by Alice » Tue Aug 21, 2012 4:33 am
Theo,
Seconding the reports of the user directly above me. Also ...
One thing I had to do when trying to eradicate spammers was go through and purge spammers who had already gotten through. A lot of spam registrations are like sleeper agents -- they'll register en masse at a point when the process is not difficult, and then use those spam accounts. For example, the ones that are posting now still, I'd bet some fictional money that they're accounts that haven't registered in the last day or so.
You can use the purge users feature in the Administration Control Panel to look for users with suspicious patterns. I would routinely delete users that never complete their registrations after a week. Personally, I wouldn't necessarily delete users who never post -- lurkers have a right to lurk -- but I would delete people who completed the registration process but never logged in, again, giving them a little slack time (maybe users who completed the registration process within the last week or two, or even a month, wouldn't be zapped). You can set up your own standards for staying a user and publicize them.
Also, unfortunately, smarting up the registration process only works so much. A lot of the more sophisticated spambot networks will pay people in third-world circumstances pennies per site to answer these sort of questions.
It's been a while since I fought board spammers, but off the top of my head, the three recommendations with the present circumstances I'd have would be (i) to use "Purge Users" both now and as a routine maintenance step as often as you find palatable, (ii) to use "ban by IP" when you ban spammers, and (iii) to bookmark the "View new posts" feature (available to anyone) as a twice-daily bookmark so you can see them as they pop up.
Good luck,
Alice