PeterT wrote:Heh, I just let mySQL optimize the "posts" table after deleting all the spam, and it went from 4 GB to 13 MB
Wow, that's more like it! Plus the 64Mb or so of file attachments from the various challenge solutions, should be an easy backup now.
Just 14 minutes for the first spammer. Oh dear.
For the spambot registrations, I have a few suggestions:
1) Email requests instead of signup
- keep the forum at "none allowed"
- have a major post inviting people wanting to join to send an email to a communal account. But written in non-copiable form.
Something like "armadillorunforummembership at gmail dot com". And we can ask for something specific in the title too, if that helps with filtering. You guys probably know what works to foil spammers better than me.....
Also, the thread could be updated every time the email account is "cleaned", so if someone is trying to join and they get missed, they can see they need to try again, and shout louder.
If a genuine user is detected, the "admin" can switch it on for a few minutes to create the new account, and then shut it off again.
Someone would still need to check the email account (I can do that, but it can be "communal" too, since it's sole purpose is forum registrations), but I think it'll be much easier than trying to keep the flood of spam accounts at bay. I think it was that flood that prompted Peter Stock to switch to the self-authorisation and queued post approval about a year ago. If the flow increases too much, we register a new email account and abandon the old to google..... (changing the forum thread to reflect the new email address).
That's the best benefit - it shifts the flood of new information to another server, as well as limiting that flood in the first place.
2) Revert to Admin account approval before posting is allowed.
We could probably cope with sifting through 10 or so new accounts daily (maybe up to 50 per day short term), if the forum registrations setting is reverted back to the admin approval requirement of old. But a couple of days ago, one spammer registered 25 accounts all at once, so if we leave a crack open, it'll be forced wider.
I'm happy to give this a go, watching and seeing if it is manageable, if this is the preferred option.
Although, 14 minutes for the first hit...... I'm worried....
3) Permissions of user groups - allow new users to PM, but not post.
New users are rare, but not extinct. As SketchyGalore and Reuben have proven over the past month. Their ability to PM proved invaluable to their approval.
The further possibility is to add a new user group, with permissions to PM only, and not submit posts. Any new account registrations go in there. Peter Stock said he wasn't flooded with PMs even though his forum thread to new users said to do so.
Or, that if new users by default go to the "registered users" group, then the existing members get shifted to an "approved user" group with posting permissions, and the registered users group is denied.
4) move home, or software
Or, we shift to Andrew's server, as he says he has no trouble at all with spam registrations.....
Does smf have better anti-spam properties? I have no idea about this one.....
It's lovely to have the problem of having to choose.
But I'm not the expert here, so whatever PeterT, Andrew, and probably PeterS think would work best, I'll go with.
I have the time to admin for the foreseeable future (ie volunteering for all of the above). So don't worry about it being neglected. I'll shout if / when that time comes.