Oust-spammer phpBB Script


Oust-spammer phpBB Script is a Greasemonkey script for phpBB version 2.x, allowing administrators to quickly delete unwelcome names from the member list. The script allows administrators to check off multiple names at once, then delete them all with the press of a button. Although there are also phpBB mods to allow quick purges of member lists, using this script allows you to keep a standard phpBB configuration and files without modifying any of them for the process. I typically use Oust-spammer phpBB Script at least once a day since purging the member list of dozens of spammers is an unfortunate necessity here.

The current Oust-spammer phpBB Script version is 4.0, released mid-October 2008. Version 4.0 works better with non-English or slightly-modified boards, and adds error feedback to help fix failing deletes. It also adds support for a name list in the source code which, if an name entry is encountered, immediately stops script execution as a failsafe operation.

Download Oust-spammer phpBB Script.
(Alt-click link in Firefox to download, do not install from here without changes.)

For questions about the script, read the Questions section. See the Support section for further help. Go to the main Extensions and Scripts page for information on more extensions and scripts.



You need the Greasemonkey Firefox extension installed to use this script. You must also make a few small modifications at the beginning of the existing script so it recognizes your phpBB installation.

In the ops.user.js script, you will see eight lines, starting at line 14, that look similar to this:

// @include http://www.devoresoftware.com/forum/memberlist.php*

You should change the devoresoftware.com portion of the line to your own domain. Since my domain works with both www.devoresoftware.com and devoresoftware.com, I have two @include lines for each of the four pages referenced (the /forum/memberlist.php and /phpBB2/memberlist.php pages are the same, but addressed differently). If your domain does not support both www and non-www prefixes, you need only put in four @include lines with the proper domain substitution.

This script change allows Greasemonkey to activate the script when the corresponding phpBB web page is loaded. If your phpBB installation is not at the default location in the other subdirectories, e.g. /phpBB2 is not the subdirectory of the main phpBB installation, you will need to change the full path in the @include lines.

If the script detects a possible configuration error, it will provide an alert box briefly describing the problem. This may help you (or me) debug a problematic script. New in version 4.0, the script also has a fallback feature to cycle through each name, not solely depending on an English-language link to continue past the first name. This should help make the script work with administration screens in languages other than English.

Although not necessary, there is a change you can make to the script to better protect yourself from accidentally deleting an important member. At or around line 36 is the text:

var neverDeleteList = [

followed by a two-line list of quoted names: mdevore, the administrator of my phpBB board, and Flying Spaghetti Monster, a member of important standing. Names on this list will not be deleted by Oust-spammer phpBB Script even if they are checkmarked. To create your own list, place the quoted member names you want to protect between the two square bracketed lines, with each name followed by a comma except the last one. Proper comma placement is critical.

There is a second feature to protect against accidental deletion of members that is supported in the script code. At or around line 41 is the text:

var stopIfHitList = [

followed by a list of two names, currently commented out by leading "//"'s. If Oust-spammer encounters any (uncommented) name on this list, it will stop processing immediately. You can use this feature as a failsafe to ensure that, if a name in a member list is accidentally checked for deletion, the script will stop processing and potentially avoid further deletion of valid member entries.

Running The Script

Backing up your phpBB data is recommended before running Oust-spammer phpBB Script in case you make an error or the script misbehaves while running on your phpBB configuration.

Oust-spammer phpBB Script is used by going to the Memberlist page of your phpBB board, as when you click on the Memberlist link at the main phpBB board page. When you are at the Memberlist page, you should see additions to the normal list: each member entry is preceded by a checkbox followed by the word Delete. Under the last row of entries are the buttons Clear All, Set All, Delete Checked, Show Email, and Show Website.

Check each member entry you want to delete. You can set or clear all entries at once by using the Clear All and Set All buttons. After you are done, click Delete Checked to start the process of deleting each member. Depending on whether you have recently entered your password, you may be directed to the standard phpBB password screen for Administrator sign-on; this will not affect the script processing.

The other two buttons supply additional information about the listed users to help you decide whether or not a member name is valid. The Show Email button toggles between the normal email icon display and the actual email address of members. The Show Website button toggles between the normal website icon display and the website link. Note that long addresses can significantly affect the width of the two display columns, to the point where each entry may take up two lines or scroll beyond the width of the browser view.

After clicking Delete Checked and perhaps entering your password, your browser will be automatically directed to the phpBB Administration pages. Oust-spammer phpBB Script will act as an invisible director at this point; it will pick a name from the deletion list, enter it in the user name field, lookup the user, select to delete the user, and continue looping through each name on the list until all the member names selected for deletion are gone. The script stops at the User Administration page when it is complete.

If the script cannot find the expected link to your administration page, it will display a message to this effect -- also, the script will not navigate to a page outside your home domain for better protection. If you receive the message, you can click OK and manually navigate to your administration page to continue script operation.

If the process does not occur as expected or the administration page is not found, see the Questions or Support section.


Which versions of phpBB does the script work with?  I currently use it with phpBB version 2.0.19. It should work with other versions close to that release. However, due to the nature of phpBB, the script must perform internal structure-specific tasks which leave it unaccommodating to internal changes between phpBB versions and different (nondefault) styles. If you continue to have a problem with your version of phpBB, let me know. Needed modifications may be slight, or so we can hope.

The script does not work, what do I do?  Double-check that you have the proper domain setup and directory setup for your phpBB installation. If you are using the never delete list, ensure that you have placed each member name in quotes and have a comma after each except the last. If that doesn't do the trick, see the preceding question.

I made a mistake and want to stop the script before it completes. Can I do that?  Maybe. The smiling monkey icon in the browser status line can be clicked to turn off Greasemonkey. If you do it fast enough -- and the script runs through each page pretty fast -- you may stop it before it completes. Navigate back to the member list page to reset the script and click the monkey to turn back on Greasemonkey. Or reboot your computer, that works too.

I would like a new feature. Is that possible?  Yes, it is possible. Let me know what you want and perhaps it will be added. No guarantees, but I will consider your suggestion.

Is there a way to bypass manually typing in the Administrator password?  It could be done without much coding effort, but I decided that giving a script the Administrator password is probably not a good idea as far as security goes. If having to type in your password perturbs you, I might be persuaded to add the ability to automatically put in your password. Given the security risk, I'm not sure I will agree to do it.


Please post questions, problem reports, and comments as a script comment at userscripts.org or leave a comment on the I Fix Scripts weblog.

Remember: If you don't report a problem, it won't get fixed; if you don't ask for a feature, it won't get added. Useful feedback is always welcome.

Download Oust-spammer phpBB Script.
(Alt-click link in Firefox to download, do not install from here without changes.)

Slightly better than preliminary documentation.