Ed's Big Plans

Computing for Science and Awesome

Fighting spam account registration (phpBB3)

with 3 comments

I was asked to deploy a means to fight spam account registration on a phpBB3 installation. I tried the advice posted by Nadav Samet, but the version of phpBB3 we use doesn’t seem to respond to changes made to profile_add_body.tpl. I settled on an approach that’s similar to the one posted by Steve Maury, but is slightly improved as you can request any exact string for an answer from the registrant.

This method should work with phpBB3 version 3.0.x.

This method results in a mandatory field to be completed by the registrant during registration time. You can assign it any question you like where the answer is a string of text that you decide. I’ve given a really simple question in this example. Use a more difficult question that a bot would have trouble with but that your typical registrants can answer.

We do this with a custom profile field in the registration screen as in the below screen capture.

The above is a screen capture of an example mandatory question (choose a more secure question).

There are two steps to setting this up.

First, set up a custom question that must be answered — you can find such a setting in the administrative control panel (ACP) as in the following screen capture.


Add a mandatory question in user and groupscustom profile fieldscreate new field.
Here, I’ve named mine guelph_question.

After you click Create new field, you will be presented with a screen where you can create the question of your choosing — be sure to make the field mandatory by using the radio button labelled Required field listed under Visibility options.

Second, add the following code indicated below in includes/ucp/ucp_register.php — Notice that I’ve placed my custom code after existing code to check for a valid password and e-mail. This is commented under validate custom profile fields ( — just checked — starts at line 247 in the 3.0.9 source code). Replace the simple question and answer I’ve placed there with your own question and answer. Notice that you also have full control over the error message that the registrant sees if they answer the question incorrectly.

// validate custom profile fields
$cp->submit_cp_field('register', $user->get_iso_lang_id(), $cp_data, $error);

if (!sizeof($error))
{
	if ($data['new_password'] != $data['password_confirm'])
	{
		$error[] = $user->lang['NEW_PASSWORD_ERROR'];
	}

	if ($data['email'] != $data['email_confirm'])
	{
		$error[] = $user->lang['NEW_EMAIL_ERROR'];
	}
}

// Anti-spam code below ...
if (!sizeof($error)) {
	if (!isset($_POST['pf_guelph_question']) ||
	$_POST['pf_guelph_question'] != 'Gryphon') {
		$error[] = 'Incorrect answer to Guelph question.';
	}
}
// ... EOAnti-spam code

And you’re done.

I hope this works for you! Enjoy 😀

Eddie Ma

December 29th, 2011 at 4:49 pm

Giovanni says...

Thank you very much, Eddie . Your post solved my spambots problems.

Eddie Ma says...

Neat! I’m happy to have helped 😀

Vasch says...

Hi Eddy,

Thanks allot for this info. I was looking for a solution since weeks! Seems to work fine.