Step 1: The first thing you do is activate all the security already included in phpBB, such as user e-mail activation and visual confirmation. NEVER set your forums up so that your members can automatically sign in as soon as they register.
Step 2: Never make it easy for spammers and hackers to join your forums. Add a number of security measures and then personalize your registration process and make it unique to your own forums.
Step 3: Set your permissions to a minimum of REG for posting and replying. Never allow guest posting as this keeps a door open for spam bots to ruin your forums. Don't even be tempted to set up a forum for guests to post in.
Step 4: Use your ban control. If you do have spam bots registered on your forums, ban the email addresses for them and delete the accounts. I suggest using a wild card username, like * as in *@hotmail.com for e-mail addresses on the hotmail.com domain name. In particular, e-mail addresses ending in .ru appear to be the latest email clients used by spam bots and any registration with a .ru domain is highly suspect. So, banning .ru e-mail addresses is advised.
Now, once you have the standard phpBB settings in place, you will need to add a few hacks that I will list here with the links to download them.
Live E-Mail Validate
The first hack to install is Live E-Mail Validate. This hack ensures that the registration process will fail if the e-mail address being used is not a live e-mail address. This is good because spam bots rarely use live e-mail addresses.
The second hack to install is E-Mail Confirmation. This is to ensure that the e-mail address that is being entered is entered correctly and we know how many people can make a simple mistake with their e-mail address, so it helps everyone concerned.
Add Name and Address to Profile (Not Publicly Viewable)
The next hack to add is Add Name and Address to Profile (Not Publicly Viewable). The information added is private and viewable only by the administrators and the member themselves. No other member can view this information and because some of the information is "required" to complete registration, spam bots do not know about it and the registration will fail.
Here are some other hacks that are designed to prevent spammers from joining that you can install if you like. They are optional and should be kept in mind should any of the above measures be compromised by spam bots.
Anti Bot Question Hack
This hack is a variable configurable CAPTCHA to prevent spam bot registrations and spam bot guest postings. A question, randomly selected from a question pool, is added to the registration form and/or the post form for guests. This question must be answered correctly to complete the registration or post successfully. You can create your own individual questions or you can use automatically created questions. The hack is completely administrable via the ACP.
This hack is compatible with Select Default Language. Different questions can be defined for each language.
This hack prevents spam bots from registering on your forums by removing the fields of your choice in the registration and profile form until users reach certain requirements. If a spam bot is detected, you are sent an e-mail notification with the username, IP address and more.
Custom Profile Fields
This hack allows you to add custom fields to the profile, memberlist and mini profile that appear to the side of each post. Admins can also add admin only fields. Add check boxes, text fields or more. Includes an admin control panel for easy field setup. This hack is handy to add more personal functionality to your forums.
Inverted Visual Confirmation
Changes the visual confirmation images that are shown in the standard phpBB visual confirmation. It inverts them so that the background is dark and the letters are light.
Capitalize Confirmation Code
Converts the confirmation code that the user types in to capital letters automatically, once the user has clicked off the text area.
Photo Visual Confirmation
Adds a new kind of visual confirmation where the person registering for an account must look at photographs and determine if they are of animals or not.
This hack blocks the access for defined forums until has viewed and agreed to a specific topic on your community.
By adding more fields to profiles, such as required fields, you will stop the spam bots from registering because, once again, they are unique to your forums and spam bots are not aware that all of these new fields are required.
Now that you have added all this new information, much of which is required only by your forums, you have virtually defeated spam bots and you can rest easy knowing that 99.9% of your new registrations are genuine and your forums are safe from unwanted intruders.
Regularly check phpBBHacks.com for any new security hacks that may be added to the database by going to the all hacks section, the Security and Privacy category and by searching the hacks database.
Hopefully this little bit of advice can help you all, as administrators, to enjoy your forums without the annoyances created by spam bots.
Note: It is an ongoing problem stopping spam bots and as new hacks are created to prevent them, they will, in time, break the code. Because of this, you should always keep abreast of the latest releases for stopping spam by visiting the newest hacks section regularly and searching for what is new to help you in your battle against them.