Activation since that helps trolls and bots.
- Username length put it as you wish, but do not let names be quite long.
Require complex password : Set it to Yes, it will help since bots sometimes use weak passwords. Even that, your users will be more secure.
- Allow mails to be registered multiple times ? : No.
- Max Registrations per IP : 1 or 2, no more.
- Display a hidden CAPTCHA : YES.
For me, this was the final key to stop spambots. It seems to work quite good with them.
Leave the Hidden Captcha field as email3, most of them will fall there.
Configuration > Security Questions
This is quite important also. For gods sake, try to be original with your questions. Sometimes, administrators leave the default answer of sets it as something like 1+1. Nowadays, bots are able to read those kind of things and they'll break through your question.
Ask something like, "What's Colon's white horse color?" - Then you set white as answer.
I mean, try to be original, do not use things like : Solve 1 + 1.
In SQ you can check whether people have failed the captcha, also the percentage.
You can download it here : http://mods.mybb.com/view/registration-s...y-question
Settings > Fassim Anti Spam
This plugin has a database with mails and IP Addresses. It will check if the users trying to register in your forum are legitimate or not, using known spambot lists.
After you install it, goto http://www.fassim.com/get-api-key/ to obtain your API Key.
Write your info and you'll recieve your API key in a short time, then paste it in the API Key box.
Set Check Emails?,Check IP addresses,Block Anonymous Proxy, Block Top Spamming ISPs, Block Top Spamming Domains to yes.
If you want to block countries you just gotta type them in the box where is says Block Country.
You can obtain country codes here :
http://www.fassim.com/country-codes/
Stopforumspam
You can get this plugin at http://mods.mybb.com/view/stopforumspam-com-for-mybb
After you install it, go to Settings > Stopforumspam(dot)com check.
There set everything to yes but "All criteria must be met to deny registration", which should be set to no.
===========================
If you have problems with an specific range of IP's or Mail Addresses you can solve this also.
Go to : Users and Groups > Banning.
There, select "Disallowed Mail Addresses tab".
For example, if users are registering using @spamiscool.com you can ban that domain. It's quite easy, you just have to do this.
*@spamiscool.com
Using this, no-one can register using @spamiscool.com
To ban an IP Range go to Banned IP's tab and there ban whatever you need. To ban a range just do
127.2.*.* ( Example )
===========================
The last thing, brought commonly by MyBB is Akismet.
You can find it in the plugins section. There activate it and go to Settings > Akismet.
Turn it on, then get your API Key at http://wordpress.com/api-keys/
This tool is used to ban users which are posting spam. It doesn't fail usually, so it's quite useful also.
Well, this is all that I've written in half an hour or so. I wrote this myself even knowing that there may be other tutorials out there but I just wrote it myself as I had this problem a day ago.
Banning countries from htaccess isn't a solution, since IP's are a-changing and bots come from every single place of the world.
I hope that this guide helped you :3
Sorry for my grammar failures.
For those who want to know why I writting this, is because I've been like a month with a spam problem that I couldn't solve using the online things that I read, and I even asked in this forum.
However, yesterday I mananaged to solve the whole matter with an stupid thing that MyBB brings itself. I'll try to be as clear and short as possible.
When you find out that bots are registering in your forum, act.
- Why ?
+ Because if you do not act, it will become a bigger problem, which happened to me.
- You gotta check that your server isn't filled with bots. Sometimes, host companies ( at least some of them that I saw ) are filled with bots. Maybe because of an attack they received or just because they let them pass.
Anyways, you can solve this problem yourself.
- How ?
First, you gotta configure your MyBB Forum with the default options that it brings.
Go to : Configuration [Tab] > Settings > General Configuration.
You gotta find the Captcha module, then select ReCaptcha since it's much harder than normal Captcha
If the default ReCaptcha gives you problems, use the plugin that you can find here :
http://mods.mybb.com/view/recaptcha
Personally, I had problems with the default one so that's why I tell you this.
===========================
After installing the plugin, lets get it to work :
We'll go to Settings > reCAPTCHA Settings
There you should see something like this :
It will ask you for a public key and a private key, something which is common on these plugins. We'll get it here :
https://www.google.com/recaptcha/admin/create
There you will sign-up and get both keys, and you have to place them there. Style and language can be configured in the same part aswell.
===========================
Now, go to Settings > User Registration and Profile Options.
If you're being 'invaded' by bots, then you should disable registrations since it will take down your bandwith and you'll have to delete more bots later.
The registration method should be set as Email Verification, you can change it to invitation ( plug-in ) or admin activation.
I do not recommend Instant Activation since that helps trolls and bots.
- Username length put it as you wish, but do not let names be quite long.
Require complex password : Set it to Yes, it will help since bots sometimes use weak passwords. Even that, your users will be more secure.
- Allow mails to be registered multiple times ? : No.
- Max Registrations per IP : 1 or 2, no more.
- Display a hidden CAPTCHA : YES.
For me, this was the final key to stop spambots. It seems to work quite good with them.
Leave the Hidden Captcha field as email3, most of them will fall there.
===========================
Security Questions.Configuration > Security Questions
This is quite important also. For gods sake, try to be original with your questions. Sometimes, administrators leave the default answer of sets it as something like 1+1. Nowadays, bots are able to read those kind of things and they'll break through your question.
Ask something like, "What's Colon's white horse color?" - Then you set white as answer.
I mean, try to be original, do not use things like : Solve 1 + 1.
In SQ you can check whether people have failed the captcha, also the percentage.
You can download it here : http://mods.mybb.com/view/registration-s...y-question
===========================
Fassim forum Anti-SpamSettings > Fassim Anti Spam
This plugin has a database with mails and IP Addresses. It will check if the users trying to register in your forum are legitimate or not, using known spambot lists.
After you install it, goto http://www.fassim.com/get-api-key/ to obtain your API Key.
Write your info and you'll recieve your API key in a short time, then paste it in the API Key box.
Set Check Emails?,Check IP addresses,Block Anonymous Proxy, Block Top Spamming ISPs, Block Top Spamming Domains to yes.
If you want to block countries you just gotta type them in the box where is says Block Country.
You can obtain country codes here :
http://www.fassim.com/country-codes/
===========================
Stopforumspam
You can get this plugin at http://mods.mybb.com/view/stopforumspam-com-for-mybb
After you install it, go to Settings > Stopforumspam(dot)com check.
There set everything to yes but "All criteria must be met to deny registration", which should be set to no.
===========================
If you have problems with an specific range of IP's or Mail Addresses you can solve this also.
Go to : Users and Groups > Banning.
There, select "Disallowed Mail Addresses tab".
For example, if users are registering using @spamiscool.com you can ban that domain. It's quite easy, you just have to do this.
*@spamiscool.com
Using this, no-one can register using @spamiscool.com
To ban an IP Range go to Banned IP's tab and there ban whatever you need. To ban a range just do
127.2.*.* ( Example )
===========================
The last thing, brought commonly by MyBB is Akismet.
You can find it in the plugins section. There activate it and go to Settings > Akismet.
Turn it on, then get your API Key at http://wordpress.com/api-keys/
This tool is used to ban users which are posting spam. It doesn't fail usually, so it's quite useful also.
Well, this is all that I've written in half an hour or so. I wrote this myself even knowing that there may be other tutorials out there but I just wrote it myself as I had this problem a day ago.
Banning countries from htaccess isn't a solution, since IP's are a-changing and bots come from every single place of the world.
I hope that this guide helped you :3
Sorry for my grammar failures.
