I Love the new forum, the design is great, but best of all? Captcha required for registration.

Thanks comprug! I like that it has a very 'clean' look to it. What does everyone else think?

It shocked me at first. Had a double take. . Very nice though!! Now lets try to keep all the spam off this nice new forum

the themes nice but the captcha, thank god.

I have to say like Jason, it shocked me at first, as did the new website, although, at first, I thought that my FF extension had errored, and blended two pages together (Long story, css from one page, and content from the other). I too had to refresh the page in Camino, my no-extension browser. Thank god for the captcha like Derek said, although some users were created before, so if they hit twice we can just delete them.

Thanks for the comments, I appreciate it.

The next step in this 'forum refresh' project is to actually dump users from the database. Pretty much I'm going to search it for users with 0 posts, and then look at their names and 'deleted' posts. If they are suspicious they will be removed.

At this point the 'spam' we have gotten since the upgrade is from old users that I have failed to delete... trust me when i say i will be FAR more strict now.

Now how about some custom Avatars and some user moderators to control the spam

We had custom avatars before but they were grossly abused, hence the restriction. Returning the custom avatars is not out of the question, just something we'll have to discuss and enforce in someway. As for user moderators, that is something we also had; however, those users either left the forums, or stopped moderating. If you want to moderate a thread, just let me know (drop me a PM or an email) and I'll put it under consideration.

Darell and Jason,
First and foremost, sorry for the long post, although Captcha breaking is complicated. About user moderators, that is something both I and Jason have stressed, as before we complained to you guys, we noticed every spam post, and I believe that at that period, when we were the biggest client users of the forum, that we could have cut 95% of spam within 4 hours of it's posting. Now, I know that in the past user moderators have left, and I have observed from the statistics, but lets face it - do I want to open a support ticket every time I have informal questions, comments, or interests in various topics such as beta offerings? While the HMS forum may not be popular, when it is in use, it is unique. As for user avatars, I think it would be fair that a restriction such as must have 60 posts or greater be enforced, if possible. I am happy with my "Proud Client" Avatar, but still it would be nice to change it, or at least if avatars are not possible, to upload some more. I believed I mentioned to both of you how I at first thought captchas were circumvented, mostely stemming from a widely known algorithm, but I realised that another common tactic is to have humans input the stuff, as they believe they need to to register for the said spammer's site, yet really they are helping the spammer register for the forums. It is an all too common tactic. Therefore, it might make sense to prevent hotlinking if that is the case. I also know that while I haven't gone through the code of PHPBB, there might be a simpler solution: let's face it, it is pretty easy to unscramble MD5 hashes. When I copied the captcha location, I noticed an MD5 hash in the id paramater... most likely corresponding to a specific captcha image supposed to make guessing an archiving captchas hard, because it probably is too strenuous on the server to generate a new captcha each time. I believe that these spammers have collected PHPBB captchas, as one of the most widely used forums.
Regards,
Ben

Yep, you guessed it my friend.

I have been busy researching new and FAR more powerful CAPTCHA's the last week and a half. I found the one I am going to use and have been testing it and playing with it to ensure it's truly as secure as I can get.

As for hotlinking, we have already put forth a lot of measures to reduce spam, and I don't want to take away something that is useful for everyone. The more we take away the less the board will be 'liked'... it's a fine line. Maybe the line is just in my head, but the last thing we would want is a locked down forum where you can only read and reply. No coding or helpful images, etc. I think that would sort of 'kill' this venture.

As for the human element into registering... I honestly hope that is what they are doing. Dumping their money into a meaningless job only to have little or no impact. Really, spam is the 'scum' of the internet. They think of anything to exploit anything popular, not thinking that they are actually pissing off their 'potential clients' by breaking code and hacking into restricted areas *cough* these forums *cough*... I really wish laws would be made about this already. It's sort of the same thing as someone breaking into your home while your gone and painting their logo on your living room wall. Sorry I'm rambling now...

Anywho, like i said I'm trying some new security measures which will be in place by the end of the week. There will be a slight delay tomorrow as we are rolling out a new product- perhaps I shouldn't have just said that...

Darell,
Perhaps there was a misunderstanding in the term 'hotlinking', since you have more experience than I, I assume that I was using it the wrong way. You are absolutely right that preventing people for linking TO images and that stuff would be bad, but I assumed it was possible to hotlink protect from people linking to the captchas in particular to prevent unknowing human captcha circumvention. I have to say that I have been annoyed by spam on these forums, but only one post truly set me off, although it really set me off... That and the new product in my pm.
Wait - so you think they are HACKING into these forums to get past the captcha?