FYI:

We've had like 15 new user registrations today from spammers across the globe.

In response, I've added a captcha challenge to the registration process. 

If this doesn't stop the spammers, I'll bump up the complexity of the image.

Stronger options are available if their bots break captcha well.

Thats sick! Keep up the great work.

Stronger options are available if their bots break captcha well.

Due to some recent and graphic pr0nspam, I've kicked up the captcha to the highest level.

The next available step, should this not prove effective, is to require new member accounts to be activated by admins before they're allowed to post.

I'd rather not do that, but it should serve as an effective deterrent, as it's typically very easy to distinguish between a bot's profile and a person's.

I'm pushing for retinal scanning.

Sounds like your signing up for a lot to have to approve every account !  Let's hope it doesn't get there..

Can always throw in some word problems, most Bots don't understand English yet..  Even better, put the word problem itself in captcha..  So basically you don't just have to recognize the text, you have to answer the question it is asking.

I'm not so sure it would be that big a deal.  I mean, on average we'll get 5 or 6 new members a week.  If all I had to do is get up in the morning, check my mail, follow a link, and click "Approve" then I don't think it'd be that big a hassle.


I have always liked the idea of human verification based on word problems such as "What is five plus four."  but botnets are growing ever sophisticated and I'm quite sure those sorts of things have been accounted for.

As I understand it, the cutting edge is currently using photos of various things and asking the user to identify them.

The attack on that method involves botnets serving up images to live people to identify images in exchange for micropayments or access to porn sites and such.

Once a given image is identified as a puppy or a tree or a bus then the net stores checksums of the image (or parts of the image) so it can quickly recall it the next time its asked to identify that particular file.


There must be good money in spamming because people are putting a hell of a lot of effort into it.

but what if I wanna create a fake profile to anonymously make fun of people?  I have to wait for you to approve it?

I wonder if I could whitelist IPs of known-human users.

Or whitelist subnets of local providers?  Would allow any bots running locally I guess but it's a minimal risk and could keep you from having to verify someone coming in from a known local providers subnet.  I guess the question is how large of an area does the local dhcp domain cover?

The bots we're seeing are generally coming from china, germany, turkey, etc.

I guess I could just start blocking IPs by class A assignments.

My registration didn't quite involve any of this Drax0r, E... I didn't even have to search Goolge to find out that the Avenger was the Anna mascot! Recent human verifications to deter botnets and even checksums have involved a series of captcha where the user must identify the correct amount of images representing a given category, IE Cats and a rand(5): forcing the user to select 5 pictures of cats. Further, if you should be able to take a set of pictures in a category, create them at runtime with a random watermark added to the image and KABAM!! winner.

Micropayments aside, that is, with the exception of a simple search of "anna high school texas" http://www.ahs.annaisd.org/