Looks like the spammers are getting through the sign-up process and beginning to flood the board with spam. If you guys haven’t done so already, I would upgrade to the latest version of phpbb. If that isn’t the issue - or if that doesn’t solve the problem - you may want to go to manually approved sign-ups for at least a while. I could volunteer to help with manual approvals, since I’ve done that at a couple of forums in the past. Spam sign-ups are usually pretty easy to spot.
Matt
There don’t seem to be any changes relevant to this in 3.0.4.
The main issue is that the default phpbb3 CAPTCHA is woefully inadequate:
blog.markbarnes.org/2009/02/09/p … a-cracked/
I’ve set the signups to approval only, until genete or I find time to switch to reCAPTCHA.
Ok, patched the registration form to use reCAPTCHA:
I’ll leave the admin approval on to see how well it works.
To other admins, I find Googling for the spammer’s email address to be useful since there are sites that post forum spammers details.
If it works well I’ll try to adapt it so we can allow guest posts again.
We have 33 pages of inactive members. Looking at the list and searching for their IPs, it seems that the spammy ones started on Feb 3rd. Should I delete all the newer ones?
I know a pair of accounts that aren’t spammers and that don’t post. Are earlier than Feb.
Maybe we can warn to those 33 and leave a reasonable time to respond instead of delete them without asking?
-G
Maybe going forward you could have something on the sign-up page about making a first post in a yet-to-be-designated introduce-yourself forum. After that, you get approved for the forum at large. That way, the zero posters are weeded out and can be safely deleted. If memory serves, they have a system kind of like this over at the Bitey Castle/Brackenwood Forum. I don’t know if any part of that system is automated, though. It may be all manual.
Matt
Genete: I think you misunderstand. There are 1650 (50 per page * 33 pages) inactive users and 1580 of those were registered since the Feb spammer flood. There will be a few legit users in there, but I think it would be better to delete them than leave the spammers in 1580 group in our database.
muhkayoh: they use different software, so we would have to reinvent their method. I like the idea of an introductions forum though, even if we don’t use it to tell spammers from non-spammers. Does anyone else think we should add it?
Pabs,
Yep, 50*33. I realizaed it after click on “Submit” button 
It seems that you already have sent a reminder to some of the inactive accounts (or was it to all of them?). Once they don’t respond I think we can delete the accounts.
Relative to an introduction post I think it is a good idea. At last it would make the spammers join slowly 
-G
I’m wondering whether requiring an “introduction post” is not a too heavy measure. Doesn’t this create an undesirable (to us) obstacle for potential new members that (initially) only want to ask a simple exploratory question?
G.
Genete: only the last 50 registrations, about 10 of them bounced. I’ve no idea what the “Remind” thing does anyway.
Gerco: I agree and wouldn’t want to make it a requirement. I liked the idea because it helps make the community more cohesive.
Anyway it looks like the spammers have been stopped for now, lets leave it for a week or two before turning off admin approval.
Yeah, I like the idea of keeping an intro forum optional if it isn’t being used for spam control. If there’s a mod to do what I’m about to suggest and if it doesn’t suck up too much admin time, it’d be kind of cool if admins could give “introduced” members some kind of fun nickname or brief description based on that member’s intro. You see that kind of thing on some boards and it can be fun. (Or maybe I’ve been studying animation so long that I’m regressing to a juvenile state of mind. 
)
Matt
Ok, I’ve created the introductions forum, if you registered recently and want to introduce yourself, please go ahead.