Just wanted to update you on what Ive done to prevent forum spamming as there were several users who felt awkward forwarding the site to their managers when trying to present a case for adoption of open source testing tools within their businesses. Obviously this kind of defeats the purpose of the site so Ive made it a priority to improve the anti-spam techniques used. What follows is my current anti-spam strategy, some of these were in place already while others are new, hopefully this will stop the problem in its tracks:
– [b:1qp6rlgl]Email confirmation[/b:1qp6rlgl] is required during user registration, this puts many spammers off as a genuine email is required.
– [b:1qp6rlgl]Visual confirmation[/b:1qp6rlgl] is required during user registration which means that bots cannot register.
– The [b:1qp6rlgl]forum software is updated[/b:1qp6rlgl] immediately new production releases are made available, these often have security/spam fixes
– The [b:1qp6rlgl]memberlist page has been removed[/b:1qp6rlgl] so that URLs to sites of spammers who do not post are no longer visible, defeating the point of these spammers registering; members can still view the profile of a person via a link from one of their posts.
– [b:1qp6rlgl]All posts now require visual confirmation[/b:1qp6rlgl], this should be the nail in the coffin as humans were registering and then passing their login to their bots.
– A [b:1qp6rlgl]bot trap[/b:1qp6rlgl] on the homepage successfully throws most bots off the site and permanently bans them before most of them even reach the forums.
– [b:1qp6rlgl]Daily manual checks[/b:1qp6rlgl] take place as well as all these automated methods, and spam is removed immediately it is found.
Unfortunately I had to make a tradeoff between two very important areas: spam protection and accessibility. Visual confirmation using bitmapped images (captchas) presents a real problem to users who are blind, have low vision, or have a learning disability such as dyslexia. However, the user registration has used visual confirmation since 2003, and no-one has contacted me yet regarding this issue so I am assuming this has not been a problem for the sites users. If this does cause a problem to anyone though, please do contact me and I will look into applying alternative anti-spam measures.