Hi all,

We are getting a very large amount of auto-registrations from spambots over the last couple of hours that are using @gmail.com/net/org or @mail.ru registration addresses. I am therefore banning the entire @gmail.com/net/org & @mail.ru domains temporarily for the use of registering new accounts. This will not affect members already registered with such an e-mail address.

How are they passing the image verification test?

I know that some forums keep the text that is in the image somewhere inside the PHP code. I checked BB but I could find the leak.

Hi George,

Nothing is hardcoded in the actual source code, the registration bots are just getting smarter all the time with OCR getting better as well. Most CAPTCH)A mechanims of the free e-mail address systems have been cracked by now (gmail, hotmail, ...) so that gives the spammers a wealth of free e-mail addresses to use (see: http://it.slashdot.org/article.pl?sid=08/02/27/0045242&from=rss). I will need to upgrade the board software to the most recent version to make it more difficult for the spammers.

And they made a company (http://www.captchakiller.com/) out of it for blind people!

How about adding another question to the sign up forum which is similar to:
How much is X + Y ?
Of course X & Y should change always.

- George

Hi George,

I believe such questions are part of the security scheme in the next release of the forum software. So I will implement it in the near future. Nevertheless, even that measure is not abuse-proof unless the questions are formulated in such a way that they can be be answered by using for example rainbow tables.

More than 2 weeks has passed and I have not seen a spammer!

Good job Pat!

Hi George,

Thanks. They seem to come in waves so let's not declare victory just yet.

Hi all,

I am letting @gmail addresses pass again for registration.