arthur_negas — 2011-05-11T14:56:33-04:00 — #1
I have a three step registration process on my site and the form includes a captcha and checks that the referral from step1 to step2 etc has come from within the site and that all form fields have been filled in correctly.
Without being any expert on spamming, that makes me hopeful that the registration spam that I get is at least human-generated rather than bot, but more than happy to be corrected if I'm being naive or over-confident about the security measures I 'd taken.
The bulk of the spam registrations are @guide3.net web.de and gmail email addresses and wondered if anyone had any successful solutions for preventing spam registration based on email address or IP that wouldn't make it a pain for the honest registrants.
Many thanks in advance.
system — 2011-05-19T06:18:33-04:00 — #2
Install some plug-ins which allows captcha make it conditional it will reduce your spam to half
mittineague — 2011-05-19T14:03:59-04:00 — #3
IMHO, if I had to pick only one thing, it would be to block anonymous proxy IPs.
The script kiddies are cowards and like to hide behind them when they SPAM.
eastcoast — 2011-05-19T21:31:13-04:00 — #4
Checking form fields that have been hidden by css for no input is useful - a couple fields named 'email' and 'comments' will generally attract attention of bots but won't be seen by humans
rainner — 2011-05-19T22:32:08-04:00 — #5
some other things that could help a little in addition to what has been mentioned would be to use some Regular-Expressions to check for patterns of spam and maybe display the person's IP and user agent next to the form to discourage them. the real spam doesn't even require the use of forms so be thankful you're not there yet lol.