Home of David Malmström



Forum admin or: How I Learned to Stop Worrying and Love “Prune Users”

Personal spam bot kill count: 2307

I’m an admin of a forum for a Swedish fantasy tabletop RPG publisher, RiotMinds. One of the owners has told me about spam bots and how they moderators have removed spam posts. We upgraded the CAPTCHA on the forum a few times and none have been particularly great. Right now we use Q&A, an user needs to answer a human-like question. But they have gotten through that too, probably because the question size is quite small.

So I started to look at the problem, well first the e-mail confirmations stopped working because sending an e-mail with PHP is so great! /s

So we disabled e-mail activation until it could be sorted and required no activation. This led to about 20 spam bots in a few days, less than I feared.

So I started to look at the users, searched for users with no posts and started looking for patterns. Firstly a lot of junky e-mail providers like mail.ru and fesabok.ru (yes really!), so I filled in *@mail.ru on the Prune Users admin page. Pressed search and it allowed me to delete anyone with that e-mail provider. Doing this a few times allowed me to kill around 1600 spam bots in half an hour.

The rest of them took longer, some were using unique e-mail providers and some a bunch of garbage gmail.com e-mail addresses like s.f.e.sdf.gfdg.12@gmail.com. So again I started to look for patterns.

It was a dredge to find and delete lots of users that way. Looking at all users, checking to see if they had posts, if their e-mail address was looking weird, if it somehow matched their username and looking at joined and active dates.

Someone with the username azzmazzter300 is probably (hopefully) not a legitimate user.

Someone with the e-mail business_opp@topfiles.net is not a legitimate user.

Someone with the e-mail thomas.wells021@gmail.com and the username MonicaS is not a legitimate user (I hope, sorry otherwise.)

Someone with a joined date and last active date that are on different days is probably a real user.

The forum software phpBB doesn’t allow me to look at the members of the forum and select users to delete, I can either do it manually for each user or use the Prune Users. Both are great, but for bulk deleting users based on different search criterias and needing some human eyes on the users they are not suitable.

So I modified the member list HTML to display e-mails as well and then I could cross reference the username, e-mail, post amount, joined date and last active date more easily. This allowed me to open all the spam bot users in a new tab.

Then with a macro recorder I was able to create a small script that pressed the Administer user, scroll down to Delete User, click Confirm, wait a bit, close the tab and repeat this for a hundred tabs.

Then I got the right SMTP information and could re-enable user registration with e-mail activation.

So Prune Users is a great tool buried in the User & Groups tab in phpBB, but the best way to kill spam bots is to use a bot.

Fight Fire With Fire!