The stop bots question extension seems to have done the trick. I've left registration approval on (and will for a few more days), but so far no more spam registrations in the queue! I've tried to make the questions either very tech specific or midwestern-US regional specific. Hopefully that will require the spammers to at least google the answer (or give up!).


Unfortunately I'm still running 1.3.4 and cannot update any time soon (don't have the time) - was hoping to find a quick fix. I do see an older unsupported version of your plugin for 1.3.x - think that would help?

I run a forum targeting folks strictly in the Midwest (it's a LAN party community) and lately we've been hit hard with spammers joining up and posting junk. I've mitigated the problem by installing a registration approval plugin that allows moderators to manually approve each new registration - however this is unsustainable long term. Already we've rejected two new legitimate members accidentally. The spam bots sign up with some convincing usernames and fill in legit looking profile information/signatures etc.. The only sure-fire way to identify these bots is by looking up the IP address - 99% of them are non-US based (usually European or Asian).

Is there any way to ban all non-US IP addresses? I believe this would nearly eliminate our problems, as we do not expect anyone from outside the US to join our forum.

It's not pretty, but I'm sure it can be easily tied into the existing conversion script (or hopefully one that works with 1.3 in the future).

Convert avatars (run this in the /img/avatars/ directory):

  /* db info & connect */
  $db_name = 'vbulletin_db';
  $db_username = 'username';
  $db_password = 'password';
  $conn = mysql_connect(localhost, $db_username, $db_password);
  /* query */
  $sql = "select userid, filedata, filename from customavatar where filename != ''";
  $result = mysql_query($sql);

  /* parse the rows for avatar information, default to jpg
  /* and output in format "userid.format" - run this 
  /* script from within the img/avatars directory */
  while($row = mysql_fetch_assoc($result)){
    $file_type = explode(".", strtolower($row['filename']));
    if($file_type[1] == null){ $file_type[1] = 'jpg'; }
    if($file_type[1] == "jpeg"){ $file_type[1] = 'jpg'; }
    $filename = $row['userid'].".".$file_type[1];
    echo "Saving: ".$filename."...<br>";
    $fp = fopen("./".$filename,"w");
    fwrite($fp, $row['filedata']);

I regret to say the code for the PM conversion is lost it seems, I probably overwrote the file when writing the avatar converter; however it was not difficult and I can probably throw it together in a few minutes when I have some time.

Here are the bits I modified in the login script to allow for vBulletin passwords:

First, I added a new column to the users table; called vb_salt. I then did a query of:

UPDATE punbb.users SET vb_salt = (select userid, salt from vb.user where = user.userid), punbb.password = (select user.password from vb.user where = user.userid)

This pulls the old password and the salt from vBulletin's database over to the punBB database on a per-userid basis. Once this was done, I first modified the login code in login.php

    // Get user info matching login attempt
    $query = array(
        'SELECT'    => ', u.group_id, u.password, u.salt, u.vb_salt',
        'FROM'        => 'users AS u'
    ); include the new column vb_salt that was added. The only other change I made was to the actual login logic:

    $authorized = false;
    if (!empty($db_password_hash))
        $sha1_in_db = (strlen($db_password_hash) == 40) ? true : false;
        /** include vb salt stuff here - eventually everyone should 
    /*  migrate to the sha1/salted password that punbb supports natively */
        $form_password_hash = forum_hash($form_password, $salt);

        if ($sha1_in_db && $db_password_hash == $form_password_hash)
            $authorized = true;
        else if ((!$sha1_in_db && $db_password_hash == md5(md5($form_password).$vb_salt)) || ($sha1_in_db && $db_password_hash == sha1($form_password)))
            $authorized = true;

            $salt = random_key(12);
            $form_password_hash = forum_hash($form_password, $salt);

            // There's an old MD5 hash or an unsalted SHA1 hash in the database, so we replace it
            // with a randomly generated salt and a new, salted SHA1 hash
            $query = array(
                'UPDATE'    => 'users',
                'SET'        => 'password=\''.$form_password_hash.'\', salt=\''.$forum_db->escape($salt).'\'',
                'WHERE'        => 'id='.$user_id

            ($hook = get_hook('li_login_qr_update_user_hash')) ? eval($hook) : null;
            $forum_db->query_build($query) or error(__FILE__, __LINE__);

Basically the old algorithm used in punBB is replaced with vBulletin's hashing algorithm. Once a user logs in the logic detects that an MD5 hash is used and generates the SHA1 hash.

I almost didn't switch to punBB because the existing (outdated!) migration script did not support migration of passwords, had I not found this method of utilizing them I would never have switched (too much of a hassle to ask users to 'reset' their password).

Edit: Upon checking the conversion script it looks like there is a 'removed' function to migrate PMs and polls. Wish I'd have known that existed!

I've recently converted a forum I administer from vBulletin 3.x to punBB. Converting a medium-sized forum consisting of 70,000 posts was a bit of a challenge, however punBB is definitely much faster and leaner than vBulletin could ever hope to be.

You can check it out here:

Some notes:

Using quite a few extensions, among note are the CSS/JS 'fancy cache' plugin, portal by daris, pun_attachment/poll/move_posts/etc, private messaging and post karma. In addition I've done quite a few modifications myself (unfortunately not in extension format, though I might port them over someday) - among them are integration with jquery (for a nice popup calendar, tooltips, bbcode editor and the toggle for the poll settings), a calendar (tied to a specific forum - upcoming events - this is used for tracking new LAN parties and what dates are used/available), thread prefixes (stole this from a vBulletin addon - you can see it in action on the buy/sell/trade forum), and an enhancement to the current format_time function - fuzzy time! You'll notice the dates will say "less than a minute ago" or "3 days ago", all the way out to 4 weeks; after that it just displays the actual date.

There are minor changes elsewhere that I cannot think of, however those are the larger features. I'm planning more additions in the coming months as I get some spare time - among these include using a custom style on a per-forum level. This is a feature I miss from vBulletin. I also had to write a few custom conversion scripts to pull private messages, user titles and avatars over from vBulletin. About the only thing I lost was the attachments, and that's simply because I didn't think they were worth the effort of porting over.

Converting passwords was interesting but I was helped out quite a bit by what looks to be a legacy way of storing passwords in punBB - looks like older versions used MD5 vs. the SHA1 hashing used in newer versions of punBB. With this I was able to import the salt used by vBulletin into my punBB user table and then modify the login code a bit to use that if it finds an MD5'd password. Once the user logs in it's converted to SHA1 and they never notice! Works perfectly thus far.

The style is more or less stock punBB Oxygen with few enhancements; I loved the default theme and it actually fit in nearly perfect with our existing 'light blue' theme from vBulletin, as you can see by how the default style matches our header image. However we also had a dark style that was used by just under half our users and that also needed to be converted; I regret to say you can only see that one by registering and picking the 'Classic' style. Dark black/grey mixed with a bluish teal and our classic (nearly 10 year old) logo on top.

Overall I'm very happy with how this project turned out. punBB was a dream to customize since the code actually makes sense; I've got to say that was one of the first reasons I picked this software over some of the alternatives.

Thanks for making great software, looking forward to the updates!

Any updates on this?