What is with the bot spammers already?? There are 3 more posts in the Poll's thread by bot spammers.

Can one of the Admin's take a look and see what the deal is?

Thanks!

I've found the program that is being used to spam us (and thousands of other message boards, it seems). I already passed a link to the program to the moderators when I reported one of the messages.

It seems to me all we need to do is make it "hard" to post for the first time, since the program creates a new account each time it posts. Any off-the-shelf solution that is widely used will be worked around; a simple custom modification to vBulletin should do the trick, I think.

The moderators here have been very good about removing spam posts quickly once they have been reported. Click http://eq.forums.thedruidsgrove.org/images/tdg/buttons/report.gif (found in the lower left corner of each post) to report a post as spam, advertising, etc.

On second thought, a custom modification might not be necessary. I think vBulletin already provides a way to require any user's first post to be validated by a moderator.

I don't know how many new users we get each day, but that might be an option.

I always liked the authentication schemes which required that you correctly read text from a garbled/warped bitmap and then enter it in an edit field before validating your account.

http://en.wikipedia.org/wiki/Captcha

Right, but this particular program claims to be able to work around those (at least ones that are commonly used--23 different sample CAPTCHAs are shown on a page as examples of the ones this program can decode). With each version of the program a few new ones were added.

Can't you just use some unusual validation method that the program won't expect?

Ask a few druid questions, or something that can be answered by referenced to another part of the site.

I'd hate to see registrations drop off, I'm still waiting for a Muslim to join the OT forum.

Well, the CAPTCHAs they decode are pre-packaged, so to speak. Any custom solution would probably confuse it if it's on a small enough scale.

Of course, it won't stop the humans who are paid to spam forums.

Can't you just use some unusual validation method that the program won't expect?

Ask a few druid questions, or something that can be answered by referenced to another part of the site.

I'd hate to see registrations drop off, I'm still waiting for a Muslim to join the OT forum.

Oh hell no. Suddenly we'd all be on the news for causing ****ing riots over in Islamia

Yup, Yrys. That's why I suggested a small custom modification.

Having moderators approve the first post by each new account should work against both automatic and manual spam though, and shouldn't require any software modification. It might create additional work for moderators, but without knowing the ratio of legitimate new users to new spammers we get, it's hard to say how much additional work it would be (given that the moderators already end up with reported spam posts in another queue).

I'm looking into it. I havn't had time because of the hoilday.

I wanted to be sure to make it clear that I didn't think this was something that the Admins weren't doing... I just had never seen any bot spammers before and had seen 4 in 2 days and wondered if there was something new going on.

I am sorry if it sounded like I was being accusatory - just wondering what the deal was actually.

Yeah, we've noticed that they come in waves and they've led to some domain level bans for registration email addresses. Rah and Sobe generally handle the server's IP blocking level while I generally ban the actual user accounts. Sildan, Netura, Ruadh and the rest of the mods do a great job of sniping the actual posts and trashing them whenever they see them.

Right, but this particular program claims to be able to work around those (at least ones that are commonly used--23 different sample CAPTCHAs are shown on a page as examples of the ones this program can decode). With each version of the program a few new ones were added.
Do you know whether the program is deciphering the text out of the image data or just recognizing individual images from a limited set (via checksum or binary comparison)? If it's the former, that's either some pretty sophisticated coding or they're crappy CAPTCHAs.

If you don't mind, could you PM me a link to the software? I'm interested in the technology (from the standpoint of preventing spam, not contributing to it).

PM sent.

Some research that suggests to me their claims might be true (at least to an extent):
http://www.cs.sfu.ca/~mori/research/gimpy/

PM sent.
Thanks!

Some research that suggests to me their claims might be true (at least to an extent):
http://www.cs.sfu.ca/~mori/research/gimpy/
Interesting research, it makes me miss school. It would be cool if they had a web app that provided a way to test CAPTCHAs -- I'm itching to see if I can write a generator that could defeat their algorithm consistently. :)