We use the captcha and also a question which some BOTS are able to answer! I was wondering whether or not blocking servers with dynamic email addresses would block out folk from Yahoo or google accounts?
Asher
I just logged out and went through your Registration process. What I found is that you are using a mathematical question of what is "7 plus two". Unfortunately those type of questions do not work. They are too easy to figure out - - - especially with popular software where it is easy to know what is expected from any type of security plugin.
So even though instead of using 2 physical numbers, you have used a physical number along with a written number to try and fool say an OCR (wouldn't fool a real person spammer though) - - - - the spammer is already one step ahead by simply entering into the field, every number starting at one. Using addition questions is the most popular used and the answers to almost all equations are low values. The difference of using a question such as I suggested (and had almost 100% success with) - is that a simple entry of say numbers from 0 to 30, on subsequent tries - isn't going to gain them access.
Using specific questions related to the website, like "What is the name of this forum?" and "What color is the logo?" - might be a better option than using general questions. The one downside of verification questions though, is that they are specific to a language - - - most commonly English. That keeps out a lot of people that you may want to be a part of the forum.
----
As far as blocking IP addresses, I have always figured that to be a dangerous approach - as it can easily restrict legitimate people who use the same IP address from registering. As well, I do not believe that IP addresses are always accurate as many use Proxys and other schemes to mask or cloak an IP address so they can't be tracked.
Targeting email addresses, is a losing battle when it comes to stopping spammers - - - the same one is seldom used twice - - - and if blocked, is easily circumvented.
----------
Other than the things you are already doing (which a forum owner pretty well has to do them all) - - - about the only other thing that can be done is to alter the source code in some way. Realizing that spambots follow a set of instructions based on a specific forum software registration structure. They are expecting the order of the fields and fill them in. By playing with the source code so that they are in a different order or so there are extra hidden fields to fill in that would trigger a spam attack - logically may help out. In fact it was figuring this out 4 or 5 years ago, that helped stop spam emails being sent through my photography website Contact Page. I added an extra hidden field (not input type "hidden", but physically hidden with a CSS style of display:none) - and so when the form is submitted, it only gets sent to me if that hidden field is empty. I wrote the logic that checks for that field, in my php form processing script. It cut down hugely on the crap I was getting each day. Neither of these will stop a human spammer though.
Rob