enable captchas for site security

site has been infested with bots recently you might consider enabling captchas and removing them with account verification.

just a thought.

I haven't been here for a while.....I've been lurking around every few weeks and I have also notice the spam. I actually own a site a lot bigger than this one and we get about 50 spam bots per day and we manage to stop all 50 bots. Let me say that captcha has been cracked and it's useless, it will provide SOME protection, but most bots these days have bypass that security. The BEST spam protection are the Q&A's, make up your own questions that only people would know. Nick, you should also look into CloudFlare, and stopforumspam.com as means to thwart spammers. We get about 2-3 spammers per week now. Just my suggestions...

We have both a captcha (I have to get around to installing Re-Captcha, which we had before and lost in the last update) and the Q&A type of question. I need to add some hidden fields to the mix too (if filled out, its a bot). We actually had captcha off for a long time and only had the Q&A questions, with no negative effects I might add, until some troll started raping the signup form.

CloudFare it seems is a performance product, a cache on steroids. I think our current hosting package is great. In any case, I will opt for memcache before paying for something like cloudflare. memcache will probably take us 98% there. DNS. We're using DnsMadeEasy and haven't had a DNS issue in _years_.

Stop forum spam looks interesting on the other hand. I think we already block India and Russia entirely. I actually wrote a module that used a third party service like this before to validate signup emails against a black list. Unfortunately that service is no longer operational.

Please don't install captcha - many people (including myself) can't stand trying to decipher the letters - and as someone else said it's been cracked and is useless.

Some better tools I've seen are the Q&A and asked to identify a color in a picture - both easy and I think harder for bots to figure out.

The Q&A's works wonders, you should probably add captcha for new members only. Like, they have to have 20 posts + 5 days registered to be moved to the next usergroup. The hidden field is smart, you can also put a time stamps on your hidden fields and check how long the user took to register, less then 5 secs = bot.

CloudFlare is free...and it is on steroids lol, but the real benefit is the security features. It stops spammers and bots at the dns level. With CF you also don't have to leave your host. The only downside to this is that you can no longer hide your ip with dnsmadeeasy, since they have a policy to give your IP on request.

You can also limit the amount of signups per IP to help against trolls. Anyways, let us know what you decide!

We already have a captcha at registration. We need it not to stop bots, but to discourage trolls from making multiple accounts. It's an intentional hassle in the registration process.

Oh you mean captcha to post? I would never do that. Thats too much of a pain for users.

DnsMadeEasy is a DNS provider, it doesn't anonymize your IP, it just makes sure that your domain name is always resolvable. The IP is public information, otherwise people wouldn't be able to reach the server. CloudFare steps in between your server and the DNS record, so in effect they become your proxy. That's why they have that policy, their business is not an anonymous proxy, its all these other things. I dont think spam is a big enough problem for us to warrant a DNS switch, which is what cloudfare needs. DnsMadeEasy just makes sure that our server can be reached in the first place and has been 100% reliable. I don't have the same confidence in cloudflare. All it would do is automatically filter some traffic...

As for limiting signups per IP, we already do that.