I use forum software (phpBB) to run my Board Game group’s website. One of the problems with doing this is spammers trying to sign up to the forum so they can spam it. Although I have safety precautions in place – no-one’s posts are made public until I am sure they are a real person – the sheer numbers of spamming attempts used to make this a chore.
The spammers use automated software to detect the type of forum software a site uses, and act appropriately in signing up. The demonstration of this that I saw was amazingly sophisticated – the spamming software first signs up for a new hotmail/gmail/whatever email account, then goes through a submitted list of likely forums, registering with each one, using that address. It then tests to see if it has posting access – if it does, it posts spam, if not, it then waits for (and responds to) any security/registration emails the forum software sends, all automatically – then having been approved, it posts spam.
As I say, protecting my forum from this used to be a chore. However, for the last year now, I have been using the services of http://www.stopforumspam.com/, which is a collaborative database of known spambots. It has a very simple API, which makes it simple to integrate with most forum software, and on the very odd occassion a spammer hits my website before it makes the list, a single mouse click adds it to the database.
The thing I particularly like is that the database holds the username, email address and IP address used by spambots, but the API allows you to choose which you filter on. I choose not to filter on username, as I don’t consider them to be unique enough. Filtering new registrations on email and IP addresses seems to do the trick.