The following text is here only for history.

phpBB antispam solution

I'm the owner of a phpBB forum, and I'm tired of the phpBB spam. It seems I'm not alone, so I decided that an antispam solution for phpBB is a good business opportunity.

Unfortunately, after writing a draft specification, I realized that I have resources (mostly time) to implement the solution. If you want, you can try it. The specification follows.


Spammers investigate new possibilities, and now they like spamming discussion boards. I'm the owner of one of the phpbb boards, and I'm tired of spam. I want to have an antispam solution for phpbb:

At the moment, simple methods of spam detection are enough:

When to check for spam:

The solution will be used with other phpbb mods, so changes in the phpbb code should be minimal. An installation process should be simple. As the program is shareware, there are registered and unregistered versions, and a process of entering a registration key should be trivial. The pages with statistics and for management are required.

Code should follow the phpbb styleguides for mods writers (TODO: find them and insert the URL) and pass the phpbb mods checks (TODO: find).


TODO: describe.

The predefined list of the spam phrases also should be installed.


TODO: describe new tables

For each functionality


You can specify these details either in this section, either in other appropriate sections.

When posting a message

If user is trustworthy (registered more than N days ago and have more than K posts), then the posting is approved without any further spam checks.

The posting (the fields: text, user name, user email, user web site) is checked against the spam phrases. If found, then the message is cancelled. Statistics ("cancelled") is updated. An e-mail to administrator is sent (or not: depends on the settings).

The exception to the previous: if the demo period is over, then the posting is mangled as below (but text of the wrapper is another), statistics ("cancelled") is updated, the result is posted and an e-mail is sent.

If the posting contains an URL (TODO: what's an URL), then the message is suspected. Statistics ("suspicous") is updated. Text of the posting is modified: the space is inserted between the all letters of the text, it is wrapped by a some text (will be specified later), and the result is posted. An e-mail to administrator is always sent.

Content of the e-mails (some filed may be missed):

Suspicious message is not a spam

The text of a suspicious message is wrapped by some text, this text contains a link to the "not-a-spam" page.

The "not-a-spam" page checks for the administrator rights (TODO: define details), demangles the message (deletes the wrapper and the spaces), saves it and updates the search index (TODO: and maybe something other, I don't know). Statistics ("false positives") is updated.

Delete message

When administrator deletes a message, he should get the standard question ("are you sure"), and also an input area "add to the spam list". If the message contains URLs (remember to demangle "suspicious" messages), these URLs are automatically added to the field.

Before deleting the message, split the input field on strings and delete leading and trailing spaces. If there are phrases to add, then update the list of spam phrases. If the message was not suspicious, update statistics ("false negatives").

Administrator: main page

The main page contains statistics, a registration information and links to the reports.

Report "suspicious messages"

Lists all messages which are "suspicious". The page may look like a usual phpbb search page.

For the first version, mass-operations (for example, "delete all") are not required.

TODO: is one page ok or is it better to have page 1, page 2, etc?

Report "search for spam"

Searches for messages which contain the spam phrases. As it is a long operation, provides a date range for the messages, from X days before now to Y days before now. By default, from now to 7 days before now (the last week).

The page may look like a "moderate forum/topic" phpbb page, mass delete of selected messages should be possible, by default all messages are selected, there are two working buttons: "select all" and "unselect all".

Report "suspicious users"

Lists users whose profiles have URLs to homepages and who have posted 0 messages. Sorts them in the order of the date of the registration, the last registered user is first (at top).

For each user, provide: the name, the e-mail, the URL, and the link to the profile management.

Spam phrases management

The page to edit the list of spam phrases. Lists all the phrases, allows to mass-delete selected. Has an input field "add to spam list". It is possible to add several phrases at once. Split the input field on strings and delete leading and trailing spaces before updating the list.

Registered and trial versions

The trial version works either for 14 days, either for 100 cancelled messages (depends on what happens first). When the trial period is expired, cancelling of spam is limited as described above.

A registration key is generated for the server name (TODO: it is a setting in phpbb) after an user pays for a registration. It is ok to have a simple algorithm for the key generation and validation. TODO: suggest an algorithm.
Oleg A. Paraschenko <olpa uucode com>