stevemaury wrote:It is senseless and unnecessary to have more than one Q&A question. If a question gets cracked, you will not know which one, so you will have to change all of them. One good question is all that is needed.
Just following up now that I'm preparing to move from 3.0.14 to 3.1.x
My [4-6] questions so far have prevented spammers from joining my site over the last 4 years. Similar sites to mine are littered with comments about spammers and who to trust etc. I found that a series of steps to actively monitor the registrations, asking for unique fields, CAPTCHA questions and checking IP and a few other things has caught all of them so far. I'm going to try and automate some of this now that I have a good procedure that seems to work. Obviously, boards with hundreds of registrations daily can't do this but I get 3-5 and I have 1700 members and so far this has worked. Prior to this implementation I would get dozens of illegitimate registrations daily.
When I notice someone has registered but not been approved and is a spammer (it is obvious) I go back and change my questions. It is not hard in a specific field like mine to develop questions that will survive attack for a few months.