Are bots capable of posting from registered accounts?

Not unless bots support cookies. Hmm, that might be a good way to do block them, instead of the sneaky javascript i was planning. Problem is i don't REALLY know what bots are capable of. 

The title and the name of poster are both perfect Chinese characters, I mean, not only they are Chinese characters, but also they make sense.

i.e. the name of the poster ( if we translate it into English), is "Travelling in Hainan Province", in which Hainan is indeed a southern province of China and is one of the most famous sites.

Hmmm... 

I had to disable comments on my website after I got hit by bots posting a shit load of crap... always from *.ru domains as well; never quite got that.

I tried to set up a captca but my host doesn't have the library in place for it to work with php, yet another reason to move hosts asap!

There has to be a way of stopping these twats in their tracks without adding too much hassle to legit site visitors (does that JS solution work if they have JS disabled??) 

If the author of the bot could be arsed to put the effort in. Given that the func_ software runs one just the one site it seems unlikely that anyone's going to go to that much effort to spam a bunch of cranky mappers...

Captchas are so fucking annoying. The problem isn't that bad. 

www.BesMella.com has been getting spammed too :| 

so we just got our first spammer who actually created an account to spam with. I have this idea that I actually came up with in a dream, where we use "shibboleths" to restrict accounts only to people who are into quake or gaming or mapping or something. Something like, show a picture of a fiend and say "what is the name of this monster" or "what level does he first appear in on normal skill?" or something. 

that's the most pathetic thing you've written yet. 

What is this monster called?
"You know, this thing that.. it shoots these pink balls that follow you.. meh, i give up." 

just throwing it out there. I don't really like any system that restricts account registration, but we may need a way to block some humans if blocking bots turns out not to be enough. Some types of systems, with varying degrees of annoyance and exclusiveness:

- register, get activation key via email, go back and submit the key (needs a valid email address plus you need to be human)

- captchas (you need to be human, even if you're a human visiting a porn site with a rerouted captcha)

- shibboleths (like captchas but you have to have some insider knowledge that anyone in the community would know. could still be rerouted to a porn site, but they probably wouldn't bother for func)

- can only join with an invitation by an existing member. This sounds really exclusive, except that if people can establish a presence here as an anonymous poster, they could become known to members and then they could just ask for an invitation. (downside of that: a spammer could just look at the board for a username that always posts anonymously, and pretend to be that person in an email request)

Then there are various ways to grant delayed or restricted priviledges to new members, such as you can't use function X for a week after joining, or you can't use function X until you're modded up by an admin (we'd have two tiers of regular members.)

Anyway, I really would rather just let anyone post and anyone join, but I think eventually all weakpoints in the board will be exploited. So it may just be a matter of time. We'll see. 

"You know, this thing that.. it shoots these pink balls that follow you.. meh, i give up."
You are talking about Kinn, don't you? 

to just delete the offending posts and remove the account? 

I didn't see Spirit's post before I replied 

I hope you didn't misunderstood it, I meant that you are the "thing that.. it shoots these pink balls...". No, not nice of me either. Slap me :D 

I think just stopping bots should be enough, there's really not much you can do when a human is decided to come spam somewhere. It's not a major problem on other message boards, don't see why it would be one here (not enough moderators maybe?) 

In the short term I can just improve the moderation tools.

I'm thinking forward to a time when the volume of abust gets high enough that it takes too much human effort to moderate. We're not there yet, though. 

Limit posting to registered users and create one "anonymous account". Just a common user account with a password everyone knows (like the qmap@qmap). Maybe just put an image on the login page with the username and password for anonymous posts. The ideal would be when this user had a changeable name so people still can/have to enter a name.

You'd need the email approval link then too, so bots can't register themselves. 

Uhm, that user must not be allowed to login via cookies of course, so no-one can block it. Just add a Password field in the "Post A Reply" form that people will have to fill everytime then (if not logged in with their real accounts). 

... just use captchas for anonymous posting and account creation. That's a system that most people understand nowadays.

What do you mean by rerouted captchas btw? 

http://www.boingboing.net/2004/01/27/solving_and_creating.html 

well, there's two problems:

- keep spambots out completely
- keeping human abuse as low as possible

The captchas are only good for dealing with spambots, but I have some other, less-annoying-to users ideas to deal with that first.

The latest train of thought has more to do with how to reduce human abusers. 

actually i quite like the invitation idea. It works VERY well for gmail..

and including #tf we have a pretty nice infrastructure for inviting new members already. You could just drop a line on the registration page ' please come to irc and ask someone for an invitation..'

you'd have to make sure that new users can't invite thousands of spammers immediately then, though. 

I myself think invitations for such a tiny message board is completely stupid. =)
Come on, this place doesn't get so much traffic, there are very little problems with humans spamming and such. 

Human abuse is incredibly small, IMHO. Invitation system just furthers elitism and discourages growth in a community that has been shrinking for some time. Furthermore, for users who don't even have an account, who's to say they'll take the time to ask for an invitation?

IMHO, the only significant issue is the spammers. 

A anonymous post & new account queue? When they initially sign up or post anonymously, it goes into a queue and has to be aproved by a mod or a certain number of existing members?

You'd make a section "New Account/Post Queue" that would be visible only to registered, active members. The new account or anonymous post gets routed there first before appearing in the main forums. If a post or an account is random or seems to have non-legit info, then it would take a number of members to either approve it or flag it for deletion. 

Its how they do it on esreality.com, and they have THOUSANDS of users -- they don't get much spam, if any (although, they get lots of stupid stuff, but thats not the same ;)