I've disabled signatures for new members (this means all members who have been active for less than two weeks and have less than xx amount of posts. This because a lot of spambots register and then put a link in their signature. I hope this might discourage them - at least for a while.

If anyone has ideas how to counter spambots please don't hesitate to suggest them. It would be nice to keep these forums clean :)

Actually, disabling signatures will make it harder for us to identify them as spambots. A lot of the new Rummer scripts have very human-like communication attributes which makes it hard to determine if it's an enthusiastic new member or an actual bot.

And majority of these postings are coming from India and Israel ISPs sites (such as airtel-broadband); which makes me think it's a botnet that sniffs for high-hit forums. The people that are doing the spamming are not reviewing our website, but are actually hitting up an entire deck of sites.

The most effective way to prevent spam that I've implemented is to have a human check that's not just a captcha. Ask a meaningful question such as "How many steps are there in the scientific process?" or "What is the name of this site?" Most botnets cannot understand that style of spam prevention.

Actually, what M said reminded me of this (http://xkcd.com/810/).

If they're indiscriminantly spamming, then the fact that their advertisement (via signature) gets blocked isn't going to deter the attempt.

I believe Ubuntu forums has a system where you have to answer a simple question, like what is 2 + 2. Maybe Gand could implement something like that for vBulletin?

Let's just see if this measure changes anything. Usually spambots give them away because the subjects of threads they starts is very generic, or they seem to be posting random replies. We'll just have to see if this actually helps or makes it worse - if it doesn't work we can always go back to how things were :)

Indeed. Although most botnets can easily break math logic. An actual word problem would be more effective, for example "What's two plus two?" or "What's ten minus zero?"

I have an image captchas in place (re-captcha) but if that doesn't seem to be working, I'll put additional verification for new users.

The Captchas system has already been worked around in most botnets. Unless it's physically unreadable to humans, a computer can get it right on the third try. Basic logic as well. That's why I keep putting in suggestions for something that requires cognitive intervention (such as math word problems or historic questions)

Indeed. Although most botnets can easily break math logic. An actual word problem would be more effective, for example "What's two plus two?" or "What's ten minus zero?"

Yeah, that's what I meant :P

Or maybe make them a bit more challenging, that should keep the stupidest people away too :D

Well, then again, the majority of people who come here come because they can't find sheet music anywhere else, so having something that anyone can do, say, "What is the main colour of the current website logo?" would probably work - also, it's near-impossible for spambots to get that right :P

I was thinking among the lines of general trivia. Like, what is the nearest star to us, who was the first president of the USA, what symbol generally stands for love, etc

Simple questions that anyone *should* be able to answer. If not, they're either:
1. Stupid, we don't want them here
2. Way too young, officially they shouldn't be here
3. Spambots

Version 3.x only supports one type of verification, but after we go to 4.x we'll have lots of additional options to play with.

Typical proprietary software company <_<

M's a software hippie.

Of course, I live off of producing it B)

I just searched for "anti [insert name of most popular spambot on the web]" and saw a pretty good idea. Reject registrations if they take less than x amount of seconds. If it's filled out at an inhuman speed, out it goes :)

The only probably with that is some people use auto-fill programs that automatically enter preset details for registrations. So that would reject their requests too..............however it would keep the lazy ones out. :think:

With vb4 we have a new slew of spam countermeasures that have been deployed, so we are re-enabling this for the time being. If anyone sees some spam, please use the Report Post function so they can be crushed mercilessly!