On 11 February 2013 19:40, Peter Soetens <peter@thesourceworks.com> wrote:

On Sat, Feb 9, 2013 at 10:33 PM, Tully Foote <tfoote@willowgarage.com> wrote:
> I've changed the textcha content to try to slow it down. We'll look at more
> permanent solutions if the spammers figure this one out quickly.

Just FYI, we have the same issues with orocos.org. We even tried to
change the login URL to something 'unique' such that automated logins
were not possible anymore. This had no effect whatsoever (not even for
a short period), so I'm guessing that it's 'cheap' people doing this,
or they are really crawling/parsing the html code, looking for a
'registration' href text.... beats me.

Also, we were raising the captcha to such a level that users started
complaining... so I had to lower the noise/distortion again.

We ended up with approving each account manually, guessing validity by
the looks of the username and email address... or waiting for a
complaint.

Since we're using Drupal, we might actually drop the authentication
all together and use a service like Mollom to check anonymous posts...
maybe.

We had some pretty serious spambot issues for a while as well. They stopped completely after we applied a simple trick that one of our users suggested: we added a "Do not register" button just before the "Register" button in the Drupal template. It seems the spambots are stupid enough to select the first button they encounter, because we didn't get any after that (at least, not until a Drupal upgrade wiped out the change).

Geoff