Don’t let spammers take over your forum. Fight back! There’s nothing worse than creating a forum like phpBB or blog like WordPress spending countless hours posting and generating traffic only to have it over run with spam. Often forcing you to use strict CAPTCHA antispam features with a high severity of scramble on the image, you close new member registrations and often… the spammers still get in!
STOPPING SPAM
Keeping your forum or blog up-to-date with the latest available version of core files is frontline defense. Then mods like StopForumSpam for phpBB3 will check username/email/ip against the StopForumSpam.com 561682 list of spammers through an API. Much like Akismet does which is another good antispam method. The advantage of setting up an API is new members and posts are checked against a growing maintained database rather then bloating your own database with 561682 entries.
FURTHER PROTECTION
Further protection can be applied in the phpBB Administrator control panel. You can ban users by username, IP address, email address and common spam words. You can also ban multiple addresses and words at once by separating them with a comma in phpBB 2.x and line breaks in phpBB 3.x. Additionally WordPress, Movable Type, phpBB3 and Simple Machines all support wildcards * so you can ban *@*.ru to stop any users registering/posting if their email ends in .ru. Another example: *@hate.net,*@spam.com will ban anyone@hate.net and anyone@spam.com from registering.
I compiled these lists of email addresses, spam words, spam IP numbers, bad robots, grabbers website leechers and coppiers to ban over the years. I found them to be quite effective so offer them here for free. Of the 12,434 email addresses currently contained in the list most are ‘free’ email account providers and/or known spammers. Gmail Hotmail and Yahoo mail are not listed. You’ll see at the very start I have banned all .info and .ru addresses by *@*.info,*@*.ru You may want to remove these and peruse the list further, that’s up to you.
- phpBB2-spam-email-banlist.txt 12,434 spam email addresses comma delimited
- phpBB3-spam-email-banlist.txt 12,434 spam email addresses line break separated
- bad-bot-htaccess-banlist.txt 76 bad bots and site coppiers .htaccess banlist
- spam-ip-banlist.txt 175,248 spammer IP addresses banlist
- spam-words-banlist.txt 474 common spam words banlist
ADD A BANLIST TO YOUR FORUM OR BLOG IN 3 EASY STEPS
1) Copy – Click a list, right-click to select all, right-click to copy. OR – right-click on the link and select Save Target As. Locate the file on your computer and open it with Notepad or similar, highlight all addresses, right-click and select copy.
2) Paste – Login to your phpBB forum administration panel. On the left at the bottom under the User Admin section click Ban Control. On the right you should see, “Ban one or more email addresses”. Right-click on the input box and select Paste.
3) Submit – Click the Submit button.
Our lists have been formatted in Notepad and Microsoft Word to suit phpBB. It’s easy to manipulate our lists to suit your need. Simply use the Find and Replace feature in Word Notepad or Simpletext to make it compatible to other forums and blogs. If you would like to add to our Banlists please post in our Forum or here in the comments section below.
Your additions can help others stop blog spam. Our thanks to Satis for his contribution spam-words-banlist. 474 common spam words and known spammer domain names to ban. Happy blogging!
Kind Regards,
Croc Hunter
Webmaster
That list is massive! Thanks Croc.
That’s a long and concise banlist. Thanks for all your work man.
A big thank you for all the work you’ve put into those lists.
I have two questions:
1. How regularly do you update those lists and do you ever actually remove IP’s/emails from them when they become redundant and are no longer used by spammers?
2. The email and IP lists are quite huge. Would these not considerably slow down a forum as well as place a high degree of load on the server? Or, is this not an issue?
I’m considering giving them a try, but I have concerns about server load as well as how current the lists are.
We haven’t updated these lists for some time now Michael. phpBB3.06 introduced many security improvements and by setting these correctly you should not need to hand code .htaccess files. After a great deal of research, trial and error, I discovered a way to make a flood of spammers grind to a halt.
The answer to number 2 is; yes but only slightly. Spammers hammering your forum with requests, ilegitimate user registrations, old unused logs etc will cause far more cpu, query and banwidth load and database bloat.
If your forum needs an upgrade or serious overhaul I am for hire.