The forum

I think it's just that lousy chinese company X _ _ _ _ I that's doing the spamming. A single-post limit for the first 24 hours after registration could help. Don't know if that's technically possible.

I think is a problem aswell.

Blocking and deleting is great, but it doesn't help if you're reading on RSS, because the blocked posts stay there after they're entered. I'm really hating those guys.

Ok, so I changed some of the CAPTCHA settings, and it sees the spam has gotten WORSE.

Jon, thanks for posting that, I will have to look into it. Unfortunately, I really don't know what it means :/

I'm a little concerned that while I'm out of town for a week at BGG.con, that the site will be completely overrun by spam posts. If anyone knows how to deal with this, please contact me via PM or something because I'm really uneducated in all things internet software related :(

- Seth

Fascinating. It had not occurred to me that the real 'audience' for spam like this is not the people on the site but the webcrawlers at Google. But, it makes perfect sense now that you mention it because oftentimes the content is close to gibberish. I imagine that it is because the spammers are actually packaging a number of different clients together to into one post in order to maximize their own return on investment of labor. So, what we see is the garbled jumble of keywords and links which a 'stupid' webcrawler might not necessarily recognize as meaningless.

Wow. Quite interesting. We are not the targets of the information but the pawns.

i tried a couple of different anti-spam things on my forums, the thing that worked best was one that asks a very simple question as a captcha, rather than a distorted image. notably, the ones that ask math questions DIDN'T work very well at stopping things, but the ones that ask general knowledge questions work perfectly. obviously this still doesn't stop actual humans, but there's not really a good solution to that that i'm aware of.

Captcha was far too hard, I was honestly scared I was going to have to post at www.boardgamegeek.com to let you know I couldn't log in. Could you just do something along the lines of captcha, but disable per individual per request. So for example if I say please don't make me use Captcha, you can flag my account as safe. Where as if user WOWGOLD$$$$ asks to be taken off you can reply, after you are in the community for at least 3 months and post relevent content.

Seth made me an administrator and after a few days I made the following observations:

1) It looks like the spammers are indeed real human beings
2) BGDF gets an average of 30 new users per day(!)
3) Of these 30 new users an average of one seems to be a real, serious new user, but of course it is hard to tell just by looking at the email address
4) Of these 30 new just users, 28 never perform any activity on the BGDF
5) Of these 30 new users, one user actually spams the boards
6) An average of 15 spam comments are made per day
7) Cleaning up the spam and blocking the user takes an administrator around 15 minutes per day
8) An administrator is not always around to clean up the spam. It might take a couple of hours, or even days in the worst case, before an administrator notices it and has the time to deal with it

I have to talk to Seth when he gets back from BGG.con, but I would suggest the following.

I don't think the captcha's do much, other than making it difficult for real users to login to the site. Maybe they discourage a couple of would-be spammers, but apparently there are still enough spammers that are willing to go through the trouble. The site only offers two variations of captcha's, the math one and the image one, so we don't have a plethora of choices here. I would suggest doing away with the captcha.

One option mentioned was to have an admin approve each new user. I like this idea, because there aren't so many serious, new users anyway, so it won't take an administrator much time to approve new users. Less time than cleaning up the spam anyway. One downside is that new users might be intimidated by it and be less inclined to join. It can also take up to one or two days before a new user is approved. Also, it is important that an admin is able to distinguish a real, serious new user from a spammer. I'm not sure if there's an option to ask a new user to tell about his motivations to join BGDF and perhaps some other questions (such as, what's your favorite game or game designer) which would be necessary to make this distinction, but if it is possible I think this could be a better solution than the captchas.

Oh, nuts. I totally forgot to talk to Seth about this.

If the BGDF is using the Drupal CAPTCHA module I think it's using, there are many other CAPTCHA options available. I've found several that strike a very nice balance between effectiveness and challenge.

Yes, it is relatively easy to implement a small survey of questions that a new use must answer when submitting a new user form.

If the BGDF would help implementing this, I'd be happy to assist.

Much better, thanks! I hadn't had the patience to log for almost a week now.