Hello all,
With forum spam reaching higher and higher levels, many YaBB forum administrators are having to spend more time dealing with the problem. I would estimate that attempted spam on our forums has increased at least tenfold in the last year.
I am also absolutely certain that robots have been developed which crack the standard YaBB Captcha, because the vast majority of attempted registrations are undoubtedly from robots, yet the Captcha does not dseem to stop them, no matter how it is configured.
Pre-registration with admin approval does not seem to be doing a lot to stop the attempted registrations either; we have been getting perhaps 25 - 30 spammer registrations every day, which needs a lot of effort to keep on top of and reject/delete.
So I had an idea which seems to have worked perfectly, and I would like to share it with other YaBB administrators. It has decreased our attempted spam registrations to...zero. And it was very easy to implement, using YaBB 2.5 AE.
What I did was to create an extra Profile field. The label for this is "Security check: what is 25 + 13"?". I set the field to numeric, with a maximum 2 character size, and made it compulsory to enter data in. I set the field to be visible in registration but nowhere else.
Now, obviously the logic does not exis t to check that the correct solution has been entered, as one sees on many websites which use this type of numerical security check. But this does not matter. The point is that a spam robot will not know that it has to enter a number, which can be no more than 2 digits long. And this in itself seems to be stopping the robots from registering. Since implementing this field in registration three days ago, we have not had *one* successful attempt to gain entry. Obviously I checked that a human can still register!

I'm not saying this will work for you, but it may be worth a try. I just wanted to share this with other forums in the interest of combatting a common enemy.
And I really believe that a new version of the standard YaBB Captcha is overdue, because the current one has been cracked. My recent experience seems to have proved that the vast majority of registration attempts are robots, and, logically, in order to register they have got through the Captcha.
I also wish that there could be a concerted international effort to track down and punish the spammers hard, because these parasites are ruining the internet for others and destroying countless hours of hard work. I don't think the problem is taken as seriously as it should be. To my mind, writing and propogating spam robots should carry a mandatory jail sentence. It might deter a few code kiddies from going into this type of activity.
Kind regards
Andy Briggs
Publisher, Science File
http://www.sciencefile.org