When you create a lock, there is a key to unlock it.
I have used phpBB for my web site. But it was hacked several years ago. :-[
Because phpBB was so popular and the code are freely available.
So hacker can study all the protections and find out solution to break in.
Due to so many unrelated messages posted everyday.
I wrote [url=http://www.phy.ntnu.edu.tw/ntnujava2/]my own code to host all the simulations[/url] between 2001-2007 (it is still available). 8)
However, the system is not familar to most of the users.
The web site still attracted many visitors, but the average posted messages reduced a lot. :(
I switch to this system on 2007/02/14, because the system was not the most popular one and seems to have many security features at the time.
However, the code are public available. So someone find ways to hack the system. >:(
Yes. I can add modifications code and post it in SMF forum mods.
However, someone will find the way to hack it soon.
For examples: Visual verfication image was added and user has to type in verfication code from the image.
But program like [b]x r u m e r[/b] can recognize the image. It can read email and click link to confirm the account automatically. That is why so many users use it to add links to web site. (The program cost nearly $520). ---I do not want to add link to help it.
I think the best way is to add a simple but unique solution to prevent it. :o
The above method I posted does not really prevent the form to be submitted by the hacker.
But the value for [b]checkme[/b] submitted to the server will be [u]0[/u] instead of [u]1[/u].
So I block the registration with added code (Normal user registration will be the same as usual).
The average number for registered users was 50-60 per days last month.
It reduced to 25 yesterday (from the record: 26 were blocked ).
I knew there are many users registered but never post message. I found many of those accounts never visit one of the message in this forum, when I check the log files. They only registered and leave several URLs as part of their personal profile. That is why I only allow registered users to be able to view other user's personal profile.
Sent me Themes/default/Register.template.php and Sources/Register.php via private message.
I can modify the code for you and send them back.
I would suggest you: do not allow anyone to view the board link in your message (only visible to yourself).
Because it will help the program to find where the program works (I believe the program use search engine to find web sites as their target).
I also create a board stored all those banned topics.
In the last two weeks, I have to remove those messages more and more often. So I decided to modify the code during the weekend to prevent those messages/registrations.
It is working (at least up to now). ;)
I am aware that someday they will find another way to break in.
I just have to fix it then. >:( It might becomes a never ending war! :(