How to stop "backlinkers" from registering (SEO=spam)
Hi folks, I'm wondering if you have any suggestions because we're at the end of our rope! The web site I manage has been hit with a flood of new user registrations that are NOT people authentically trying to join our community. Since this started on October 1st, we have been getting approximately 10 new users per hour, 24-7. The IP addresses are almost always unique and the profile information is different each time, sometimes with spammy links, sometimes not.
More backstory in this blog entry.
What I have tried:
- Standard text and math CAPTCHA, reCAPTCHA, Mollom, and Spam module. These are no help, which indicates that it is humans and not bots filling in the forms.
- Closing the user registration form entirely and redirecting users to a webform (still with a CAPTCHA). (This way at least the database doesn't get clogged with these fake users.) This has only caused a tiny slow down in the pace of submissions.
Does anyone have other suggestions for how to make it stop? The best idea I have heard so far is to charge a few cents for each registration (and probably refund it later). I am also looking into the Riddler module, but I will have to make the questions pretty nuanced, which may frustrate some of our users...
Some techniques
Here are some options, which you may find distasteful:
* Check the IP addresses of the spammers. If they're coming in from a geographic location you don't wish to serve, block the entire IP address range of the ISP (at a firewall, not in Drupal). I have, on occasion, blocked much of China, India, Romania, Ukraine and Russia from being able to access. I don't like doing this, as I travel abroad quite frequently, but it works for a site that has no need to serve those regions.
* Configure Drupal to disallow registrations from email addresses used by known spammers (@spam.ru) and any Gmail addresses containing a '+' sign. Consider disallowing all webmail systems.
* Force all registrations to go through an approval process.
The Advanced User module http://drupal.org/project/advuser can be a big help in flushing out these accounts.
I think you'll find that most of them are being created by individuals connecting from Internet cafes and sweatshops in poor countries, paid a pittance piecerate to boost the Google rankings of casino/drug/porn sites.