Basic phpBB 2 Security
This tutorial explains how to protect your phpBB 2 forum from spammers without editing any phpBB files. It is useful for people who cannot edit phpBB files, for example, people who use free forum hosts.
You will see your forum main configuration options.
1. Enable option "Enable Visual Confirmation". This option will show simple image on registration page, it prevents most bots from registering. Unfortunately its a very basic captcha and most advanced spam bots have means of bypassing it, but that's the most you can do to prevent registration spam without editing phpBB files.
2. Set option "Enable account activation" to "User". When this option is enabled, new registered users will have to confirm their email address before being able to post.
You can view permissions in simple mode or advanced mode.
If you are viewing permissions in simple mode then make sure permissions are not set to "Public". Recommended setting is "Registered", which means everyone can view posts but only registered can post and reply.
If you are viewing permissions in advanced mode, make sure "Post" and "Reply" are not set to "All". Recommended setting is "reg", which means only registered can post and reply.
This is the most you can (and must) do without editing phpBB files. It will not prevent some spammers, but it will prevent most of them.
1. Configuration
There are few configuration options you must enable. Login as administrator, click "go to admin control panel" link in footer, on left side in section "General Admin" click "Configuration".You will see your forum main configuration options.
1. Enable option "Enable Visual Confirmation". This option will show simple image on registration page, it prevents most bots from registering. Unfortunately its a very basic captcha and most advanced spam bots have means of bypassing it, but that's the most you can do to prevent registration spam without editing phpBB files.
2. Set option "Enable account activation" to "User". When this option is enabled, new registered users will have to confirm their email address before being able to post.
2. Forum Permissions
Do not ever allow guests to post in forums. To make sure you have correct permissions go to admin control panel, on left side in section "Forum Admin" choose "Permissions". Then check permission for every forum.You can view permissions in simple mode or advanced mode.
If you are viewing permissions in simple mode then make sure permissions are not set to "Public". Recommended setting is "Registered", which means everyone can view posts but only registered can post and reply.
If you are viewing permissions in advanced mode, make sure "Post" and "Reply" are not set to "All". Recommended setting is "reg", which means only registered can post and reply.
This is the most you can (and must) do without editing phpBB files. It will not prevent some spammers, but it will prevent most of them.