Ruksak, i believe even with moderator approving threads can be circumvented. They would only need to post a proper thread and edit it afterwards with their spam. Only way that could be countered is if the software running site can also require edits to be approved.
More mods seems like the only solution that will work which the admins approve of, they don't want to limit new members, but they have to do something about the spam.
Mod approval would denote cross-referencing the prospective members destination. A common source trying to reenter would be identified using this method. At least this is how we identified previously banned members trying to renter Dtrades. Not sure if spammer tricks could mask their source IP, which I'm sure Molster could clarify for us.
right now,they are all located in the same general region.
However, if they re-act like the korean spam back in dec, a Region ban, causes them to start using IPs from all over the world
But really, as soon as the issue with our system is fixed (its a pretty silly/basic one) it should go back to catching it all like before.
PS: Total off-topic, but I've noticed people can no longer post images and have them display in the actual post. I never had this issue before, but now when I try to attach an image, it only displays as a link with a broken IMG tag.
It shows in the post-box when typing it out, but when I click 'post reply', it breaks.
i thought now-days any new forum had automated limitation triggers to be enabled like:
- wait 1 min before posting again
- you posted 3 threads in fast succession wait xx min before posting again
- we had to many request in short spawn of time from your region for new account creation pls wait before trying again xx time
- our forum had to many new account creation in a short spawn pls wait again before registering
so if someone enters in the above and he gets reported by someone on forum also the timer on his post escalates higher as auto detect limitations
also i thought the before creating something/wtv(thread/account) on forum the popup "prove you are not a bot" selection was actually good against bots
cause if its not a bot and someone haves a personal grudge on you, and does this things manually himself then the easier is to catch/slow/stop him since he spends actual time of his life and also leaves a trace of personal info meanwhile doing this attacks
PS: also usually there is always the same pattern in their name and can be easy detected by some word control check "meaning/semantic" of words etc bndmjkslopghfnhusksandfhkdkmrf
And there are also tools to block them by not saying it clearly as showing them that you actually block, but fake it with some error message: "uh we are sorry site crashed"
Let them insert all then info and on next step turn empty the boxes and remake them reinsert all the details from start as of excuse fake glitch in site
That can be used on any creating account info detail or simple posting thread, where human eye can see that after pressed button "Post reply/thread" all info got lost while automated action cannot
and so on etc etc ^^
404 sry page not found fake the automated block-down wen some alarms where beeing triggered like odd name string and etc
What is more absurd to me is that the content of those spams is so not connected to d3 community. Maybe some witch doctors would fall for those voodoo stuff : D....
I mean if this was erectile problems forum then some viagra would be great help. If this was PUA forum then "how to win your girl back with black magic" would attract some interest.
These particular spams puzzle me.
Like....who the hell, EXACTLY, is their target audience? Is there an interest in black magic love potions? Has anyone ever called them to purchase their goods? What is the goddamn point of this spam?
One of the spams last week actually made me bust out laughing, with a snort and everything. On one line it said "Learn evil black magic spells"........on the next thread down it said "Cure for black magic spells".
I thought to myself "This is either a really solid business model or these people are nucklin' futs".
As a web software developer, I know that stopping spam can be very very challenging. I don't know if you're doing this already, or even if it can be done in your system by your devs at Curse. But just a couple of suggestions on top of my head:
2. If that's not enough, you can play with events at a JS level. Ie: by turning anything that can submit anything into some dummy visual data container, and then adding the required functionality with JS. You can even get to the extreme of generating your pages dynamically (although that might slow down surfing performance).
3. You can also use browser cookies written with JS. No cookie? No posting.
Let's face it: requiring JS to be enabled in order to be able to use the site isn't that preposterous.
In addition to Project Honeypot, per narshanna's suggestion, you might also look into Mollom and StopForumSpam.com to remedy spam control issues. Additionally having tiered user roles/levels where access is only granted to post once the user has verified their email address is a standard practice as well.
RE: Honeypot and other suggestions: Those are fairly basic and commonly known concepts. This spam is a bit next level - on some days even the official forums and Reddit are being hit. It's not really trivial, with how big Diablofans is it attracts more sophisticated "spammers" than the usual stuff. The huge majority is already removed by the system automatically or prevented altogether; what you see is only the very tip of the iceberg. So imagine how much crap there is every day...
@Enslaved: That doesn't help at all, spammers would just make more accounts. Which is in fact already what's happening, most of the spam that you see is actually from throwaway spam accounts that just spam once and then never become active again. Usually, there's only 1-2 of those "multi spammers" per day that escape the system. Not sure why it's more today. Also, it's summer time and many of us mods are on short or longer vacation (or at least not lone), which sometimes results in spammers being there for a few hours before being dealt with.