Re: [Savannah-hackers-public] captcha insufficient

[Michael J. Flickinger]

On 9/18/11 2:29 PM, Karl Berry wrote:
> Michael, all,
>
> Sadly, it seems the captcha is insufficent (not surprising, of course --
> if human spammers signed up before, we can't stop them).  User robomo:
> https://savannah.gnu.org/siteadmin/usergroup.php?user_id=85295
>
> signed up yesterday and posted a spam on a freetype bug report:
> https://savannah.nongnu.org/bugs/?32245
>
> (I spamified it.)
>
> I wonder about doing both the captcha and asking for
> "year GNU was announced + today's month number".

I'm a little confused, you want this on the registration page?
If the captcha isn't stopping them, then I don't think also asking for 
the current month will either. :(

Are you suggesting adding a captcha every time a new patch/bug/support 
item is submitted or updated?  If so, I think that may get a little 
annoying to users.

If the spammers are created by humans, but auto-spam then we'll need 
captchas on every form submission, which just seems cumbersome.

What do you think the ideal solution is?

> I don't expect to completely stop spammers from signing up but
> I fear that it happening a day or two after the captcha means that soon
> there will be a flood.
>
> Wdyt?
>
> karl
>
> P.S. To get "recent" user ids, I've been running:
> echo "select user_id from user where add_date>1316185718;" | mysql savane
> where the big integer is a time_t for, e.g., yesterday about this time.