phpBB: How to handle spammy registrations?

I'm managing a phpBB-based forum that gets hit hard by spammers signing up fake accounts. To combat this, we enabled "administrator activation required", but it's not working so well: When a new user signs up, I get an email with a link to activate that user. However, there's no link to let me easily look at the user first; it goes straight to activation.

I'd like to try a different approach, along these lines:

  1. I'd like to allow registrations without my approval; instead, the user must get a mail with an activation link.
  2. I'd like a designated moderator group to approve all posts made by newly registered users. This should be done through the forum's web-based moderation control panel.
  3. When a new user posts a spammy message, I want the moderator group to kill the message and the account.
  4. When a new user has posted a few non-spammy messages, he's whitelisted and further postings require no approval.

How do I achieve this setup? -or- Is there a similar but smarter approach?

UPDATE: I finally found a watertight solution: http://CleanTalk.org -- it's a paid service but for a measly $8 per year it's well worth the money. So far the filter has worked 100% accurately, without any spammers getting through and without blocking legit users. I am impressed.


Some steps to take:

I found some info in phpBB's forum, but it was too well hidden for new (forum admin) users:

ACP, General, User Registration settings, New member post limit - set to whatever number you want. ACP, General, User Registration settings, Set Newly Registered Users group to default, Yes.

Then there's the suggestion to put new new users on the moderation queue, but no info on how that's done:

Permissions may be set on this group much like any other group -- an example use is to place the Newly Registered Users group on the moderation queue for all forums.

Here's how:

  1. ACP, Users and Groups, Group's forum permissions.
  2. Set "Lookup user group" = "newly registered users", submit.
  3. Select all forums, submit.
  4. Wait for the long list of forums to load...
  5. Set role = "on moderation queue" for every forum, then submit.

I don't remember if I made the role "on moderation queue" myself or if it's a default role. Create or review the role here:

  1. ACP, Permissions, Forum Roles.
  2. Then either click the "gear" icon for the role, or create it using the text field under the list.
  3. Scroll past the "Users/Groups assigned..." section to the "Forum permissions" section at the bottom of the page.
  4. Select the "Misc" tab.
  5. Make sure the setting "Can post without approval" is set to "Never".

All the above should be default settings for new phpBB installations, but isn't.

Also in the User Registration settings, turn on reCaptcha and click Configure to fill in required site keys (which can be created through a link on that config page). Submit the configuration, then go back to User Registration settings and (again) turn on reCaptcha, then Submit that change.

Also, try this MOD: http://www.phpbb.com/customise/db/mod/daropl_antispam/


I know you already got recaptcha working, but I thought I'd add the link to the recaptcha documentation for phpBB anyway, in case anyone else finds this question in future:

http://code.google.com/apis/recaptcha/docs/phpbb.html

Would be nice if more people used this, rather than letting their phpBB fill up with spam. Ditto for blogs...