Recently I began to receive huge amount of spam on forum. The attack started about a month ago with hundreds of fake registrations every day all adding spam links to various sites for SEO purposes. The curious thing is that they were able to bypass different types of visual verifications, anti-bot systems and email activation which suggests these are attacks with human intervention.
The pattern is the same: someone would register on the site, passing the visual CAPTCHA, activating the account, commonly with Yahoo or Gmail account and immediately begin to edit the profile adding links to their signature, URL, even profile pictures. Some would also enter more or less meaningless posts to give their spam links more exposure. The registrations come from different IP addresses, mostly from Asia but also from USA and Europe. To fight this I first started deleting the posts and banning the IP addresses but I soon realised that they change IPs and find proxies faster than I can ban them. A new registration would come every 5 minutes so I thought it must be some kind of smart script or bot doing it. I changed the visual verification to reCAPTCHA and added anti-bot question on registration. The attacks decreased a bit but quite a few were still able to get through. I even received an email from someone complaining that the reCAPTCHA was hard to solve! The same person then created a spam account. Since this proved to be not just simple bot attack but a massive spam with human intervention, I switched to manually approving new registrations. A new user will now have to enter a reason for registration. I will then review the application based on this input, email and the IP address. The spammers are still trying, entering pretty smart inputs, but I can at least eliminate them effectively before they can contaminate the forum. The manual approval will unfortunately reflect on regular users making it more difficult to participate. The spammers get more advanced switching from automatic bots to hiring humans to make fake registrations and enter spam links. How they manage to pull off such a massive attack using real man power so it pays off is still mystery to me.