That's a huge problem that started a couple of years ago. There are some companies out there actually paying people X dollars for registering Y accounts on different sites. One of my clients was getting up to 1,000 registrations a day last year from these people. We finally let some through for a couple of days to post their spam, then checked what all the links were going to. They were different sites, but owned by one company in the UK. The lawyers sent this company a letter and it stopped.

The really sad part about this new tactic is that your options are greatly limited to the point of non-existent on stopping them. Since they are humans doing actual registrations, any attempts to thwart them will also get the regular users trying to sign up. You're left with actual human moderation to combat them.

Globally 2013 saw huge spikes in spamming activity. These people are getting more bold, and that does lead to us having to rethink a strategy to combat them. Here's some possibilities:

- Limit the number of registrations by IP in a given time frame. Either block or require admin authorization on future attempts. This works to an extent, but if people use something like Tor to register, then it doesn't.
- Create moderation displays, showing the first 5 posts and comments from new registrations.
- If you allow new users to post content, force the new post to a draft and email site administration/moderators to approve it. Once they get X approved posts, then they can publish.
- Depending on your site and users, require admin authorization on certain IP's based upon their geographical location (requires GeoIP library or 3rd party API).

No solution is perfect, but I have used a combination of these in the past for clients and they have been very happy with the results. Most options are only doable via custom coding though.

Jamie Holly
http://hollyit.net
On 4/5/2014 8:51 AM, Walt Daniels wrote:
I get them to, but it is not mollom's fault. They are actually registering and typing the captcha just like a legitimate user. In our case they even have to use a legitimate email as they cannot do anything more than an anonymous user until the verify their email. I don't see any pattern I could apply to the user names that would distinguish them from our valid users who have some pretty weird usernames. You could find or right a module that enforced using "real names", i.e. John Doe. But I even got some like that that turn out to be spammers.


On Sat, Apr 5, 2014 at 8:13 AM, Linda Romey <lromey@gmail.com> wrote:
I am having the same issue. Have you contacted Mollom? That's on my to-do list. I'm not sure of the value of the monthly fee if I still have to continually monitor my site and delete spam accounts manually.


On Sat, Apr 5, 2014 at 8:09 AM, James Rome <jamesrome@gmail.com> wrote:
I have Mollom installed, but yet a handful of account applications
escape their captcha/analysis each day. The problem is that the only
obviously wrong field is the username, which is not listed as a field in
the Mollom configuration. I get names such as: qropspension_5362

Is there any other way to get rid of these would-be spammers?

--
James A. Rome

http://jamesrome.net

--
[ Drupal support list | http://lists.drupal.org/ ]


--
[ Drupal support list | http://lists.drupal.org/ ]