I've had a recent blast of new spambots in another forum I run as well. The security question nested in the banner is no longer an effective means. Bots have been programmed to look for this now it looks like. Guess it has become a trendy solution. Oh well it worked for awhile. You might want to turn off registration entirely until can come up w/ a plan. Otherwise could have as much as 50 users registering a day. I'd shut if off till you can come up w/ a new plan. email verification won't do it.
You are right. Probably the answer to the current security question has been hardcoded inside the spambots. What if we change the question to something like: "What is the name of poiuy_qwert's complete modding suite?" or "Which game does BWAPI work with?"
https://www.phpbb.com/community/viewtopic.php?t=2122696 I'll have to read some of this. At our golf forum we simply set up a yahoo email account and a contact info sheet where people had to make some kind of formal application reason for wanting to be part of the forum. The nice thing about the security question we had was that it was 2 words, included numbers.
Prob the safest method is to have new registered users automatically be part of a separate user group that can easily be pruned etc. That new group can only post in a designated forum that flags admin that they are indeed real members wanting to join and not bots. From there they can be allowed to post into the forums. Not very convenient, but would seem effective.
I'll prob try this on our golf forum. The new forum/category maybe called Registration and New Accounts. Didn't we try something like this in the beginning? Was a pain if I remember, but zero chance of bot getting through that's for sure.
I believe, it will be best if it's somehow automated. The security question used to do a good job for a long time, but obviously a human user has hardcoded it inside the spam bot repertoire, so might just think of another security question. Another option integrating: Google's NO-Captcha ( http://googleonlinesecurity.blogspot.de ... ptcha.html )