On top of all the other stuff that makes my life such a non-stop rollercoaster of excitement, I do a bit of forum admin as well. By which I mean dealing with the non-stop influx of spammers. Amazingly for a forum with a robots.txt that basically tells every spider to fuck right off, and which therefore doesn’t make much impact on Google at all, it still gets a stupidly high spammers to legitimate sign-ups ratio. Something in the region of 30:1, and that’s probably being generous.
Even a captcha set to near-illegible couldn’t stop them, but on the plus side it’s meant that I’ve become pretty good at spotting spammers a mile off, usually before they’ve even activate their accounts. On a really good day I’ll have a look at the Who Is Online bit of the forum, set it to display guests and catch someone in the middle of registering, meaning that I can check their IP address and, assuming it comes from Latvia or China or similar, ban them before they’ve even submitted their details. Which is tremendously satisfying.
Otherwise it’s a matter of regularly checking out new active and inactive accounts and going to work on the spam; deleting the account, banning the email address and setting the username to disallowed. Spotting them’s easy since they tend to use nonsense names like bethkumkkal, minksgerda or Squabeinvique, and a load of them have Gmail addresses that go *firstname.lastname@example.org. They get trashed immediately; if I’m not quite sure then stopforumspam.com is a brilliant resource, and if I’m still not sure then I’ll go to Google.
All straightforward enough, if a little time-consuming. But then people on the forum started moaning about our robots.txt; apparently having your stupid posts show up on Google validates your existence or something. So we’re trying something different; opened the forum back up to spiders and crawlers and implemented a new captcha to offset the Google visibility. Ditched the image-based version and put in a Q&A captcha that asks a random question that you need to be an English-speaking human to answer.
I had fun thinking them up. A few examples:
- What is eleven minus three?
- How many wheels does a motorbike have?
- What colour is yellow?
- In what language is this question?
Got a sensible amount already, and I’ll keep adding to them. I wasn’t sure how it would work out, but since turning it on yesterday morning we’ve had precisely no spam accounts registered. I’ve seen them trying to register but nothing’s got through at all. Quite impressive on the whole; it’ll be interesting to see how long it is before they crack this one and we have to come up with something else.
On the minus side, the robots have flooded in and already caused a Too Many Connections error. We might have to see how it goes and maybe tell them to fuck off again.
Anyway, though: what questions would you use to separate the humans from the spammers?