I thought it might be helpful to put out a thread on this, since it keeps coming up wherever phpBB is being discussed. Please do not take this as a challenge to hack or spam us !! We just want to share what we think works reasonably well in the hope it will save someone else a headache or two (or worse).

We implemented the visual confirmation native to phpBB with the confirmation email function ON and added these modifications:

phpBB Anti Spambot MOD v.1.0.0 (hides all email addresses to non-members)
phpBB Admin Userlist v.2.0.2 (enables sorting of users to weed out fakes)
phpBB Active Members Only v.1.1.1 (hides members until they confirm via activation email)

This has provided us with these effects:

1. Guests and bots cannot scrape the email addresses of registered members.
2. We can find unconfirmed users quickly and easily, and do batch delete.
3. Our members are not subjected to seeing fakes on our memberlists.

So far so good.

The question for the forum here is -- what are you using, why and with what results ?

Hope to see a good discussion from some folks who know lots more than me.

The ConfusaBot mod (http://www.phpbb.com/phpBB/viewtopic.php?t=393265), and variations thereon, is also useful. I believe that there are some replacement CAPTCHAs for it as well that have a higher success rate against the bots.

Interesting, Don... thanks for the reply.

Another thought is whether or not it is possible to include a useful list of words in the censors section to prevent malicious scripts when html is enabled. I saw this post in the forum (http://www.bluehostforum.com/showthread.php?t=2257) and think it might be a useful inclusion in PhpBB censored words list as well. (added to mine, will see how it goes).

I realize we could simply disable html but that would cause problems with our RSS feed robot which needs to post HTML into it's forums.

THoughts welcome !

this is what i use. no users can view the user list:

http://homepage.mac.com/jayhawk/.Pictures/phpbb_mods.jpg

and, i also have groups for all users and anyone who registers still needs to join a group before seeing any forums or content. since i control the groups (or a moderator) i have never had a bot or user join that has seen anything.

but, i realize some forums are more public (mine is a class), so your mileage may vary.