After going through the same as everybody else in this thread (captcha, installing the ACP mod and allowing zero personal info during registration, deleting users, banning domains etc.), I have a new idea.
I notice that many spammers come from the same domain. Building up my own ban database is taking ages. Couldn'w we generate a blacklist and put it up here somewhere so that it is easy to download and import in the database?
Yet, sometimes I have checked some of the spammers from unknown domains and then I see that the domains usually have only been created a few days before. Are they creating new domains just to use unsuspect email adresses for spam?
You can ban entire domains...
Like these should work:
I tried to post and first to register at Lithium Studios but my email was denied ("The entered email domain has no valid MX record") so I will post it here. I refer to the topic Incorrect Captcha Code...or not??
I use this wonderful mod for two forums I admin and it saves me a lot of time because it filters out so many bots. Before I upload files to the server I test them at my local environment using apache webserver and everything looks fine also with the captcha image. After I uploaded the files it is still showing the old captcha image and from phpinfo I know that on both (local and server) GD - GD Support and FreeType Support are enabled. The only difference: local I use PHP Version 5.1.2 and on the server is PHP Version 4.4.4 installed but the other forum I also admin and where the captcha image looks fine also uses PHP Version 4.4.4. So there must be another thing with this. If you like I can send you the phpinfo files to compare.
Hmm, that is strange. Did you enter in a vaild email address when you registered? Try it once again, and if it does not work I can turn that off so it does not check.
Sure, send me the php info from your local host and server and I will check it out(send them via PM).
I've been using better captcha (in conjunction with the anti-spam ACP, ConfusaBOT, and SpamWords).
Recently, I went to admin approval of all new accounts simply because I was still getting at least one new bogus user and a spam posting every day.
Still they register. I don't know why... they don't get a web listing in profile and the don't get a signature or anything else either. I delete them right away without activation (I know a spam account when I see one). Today, I deleted 3 already.
Question: I find it hard to believe that better captcha has already been broken by the spammers. Is there a way I can tell? Is there a way to tell if the registrations are bots that get through better captcha versus human entries? Any suggestions?
Try updating Anti-Spam ACP to the latest version, that should help a lot.