Pretty annoying, right? Here's the situation: As far as automated countermeasures go, we've already got the best anti-spambot system already in place (reCaptcha, run by Google). That's the biggest and most important line of defence. When I've got a few quiet moments, I'll look at adding these enhancements (as mentioned in this blog post):
- Install the http:BL mod to check IP addresses against the world's shared IP blacklists
- Modify the site to use Akismet against forum posts
- Potentially block users from posting links when they have less then 5 posts (or maybe wait 15 days from their registration or something time-based)
Now, a major problem we'll likely always face is that spammers are literally paying humans $0.01/post to register and spam for them. I can make it a little bit harder on them - as of right now, new users will have to provide a valid e-mail address, and they must click a link in the e-mail they receive when they sign up to validate their account. Ultimately, though, a human can get by anything we can put in place.
I'm open to additional suggestions for how to deal with this issue; let me know if you've got any.