miniBB gets a lot of interest regarding its effective protection methods from spam. Actually, if the spammers begin to attack your forums, it's the good sign. Spammers will not post on the site which is difficult to find. That only means your forums already have an audience of visitors. But at this moment we could give a 100% warranty that miniBB is fully protected from automated bots attacks. In this thread I will try to quickly explain how to achieve the level of protection you choose.
miniBB could be set up to allow or disallow guest posting; it is allowed by default, and this is the only correct way when you start
your forums. Later when your community grows and gets instant visitors, you could set it up for registered members only
; anyway, this really wouldn't prevent from bots spamming, because the account could be registered manually and then its login/password used in the automated program to log-in and spam.
However, we need to separate guest actions from the member actions, because member actions usually require more resources and more difficult software to spam. That's why two basic processes we need to protect initially, are:
- Registering new accounts;
- Posting new messages and/or topics by guests and members.
In a few cases, it is also important to prevent forums from the external monitoring, protecting:
- Search function.
If you have installed some of our premium add-ons like "File Bank
" or "Polls
", here are also some points we shall keep in mind:
- Uploading a file by a guest user in "File Bank";
- Voting by a guest in "Polls".
All the mentioned above currently could be controlled by our premium "Captcha" add-on
. On our own forums we get a lot of automated attack attempts each day, but none of them passes through, except when posted manually (there is actually no protection from the manual spam). Take a look at the Captcha improvement
codes to make it even more secure.
Captcha protects your forums from automated registrations, posting new messages and/or topics, it could also protect the search function and the aforementioned add-ons. Configuring Captcha, you could achieve additionally that even registered members with less than X posts are asked to enter Captcha code, or its session could be re-generated each time when somebody performs a human-check-required-action.
However few users may not like Captcha-based protection, because they have seen on other websites the phrases provided are sometimes not recognizable or difficult to solve even for a human. Or - sometimes the web hosting doesn't allow to use graphic libraries for generating an automated picture, that's why it would be physically impossible to install such add-on (and that's why we do not include it in the basic free package by default).
Despite our "Human Authorization" add-on is designed to be as simple as possible, and it effectively runs with any basic hosting plan provided nowadays, if you do not purchase our premium add-on, you also have a way to apply one of the free 3rd party solutions like:
Danny's miniBB recaptcha MOD provides reCAPTCHA service incorporated in miniBB;
Alternative to GD-based Captcha: solving math questions provides to solve simple math riddles.
Please note those protection methods may be limited in functionality and support. Distributing our Captcha add-on on a paid basis, we really mean it is worth the money, and its quality and premium support would satisfy you. Here is more about why this add-on is not free.
Because spammers mostly try to put their own URLs in the forum message, we have a simple yet nice plugin disallowing quests from posting URLs and other URL parts like certain domains, or any other piece of phrase you specify.
You could also pay attention to the topic explaining why some simple methods like mentioned would not work when protecting from spam bots. By now Captcha-based algorithms are so far the most secured.
If you would be still interested in how to protect your forums without Captcha, and without any external "human" questions or riddles, the only way of doing it is to open forums for registered members only. And the only way how to recognize a spam bot from a human in the registering process, is to verify his email address. For this, miniBB contains an option $closeRegister which generates user's password automatically and sends it on the email. Without reading this email and so without knowing the password sent, user can't enter forums. Enabling this simple option, you would need to pay attention to what to implement additionally.
This method however has a serious problem: nowadays many email filters block automated messages sent in verification purposes, and it could block the email from your forums, too. That's why many users couldn't receive such messages and couldn't register. You may lose some audience with it.
All aforementioned options are set under setup_options.php file, and all plugins are installed with instructions provided under readme.txt file. If you don't have an idea how to modify this file properly, or how to apply anything from the aforementioned correctly, address your task to professionals. Keep in mind this thread should explain everything you should know about how to protect miniBB forums from spam. If you don't know how, it doesn't mean it's impossible, and it doesn't mean you have a credit to be repeatedly answered.
Thank you for your understanding and miniBB choice!