Thanks for the heads up - although we have two new players, three of the remaining four crop up on the list at stopforumspam.com, which is disappointing. I don’t know whether these are independent spammers who’ve all worked out the answer themselves, or if instructions for breaking the CAPTCHA question have gone into a spammer’s database somewhere. Maybe it’s worth waiting a few more days to see if they do start cranking out multiple accounts - if they don’t, then we just need to ramp up the question’s difficulty; if they do, then either we need a stronger dynamic capture, or we just need to have admins approve new accounts before they can start posting.

Why don’t you just use reCATCPHA (or whatever it’s called)?  That sort of thing is used by even the largest companies, like banks and Google.  Plus, it’s REALLY easy to implement, I think.

Actually, recatcha is fairly difficult to implement here, as I’ve heard. I personally wouldn’t mind having to approve new accounts, though having to deny several hundred spam accounts just to get to one or two good ones would be obnoxious… how about we require an email to be sent to an active admin after registration so that they know to add you?

lol I am amused that no one can spell reCAPTCHA.

Actually, I don’t think reCAPTCHA is much work to implement, it’s just a couple of bits of PHP that we can drop in at existing points in the code. It’s only a problem if it interacts weirdly with the rest of ExpressionEngine.

The problem is that we definitely get a few human spammers - low-wage workers who are being paid pennies to post slightly tailored blog comments (a couple of lines of some relevance to what they think the topic is, followed by their spam links), and who can easily jump through any CAPTCHA signup hoops we set up for them. The thinking behind the BlogNomic trivia question is that by setting new accounts a task that requires a minute or two of deduction, the human spammers would rather spend that time spamming a different, less secure blog.

I don’t know if they’re in a vanishingly small minority, though. Maybe we could try switching to reCAPTCHA for a week and see how that affects signups - I’ll give it a go.

Okay, we’re now running reCAPTCHA for new user signups. I’ll leave the “recaptcha test” user in the member list, so that we have a clear reference point.

Looks like this probably isn’t working - we had three signups overnight, one from an email which is flagged on stopforumspam.com. Maybe a combination of reCAPTCHA and a fairly complex trivia question would work - the trivia question to discourage human spammers, and reCAPTCHA to discourage bots being programmed to register multiple accounts as soon as their human master works out the signup process.

Really, though, we’re in a fairly strong position in that BlogNomic is a game - if we make the signup process a hoop-jumping “answer these historical game questions to get four numbers; add them together, plus today’s date, and tell us the correct answer”, then it’s just the first level of a game, to a human who wants to play.