Don’t let spammers take over your forum. Fight back! There’s nothing worse than creating a forum like phpBB or blog like WordPress spending countless hours posting and generating traffic only to have it over run with spam. Often forcing you to use strict CAPTCHA antispam features with a high severity scramble and even close new member registrations yet the spammers still get in!
Stopping Spam
Keeping your forum or blog up-to-date with the latest available version of core files is frontline defense. Then mods like StopForumSpam for phpBB3 will check username/email/ip against the StopForumSpam.com 561682 list of spammers through an API. Much like Akismet does which is another good antispam method. The advantage of setting up an API is new members and posts are checked against a growing maintained database rather then bloating your own database with 561682 entries.
Further Spam Protection
Further protection can be applied in the phpBB Administrator control panel. You can ban users by username, IP address, email address and common spam words. You can also ban multiple addresses and words at once by separating them with a comma in phpBB 2.x and line breaks in phpBB 3.x. Additionally WordPress, Movable Type, phpBB3 and Simple Machines all support wildcards * so you can ban *@*.ru to stop any users registering/posting if their email ends in .ru. Another example: *@hate.net,*@spam.com will ban anyone@hate.net and anyone@spam.com from registering.
I compiled these lists of email addresses, spam words, spam IP numbers, bad robots, grabbers website leechers and coppiers to ban over the years. I found them to be quite effective so offer them here for free. Of the 12,434 email addresses currently contained in the list most are ‘free’ email account providers and/or known spammers. Gmail Hotmail and Yahoo mail are not listed. You’ll see at the very start I have banned all .info and .ru addresses by *@*.info,*@*.ru You may want to remove these and peruse the list further, that’s up to you.
- phpBB2-spam-email-banlist.txt 12,434 spam email addresses comma delimited
- phpBB3-spam-email-banlist.txt 12,434 spam email addresses line break separated
- bad-bot-htaccess-banlist.txt 76 bad bots and site coppiers .htaccess banlist
- spam-ip-banlist.txt 175,248 spammer IP addresses banlist
- spam-words-banlist.txt 474 common spam words banlist
Add a Banlist to Your Forum or Blog in 3 Easy Steps
1) Copy – Click a list, right-click to select all, right-click to copy. OR – right-click on the link and select Save Target As. Locate the file on your computer and open it with Notepad or similar, highlight all addresses, right-click and select copy.
2) Paste – Login to your phpBB forum administration panel. On the left at the bottom under the User Admin section click Ban Control. On the right you should see, “Ban one or more email addresses”. Right-click on the input box and select Paste.
3) Submit – Click the Submit button.
Our lists have been formatted in Notepad and Microsoft Word to suit phpBB. It’s easy to manipulate our lists to suit your need. Simply use the Find and Replace feature in Word Notepad or Simpletext to make it compatible to other forums and blogs. If you would like to add to our Banlists please post in our Forum or here in the comments section below.
Your additions can help others stop blog spam. Our thanks to Satis for his contribution spam-words-banlist. 474 common spam words and known spammer domain names to ban. Happy blogging!
Kind Regards,
Croc Hunter
Webmaster
That list is massive! Thanks Croc.
That’s a long and concise banlist. Thanks for all your work man.
A big thank you for all the work you’ve put into those lists.
I have two questions:
1. How regularly do you update those lists and do you ever actually remove IP’s/emails from them when they become redundant and are no longer used by spammers?
2. The email and IP lists are quite huge. Would these not considerably slow down a forum as well as place a high degree of load on the server? Or, is this not an issue?
I’m considering giving them a try, but I have concerns about server load as well as how current the lists are.
We haven’t updated these lists for some time now Michael. phpBB3.06 introduced many security improvements and by setting these correctly you should not need to hand code .htaccess files. After a great deal of research, trial and error, I discovered a way to make a flood of spammers grind to a halt.
The answer to number 2 is; yes but only slightly. Spammers hammering your forum with requests, ilegitimate user registrations, old unused logs etc will cause far more cpu, query and banwidth load and database bloat.
If your forum needs an upgrade or serious overhaul I am for hire.
I also noticed many of the bot/crawlers in your list were also the same ones often trying to crawl my old WordPress site. I’d blocked many of those but the old .htaccess file of mine got lost somewhere. I’d have to find a backup and compare.
If you happen to read this, would you also have any experience with phpBB-slowing bots or crawlers? Every now and then my users are complaining of low-responsiveness and timeouts at odd times like, timezone comparatively, 3AM, when the majority of my users are on around 8 hours or so later. And since I’m not on at those times, I’ve never been able to use my VPS’s console and find out where the connections are coming from.
Also, thanks for the list, regardless of its last update. Still useful.
Hi DatapawWolf, a bot hammering your site can can slow it as you know, check your HTTP or MySQL logs. But from what you describe it sounds more like your VPS hosting provider is backing up all data on the server. I work for a shared hosting company in Boston. They do so in off-peak times, usually early hours of the morning to process faster and minimise errors. Ask your host what time they run backups.
Hi,
thank you for this list.
But I have a question?
How do I add the word-spam-list to my forum, one at a time ?
Thank You,
Hi Gorco, what forum type and version are you running? To add them in phpBB3 version 3.0.11 under “word censoring” unless you know how to run an SQL statement on your database yes you will have to add them one at a time. A better anti-spam technique in that case is to use custom fields like our forum here does. For a small fee I can cease a flood of spam user registrations and posts on your forum in a matter of minutes.
Thanks for these, much appreciated. I get the odd spammer every now and then, but just got spam-bombed by about 30 users. Suffice to say, most were from *.ru, though there were a lot logging in from *@dontdlsp.tk which I notice isn’t on your list.
I have a question: I copied the email and the IP list into my banlists and since nobody can register anymore (they get a blank page) and when I try to access the banlist for emails, I get a blank page as well. Can you help out? Much appreciated.
Hi Lica, it sounds as though the process stalled halfway through. Reinstall a previous backup of your database. If you do not have one your host might. Failing that run a repair on the broken database via MySQL. If none of that helps you can hire one of us to see whats going on and fix it. As you are running phpBB3 we can also spam proof your forum without using the lists.