503 errors using links from UCP (User Control Panel)

[gandharva]

Some examples you could do here if not already in place:

1. Use Q&A CAPTCHA
Go to: ACP > General > Spambot Countermeasures > Installed Plugins
Select Q&A CAPTCHA.

Set up simple but effective questions, for example:
- What color is the sky on a clear day?
- Type the first three letters of the word 'elephant'.

This is generally more effective than image CAPTCHAs or reCAPTCHA.

2. Install Anti-Spam Extensions
- Stop Forum Spam
https://www.phpbb.com/customise/db/exte ... orum_spam/

- Sortables CAPTCHA
Drag-and-drop CAPTCHA method that works well against bots.
https://www.phpbb.com/customise/db/exte ... s_captcha/

3. Restrict Newly Registered Users
Use the "Newly Registered Users" group to limit access for new accounts.
Go to: ACP > User Registration Settings > New member post limit

Example: Set this to 5. New users will have limited permissions (no links, no PMs, etc.) until they reach this post count.

4. Disable Guest Posting
Go to: ACP > Permissions > Group Permissions > Guests > Forum Permissions

Set “Can post” to “No”.
This blocks anonymous spam posts.

5. Use External Anti-Spam Services
Third-party services can provide another layer of protection:
- CleanTalk (offers a phpBB plugin)
https://cleantalk.org/help/install-phpbb31

6. Monitor Logs and Block Patterns
Regularly check:
ACP > Maintenance > Logs

Look for:
- Suspicious usernames
- Repeated IPs
- Common spam email domains

Block problematic IP ranges or domains as needed.

7. Optional: Add a Honeypot Field (for developers)
Add a hidden field to the registration form. Bots will usually fill all fields, while real users won’t. If the hidden field is filled, block the registration.

[CrazyCarperF1]

I just press the refresh on the browser if ive been away from the open tab for a while, before pressing active topics.

[Steven]

I have to disagree there, I'm a programmer (i.e. higher level of technical knowledge than average) and going back to the main page and refreshing it to make the topics work was non-obvious. I actually assumed for a long time that the site had been hacked and was down.

In fact I only found the 'refresh' solution by randomly stumbling upon a post that mentioned it in an unrelated google search.

There are many better ways to fix this issue: CloudFlare type systems, fail2ban, even throwing up a reCapcha popup etc. Making the site appear broken for the real users is not a great solution.

(this is not a criticism of the admins - I'm sure they want the site to work - running websites and forums especially now is a complete pain in the exhaust).

Same here, IT Manager but what you say needs money no matter if the cost is big or small. The point is that the forum is free and there is no thinking from what i understand all this year's for subscription or anything so anything extra comes in the backs of the owners.
I am perfectly happy to contribute if it's needed.

None of the sample solutions listed cost money. All are free. Cloudflare does have a pay option, but they also have a free option. The rest can be implemented free.

Sent from my Pixel 8 using Tapatalk

Gents....

I'm in IT as well, and I am aware it's a bit of a short corner solution with the 503's. This thing is now disabled until we end up with performance issues again.

Meanwhile, "free" is fairly relative. Everything costs time to do, even the free stuff, and sadly there are just 24h in a day.

As already communicated to the team I am working on upgrading the forum and we'll then move to another more powerful server. Cloudflare is on the list of possible solutions for sure so please try to make the best of it as it is. I find it very annoying and well and would wish I could fix this by tomorrow, but quite a lot needs to be done before we can actually move servers.

Having 24 races per season also doesn't really help...

[Billzilla]

FWIW this is the first time I've been able to read any thread in well over a month I think.
503 error every time until now.