PunBB Spam Prevention Part 3

Since the last time I’ve noticed a few little things spammers have been doing and some things I forgot to mention. So here is Part 3 on Spam Prevention for PunBB.

Prevent Guests from Seeing Profiles
Before the following line

// Load the profile.php/register.php language file

Add this

if ($pun_user['is_guest'])
message($lang_common['No permission']);

I’ve also gotten some people that register and put their spammy sites in their signature, but its easy to disable signatures. Just put multiple line comments around the following lines in viewtopic.php

// Do signature parsing/caching
if ($cur_post['signature'] != '' && $pun_user['show_sig'] != '0')
{
if (isset($signature_cache[$cur_post['poster_id']]))
$signature = $signature_cache[$cur_post['poster_id']];
else
{
$signature = parse_signature($cur_post['signature']);
$signature_cache[$cur_post['poster_id']] = $signature;
}
}

Now it should look like this. They can still enter links in their signature from their profile page but it won’t show up on any posts.

/*
// Do signature parsing/caching
if ($cur_post['signature'] != '' && $pun_user['show_sig'] != '0')
{
if (isset($signature_cache[$cur_post['poster_id']]))
$signature = $signature_cache[$cur_post['poster_id']];
else
{
$signature = parse_signature($cur_post['signature']);
$signature_cache[$cur_post['poster_id']] = $signature;
}
}
*/

There is another field in a person’s profile for them to put in a value for their web site, so you might prevent that from showing up as well. I just turn it off in Administration -> Options and under Display and User info in posts.

Show information about the poster under the username in topic view. The information affected is location, register date, post count and the contact links (e-mail and URL).

Want to use rel="nofollow" for links? Open up include\parser.php and modify the return line of the function handle_url_tag to look like this.

return '<a href="'.$full_url.'" rel="nofollow">'.$link.'</a>';//MODIFIED

I now prevent members from registering with URLs or @ in their member name. The only way PunBB could prevent this otherwise is to use the censor feature but that isn’t a good idea since the members that prove they are real will need to be allowed to post links later on.

Open lang\English\prof_reg.php and add the following near the top

'Username spam' => 'Usernames may not look like a URL or email address. Please choose another username.',/*MODIFIED*/

Now open up register.php and after the following lines

else if ((strpos($username, '[') !== false || strpos($username, ']') !== false) && strpos($username, '\'') !== false && strpos($username, '"') !== false)
message($lang_prof_reg['Username reserved chars']);

add

else if (strpos($username, 'http://') !== false || strpos($username, 'https://') !== false || strpos($username, 'www.') !== false || strpos($username, '.com') !== false || strpos($username, '@') !== false)/*MODIFIED*/
message($lang_prof_reg['Username spam']);

That should prevent anyone from registering a spammy username.

Tags: , ,

Leave a Comment

Comments are reviewed before publishing to prevent spam.