First, I absolutely love the new gamedev. Active content instead of active topics. I can live with that. Active Gallery instead of image of the day. I can live with that.

Anyways, I'm browsing through the active members (which I'm assuming is the list of new members), and I have noticed that there are quite a few spammer accounts registering quite frequently. Most have them been banned, and I haven't found any that have made a post or thread yet. Some of them have a link to some page as their homepage URL, or what not. Most of them have been banned.

Are we seeing an increase in spammer accounts after switching to this new board? Have any of these spammers soiled our forums?

Already reported one for the banhammer, which resulted in postnuking. Wouldn't suprise me if we're getting more spam now that we're using something less home brewed. That's for the moderators to suffer the results of, for the most part, though.

First, I absolutely love the new gamedev. Active content instead of active topics. I can live with that. Active Gallery instead of image of the day. I can live with that.

Anyways, I'm browsing through the active members (which I'm assuming is the list of new members), and I have noticed that there are quite a few spammer accounts registering quite frequently. Most have them been banned, and I haven't found any that have made a post or thread yet. Some of them have a link to some page as their homepage URL, or what not. Most of them have been banned.

Are we seeing an increase in spammer accounts after switching to this new board? Have any of these spammers soiled our forums?

We had a discussion about this and rather than chase these kinds of people/bots we will leave them for banning if they try astroturfing in the forums. Otherwise we are going to spend a lot of time chasing our tails for very little gain. Unless some automatic flag can help us chase some of these accounts away.

Throw in a few custom authentication systems. "Did you cry when Bambi's mother died? Y/N" etc. If you fail that, you get flagged for review.

What about adding the good old WordPress feature: you need to have posted at least one good thread/reply, approved by a moderator before you can post another one (eg the first post/reply won't even appear in the forums before it's been approved)? That would add some minor pressure on the mods, but I'm guessing this pressure is nowhere near as great as that of fighting automatic spam. The approval/disapproval system could be automatic and provide all mods with the same list of new first postings, each showing the two first lines of the post by default and having two buttons next to it: approve/delete. If a mod clicks approve, the user is good to go; otherwise the account is placed on the suspected spammer list. Each day (not time!), when a mod logs in, his first reaction is to approve or delete 5-10 (or whatever the sign-up rate might be) first postings and then continue with his regular trolling.

Simple, elegant and highly effective is what I think.

Throw in a few custom authentication systems. "Did you cry when Bambi's mother died? Y/N" etc. If you fail that, you get flagged for review.

Needs an option for "did you cackle like an evil overlord" or I'd fail it.

Throw in a few custom authentication systems. "Did you cry when Bambi's mother died? Y/N" etc. If you fail that, you get flagged for review.

Never saw it, thanks for ruining it.

Are we using CAPTCHA? If not, put that on the to-do list.

Here's another technical option (certainly not foolproof, but better than nothing and works pretty well in my experience):

Add a few honeypot fields to the input form for registration. These are input elements that are then hidden using simple CSS. If the backend script detects ANYTHING in these input fields, it rejects it completely. You can make two honeypots: one can be "visibilty:hidden;display:none", and the other can have the color, border color, and background color all match the page background. Normal people won't see it, but bots will. Some bots are smart enough to know a honeypot field that is truly hidden, so this will throw off the smart ones too. For the truly evil, you can rename the honeypot fields name="email" or name="password".

You can also randomize the legitimate input field names. Instead of name="email", use name="fjhWOhg3OWX". Then just know that "fjhWOhg3OWX" is the email field on the back end.

And finally, you can put a hidden timestamp field on the page and reject anything that isn't registered within a certain amount of time. This makes it unlikely that bots will harvest, parse, and cache the page. Most of them probably assume that all alike forums work the same way.

'Luckless' said:

Throw in a few custom authentication systems. "Did you cry when Bambi's mother died? Y/N" etc. If you fail that, you get flagged for review.

Never saw it, thanks for ruining it.

Ah yes, but is the question actually based on something that really happened in the movie,...

Come to think of it, I'm not sure if I've even seen it.

'Luckless' said:

Throw in a few custom authentication systems. "Did you cry when Bambi's mother died? Y/N" etc. If you fail that, you get flagged for review.

Needs an option for "did you cackle like an evil overlord" or I'd fail it.

Or "giggle like a madman", else I would fail it too.