Good to know, haggisv. It's been all quiet for the last six hours for me too, although I switched to reCaptcha temporarily. I've not yet tried a fresh set of unique questions since my Q&A got compromised but will try it and see what happens tomorrow.haggisv wrote:Just out of interest, and this is not conclusive proof.... I've just changed all my Q&A questions, and in the last 6 hours, I've not had a single spammer register.
This tends to indicate that they are not bypassing the Q&A, but have simply compiled a set of answers, that will, after enough tries, give the right answer when the right question comes up.
I will continue to monitor this, but it looks like questions will simply need to be changed a lot more often.
In my case, I've done a whois each time an obvious bot has got through (using the built-in whois facility of phpBB) and then applied an IP ban for the entire range shown. I've done this at server level through my site's control panel, so that they are blocked from the entire site and not just the forum. People can of course apply these range bans through their .htaccess for the same effect.
Hopefully they may be running out of ISPs (they're mostly Russian, Ukrainian and the occasional East European ISPs in this wave of attacks). I don't like banning entire ISPs but at the moment it seems necessary and I'm not aware of a single genuine member signing up from these regions for my site anyway.