Prevent Spam on PunBB

One of the main problems with PunBB is that its very prone to spam. While there are some plugins out there that deal with this, I prefer to use my own little hacks instead.

Open up post.php and find some code that looks like this:

// Validate BBCode syntax
if ($pun_config['p_message_bbcode'] == '1' && strpos($message, '[') !== false && strpos($message, ']') !== false)
{
require PUN_ROOT.'include/parser.php';
$message = preparse_bbcode($message, $errors);
}

Below that code add the following


if ($pun_user['is_guest'])
{
$temp_message = strtolower($message);//lowercase it so we can be case insensitive, stripos is php5 only
if ((strpos($temp_message, 'http://') !== false) || (strpos($temp_message, 'https://') !== false) || (strpos($temp_message, '[url') !== false) || (strpos($temp_message, '[img]') !== false) || (strpos($temp_message, '[email') !== false) || (strpos($temp_message, 'www.') !== false) || (strpos($temp_message, '@') !== false))
$errors[] = $lang_post['Guest spam protection'];
}
else if ($pun_user['num_posts'] <= 5)
{
$temp_message = strtolower($message);//lowercase it so we can be case insensitive, stripos is php5 only
if ((strpos($temp_message, 'http://') !== false) || (strpos($temp_message, 'https://') !== false) || (strpos($temp_message, '[url') !== false) || (strpos($temp_message, '[img]') !== false) || (strpos($temp_message, '[email') !== false) || (strpos($temp_message, 'www.') !== false) || (strpos($temp_message, '@') !== false))
$errors[] = $lang_post['New Member spam protection'];
}

If you allow guests to post it will look to see if they are posting a link, image or a email address. It might seem like double work to test for http:// and [url but a lot of spam bots are stupid and will attempt to put bbcode on blogs, email forms and all over the web. I’ve found sometimes they wont even put the http:// but put in the bbcode [url]. Don’t ask me why, but thats how some spam bots were programmed and so you might as well filter them all. Its a good idea to filter for the @, I’ve gotten some spam where a bot put up a work at home post and had their email address for a contact. Sometimes they will just try to put in www. hoping the forum will pick it up and turn it into a link. You might also add a test for some TLDs (top-level domains, such as .com, .net, .org), incase they leave off all the prefixes. I’ve yet to see bots do that, but I’m sure they probably will, good thing is, that its a easy addition. 😉

If you don’t allow guests don’t worry, this code will still work. The code also tests for registered users and sees if they have more than five posts (feel free to increase or decrease that amount) and if so they will be allowed to post links, images and email addresses. Most bots out there sign up once and spam the message board one time. And later on they will re-register and put up another post, I’ve yet to see any spam bots use the same login to spam some more.

Open up \lang\English\post.php and after

'Edit redirect' => 'Post updated. Redirecting . . .'

Add a comma at the end of that line and then add


'New Member spam protection' => 'New Members can not post links, images or email addresses until they become more active.',
'Guest spam protection' => 'Guests can not post links, images or email addresses.'

You will want to add the spam protection to edit.php also, so open that up and after


// Validate BBCode syntax
if ($pun_config['p_message_bbcode'] == '1' && strpos($message, '[') !== false && strpos($message, ']') !== false)
{
require PUN_ROOT.'include/parser.php';
$message = preparse_bbcode($message, $errors);
}

Add the following (its pretty much the same as the post.php uses except there is no test for guests since guests can’t edit posts anyway).


if ($pun_user['num_posts'] < = 5)
{
$temp_message = strtolower($message);//lowercase it so we can be case insensitive, stripos is php5 only
if ((strpos($temp_message, 'http://') !== false) || (strpos($temp_message, 'https://') !== false) || (strpos($temp_message, '[url') !== false) || (strpos($temp_message, '[img]') !== false) || (strpos($temp_message, '[email') !== false) || (strpos($temp_message, 'www.') !== false) || (strpos($temp_message, '@') !== false))
$errors[] = $lang_post['New Member spam protection'];
}

And now you have spam control. Granted its a hack and not a plugin, it works pretty good. 🙂

Tags: , ,

Comments -49-0 of 10 to “Prevent Spam on PunBB”

  1. -49 · Alan of Phone Discuss says:

    Hi Buddy,
    Have you tried the Akismet spam blocker for PunBb? It works for me. But i still love your code. Thank you.

  2. -48 · blogger says:

    I haven’t tried that plugin. I’m not sure if forum posts are just blocked, deleted or if there is any moderation queue. I find it easier to maintain my own little hacks than plugins. :p

  3. -47 · Anonymous says:

    I have put your code in all my forums and am in peace now. Nice job done. Really easy to implement also.

  4. -46 · cstef says:

    Really nice, thanks for the simple solution! Works Great!

  5. -45 · Erik says:

    Sweet and Easy!

    This was exactly what I was looking for, works like a charm. Thanks.

  6. -44 · M says:

    This is ingenius. I am getting slammed with porn on my new site (www.reelcomix.com) I have just installed this to see how it helps. I have tried other solutions with mixed results. Nice job on this code!

  7. -43 · Chris says:

    Thanks for the code, been having a nightmare just recently.

    Keep up the excellent work

  8. -42 · Chris says:

    As I mentioned in my last comment, the code is excellent, but I did initially have an error after installing it.

    The problem was with the number of posts being defined as ‘< = 5’. The ‘=’ was causing the issue. This was easily rectified by simply stating ‘< 5’, (or however many posts required).

    Not sure if this is just applicable to my version or not, but thought it worth mentioning.

    Thanks again.

  9. -41 · blogger says:

    I just noticed there was a space inbetween the < and the =, it needed to be removed (I’ve updated the code). I may update this page with my latest spam prevention code which is easier to change in 1 location rather than having to update stuff in several spots.

  10. -40 · Poland says:

    Thanks spam gone, good job !! greetings from Poland

Leave a Comment

Comments are reviewed before publishing to prevent spam.