Yes, just wanted to clarify for everyone: what we discussed above, is truly specific case and it only works for spammers submitting the value of the website field, at the time it's disabled on the form for regular members. That allows to recognize crap.

If you want to enable website field for all, that's not the solution...

Indeed - that's why having 'user' fields, as with the Tectite forms would be a good thing for miniBB ;-)

As I wrote earlier, I'll try to provide such a solution when I have time - unfortunately, not right now.

Just an update - nearly 2 months, and no spam at all.

;)

I was having a little brainstorming on this subject - and thought that it might be possible to enable 'website' field on Profile Editing ONLY, and ONLY to those users who has left not less than $allowHyperlinks of messages on forum.

What do you think?

I could even include this in the official package of miniBB, at least to try... I think, this approach should make further automated registrations nonsensical, as it will be impossible to fill in the website field when creating a new account; and IF such field still will be filled in, we can use the (above) approach to simply deny registration, if this field has a value.

Also, the value of this field should be eliminated as soon as the script sees this member has less than $allowHyperlinks of messages. This is for "hard-to-take" spammers - let's say, user registers a valid account without Website field value; on the next step, he creates couple of stupid not meaningful messages to rich the limit criteria and fills in the Website field (the script will allow that). Further, the Admin comes to forum and deletes messages, so this member, again, has 0 posts - at this process, the script should zero Website field as well. So it could be quite easy to handle - I just need to extend the messages/topics deletion function.

Well, it may look complicated, but at least this starts to look like an approach, not just a suggestion... WDYT?

Today spammers know that a clear text (ie. not hyperlinked) with domain or URL is still seen by search engine as a 'vote' so they can fill out any other text field to spam anyway. On most of my forums I have 'Website' field completely disabled/removed and I had situations robots filled the 'Interests' field (for example) with URL. So I personally think hidden field approach should be done on individual basis (at least that's what I managed to complete) and adding it to miniBB core is not the best idea..

I'm not about the hiding the field, I'm about letting it to be filled in only to members who has useful posts, and only via Profile editing, not registration. So before making this field valued, a member should complete some purely manual operations.

IMHO providing such field in many cases motivate members to join the forum...

As about other fields in the profile, they could be easily REGEX-compared to not have leading http or www in front, I could fix it as well...

Just once again to clarify of how I'm seeing it:

- User Registration - at this stage, Website field is not even visible on the form; BUT if it has a value during registration process, the script should deny such registration;

- User Profile editing - if user has 0 posts, the field is still invisible (and not possible to be filled in with a value)

- User Profile editing - if user has >0 posts, the field becomes visible and possible to fill in with a value

- User Message/Topic deletion - if the script will see than user has left 0 posts, it will empty the Website field in database automatically.

'0' could be any value in this case, defined in $allowHyperlinks of setup_options.php.

Personally I don't allow to enter Website field at all (only spammers who don't care about forum discussions do it, unless it's a very specific forum), but my suggestion would be for those who want to allow this field that it is visible (but disabled) on the registration page so that they know they can use it after they register..

So in general, I'm against the idea of allowing the 'Website' field because such users don't usually bring anything to the community. They can enter their URL as clear text in the 'Interest' or 'Occupation' field if needed. Some random examples:

minibb.com/forums/index.php?action=userinfo&user=4600
minibb.com/forums/index.php?action=userinfo&user=4601
minibb.com/forums/index.php?action=userinfo&user=4603

Other users may have different needs or opinions though, so it's just my feeling :

All I can tell you is that using the 'hidden' website field we have had zero spam registrations since!!!

All spam bots try to fill in the website field, while real people can't see the filed, so leave it blank.
Result - any registration with info in the website field is spam.

It works perfectly ;-)