Combating Spam on a Simple Machines Forum (Version 2.0)
By: Shawn J. Gossman (www.AnotherAdminForum.com)
When I visit the SMF support forums, I frequently see new topics all over the place over spam and how to stop it from happening on forums. I decided than a good article on all spam combat options on an SMF 2.0 forum would be a great thing to write. I am sure there are other articles on this but I thought I would give it a shot as well.
First, we need to understand what spam is. Spam is unauthorized or annoying advertising topics and posts that usually come from spam bots, human spammers and even members who don't even realize they are spamming the forum. Spam is a big annoyance on the internet in general; a common occurrence in email and many online communities and social networks are often hit with a lot of spam every day. There are ways to combat spam and especially on SMF 2.0 powered message forums.
SMF's built-in features to help reduce spam
In your forum's Administration panel, under Security and Moderation (hover over the Configuration tab), there is a link to Anti-Spam. You should click on this link to go to the built-in anti-spam features that SMF has to offer. Here, you can adjust all the anti-spam features that SMF has to offer. You can decide whether or not guests have to fill out a verification (CAPTCHA Code) on registration, guest searches, guests reporting of posts, guest posting (I recommend to NOT allow guest posts due to spamming) and you can even require verification until a member reaches a certain amount of posts. You should check most of these boxes. However, you should know that CAPTCHA should not be taken as your single line of defense against spam as it is often broken through by spam bots and human spammers.
So this is a good time to move down to the Configure Verification Options and Verification Questions (on the Anti-Spam page). I wouldn't be so worried about what to set the Verification Images to be (I personally choose simple) but I would enable the Questions Verification as this feature is often one of the best lines of defense on an SMF community. SMF really made a great choice by implementing this anti-spam feature. I personally set mine to where a new member only has to answer one question. You can choose how many you want but I would keep it 1 to 3 questions only so a real member doesn't have to be annoyed by having to answer a bunch of verification questions.
When you create your questions, don't make simple ones and stay away from math problems. Math problems on these systems are often beat by spammers and often too hard for people to answer. I myself am not good at math at all and if the question is too hard, I just choose not to register because of that and that is bad for marketing. Instead, make your questions have to do with your niche. You can make them a bit difficult to answer if related to your niche because most likely, people will look the answer up (the real members that is) because they are taking interest in the niche and want to learn more about it. I would also make as many questions and answers as you can so that you don't have the same ones over and over again which could be beaten by spammers eventually.
SMF's Registration Options
Now you should go to your Administration panel on your SMF community and hover over the Members tab. Then hover over Registration... and then Settings. Here you can do some more to combat spam. You can the Method of registration for users. I suggest Email Activation and what this means is that a user will join and then be sent a link in their email (the one they used to join with) and it will require them to activate their account. Many times, spam bots and such use fake emails that don't work when attempting to join forums. If the email doesn't work, how will they activate the account!? You could also choose Admin Approval which will require you and/or other Administrators to manually approve new members when they join. This is a decent way to combat spam but if membership registration rates get high, this method can become overwhelming at times.
I also suggest checking the option to notify you of a new registration. It will send you an email every time there is a new membership. This is good because you can go review the member if you are able and watch them to make sure they are not spammers or to activate their account, etc. pending what setting you have enabled for the Method of registration. I also suggest that you enable COPPA, for one it can get you out of legal situations that really do happen. Another reason, if you reject under a certain age, many spammers who fill out a birthday that is under the age limit will be rejected from joining. Any way you can prevent spam is a way to follow, in my opinion.
Third-party modifications to help combat spam
One of the modifications that I always suggest people add to their SMF community is the Stop Forum Spam (http://custom.simplemachines.org/mods/index.php?mod=1519) modification. This blocks so many spammers from joining that it isn't even funny. I just suggest not scanning for usernames as some of the most common usernames are listed as spam names. This could make you lose a lot of real potential members if you enable it to scan for usernames. I think setting it to scan for IP addresses and emails is well enough to make the system work for you. There is also other modification such as one that use Project Honey Pot (http://custom.simplemachines.org/mods/index.php?mod=2155), Askimet (http://custom.simplemachines.org/mods/index.php?mod=544), Bad Behavior Mod (http://custom.simplemachines.org/mods/index.php?mod=2502), Delete Spam Posts (http://custom.simplemachines.org/mods/index.php?mod=1007), Photo CAPTCHA (http://custom.simplemachines.org/mods/index.php?mod=2965) and Stop Spammer Mod (http://custom.simplemachines.org/mods/index.php?mod=1547).
When installing these third-party modifications, it is important to know if the version is compatible with your version of SMF. The ones above are compatible with version 2.0 from what I read; those are all the spam modification I could find for SMF 2.0 in their modifications database. I would also read all the reviews, support discussions and a comment of each modification to make sure it's as good as it is listed to be.
The importance of staff members and active owners
All the methods listed above will greatly help you reduce spam on your SMF 2.0 community. However, it may not keep all the spam out. There is no such thing as software that blocked all spam 100% and if anyone tells you there is, they are wrong. The best method to block spam is human intelligence. This means that being active on your community and having active staff that constantly look for spammers and spam posts will be your best method of combatting spam. This will especially help for human spammers as they will see an active team that doesn't put up with spam on their forums. It is a great deterrence for some human spammers.
I really hope this article helps you better understand ways to combat spam on version 2.0 of the Simple Machines Forum software. Please feel free to comment with your thoughts on my articles and anymore suggestions you may have to help prevent or combat spam on SMF. You may redistribute my article on other websites as long as you keep my name and link (below title) intact and a link back to this original article. Thank you for reading my article and good luck with your forums!
Great advice, and perfect timing for me as I had just started my SMF forum and just received my first spammers.
One thing you didn't cover though is what you would recommend to do with member accounts guilty of spamming. Ban them? On email address, or ip etc.? Just delete the account? I'd love to hear some advice on this.
Well this article was mainly on combating the spam bots. For what to do, I would ban spammers by username, IP and email address. :) Thanks for reading!
Nice guide :)
Thank you Dr. Deejay! :) I hope it helps some of the new SMF owners out a bit!
Quote from: Shawn Gossman on September 17, 2011, 04:23:20 AM
Combating Spam on a Simple Machines Forum (Version 2.0)
By: Shawn J. Gossman (www.AnotherAdminForum.com)
I suggest Email Activation and what this means is that a user will join and then be sent a link in their email (the one they used to join with) and it will require them to activate their account. Many times, spam bots and such use fake emails that don't work when attempting to join forums. If the email doesn't work, how will they activate the account!? You could also choose Admin Approval which will require you and/or other Administrators to manually approve new members when they join.
This feature is no longer truly protective as my forum is now being successfully registered via bots even with e-mail activation. They definitely have successfully defeated the CAPTCHA and reCAPTCHA verification system as neither has stopped the bots, even at the most extreme setting.
Perusing the various user names, IP's and e-mails utilized to successfully register, there isn't any one readily identifiable method to easily distinguish the spam bots utilizing the built-in tools of SMF 2.0.
Quote from: Shawn Gossman on September 17, 2011, 04:23:20 AM
I would enable the Questions Verification as this feature is often one of the best lines of defense on an SMF community.
Yes I wholeheartedly concur with this recommendation. What I determined so far as of today (September 22, 2011), enabling this registration requirement has completely eliminated spam bots from registering. I do have 3 questions required, although they are rather simple ones for humans to understand and answer. I have now switched back to e-mail activation versus Admin approval but enabled notification of new registrations so I can finally once again step back from having to micro-manage my forums.
Although it isn't fully protective, it still does protect your better than having it instant activation, there are still some spam bots that cannot get through it :)
I know there are employers in India that hire data entry people to decode captcha. I am assuming they are doing it realtime - the bot tries to register and sends the captcha to the people who enter it and then the bot continues the registration process. I would imagine eventually they will do the same with the question, but I haven't seen any evidence of this yet. Do you have any ideas what we can do when they get to this point?
I have also seen an advertisement asking for a program that would generate new valid email addresses at 15 minute intervals. They could use the same email address to join hundreds of forums but there would not be any way for the individual forum owner to know this.
I know that some forums require an introductory post before the member can post anywhere else. I saw one forum that took new members to a topic called spam, and the new members had to post three times there before they could make a post in the real forum. The spam topic wasn't visible to members. What do you think of this idea?
This has probably been asked before, but I am worried. I have had hundreds of bots join in the last few days. Is there any other damage these bots can do besides posting spam and clogging my server? I have my forum set up so the member can't post any links until they have made 10 posts. Is there another threat from these bots I should be aware of?
I have a friend who doesn't delete the bots because he says having more members increases his advertising revenue. Is this a valid approach, or is he asking for trouble?
I have also seen job listings asking for email addresses scraped from forums. In my opinion, I don't think there is any reason to allow email addresses to be shown. If a member wants to contact another member, they can send a private message.
good guide. thanks!
can someone disable post verification on my account here??
You shouldn't allow members with under 3 posts to edit there own profiles.... That stops profile spam.
Quote from: captaingeek on October 28, 2011, 07:49:08 PM
good guide. thanks!
can someone disable post verification on my account here??
After you get so many posts here on SMF, it will disable itself. Its a way to block spammers :)
getting spammed like crazy now its growing exponentially one fake user every few hours now.
I added a simple question we'll see how that goes. It'd be nice if you can remove all of a users post when banned.
A simple question will likely be answered correctly. Make your questions moderately difficult and related to your niche. As for deleting posts, if you choose to delete the member instead, you can delete all their posts and topics when you do it :)
Install Stop Forum Spam, you will be shocked as to how much spammer accounts stop!
Good article! Captchas are useless when it comes to a good robot IMO. We upgraded our 1.1.15 forum to 2.0.1 about a month ago. We were using a medium difficulty captcha plus a rotating/random question mod for the past couple of years. We had very little spam. When we upgraded to SMF2.0.1 there was a period of about 10 minutes when the only registration protection was the captcha built into SMF. It came to life with the difficulty set at medium just as in 1.1.15. In that 15 minutes we had 6 new registrations, all of which were found to have extensive spammer histories (250+ reports in Stop Forum Spam). Three of those made multiple spam posts with many links.
I had loaded SMF2.0 on a test sight before the upgrade in order to have a good look at the admin tools. As soon as I entered and activated the Verification Questions I had decided upon the spammer registrations stopped cold. I could see their IP's trying to register, but all attempts failed. That proved to me the validity and usefulness of questions.
Since then I have also instituted an additional profile field/question and made it a mandatory fill. Nothing too difficult but also nothing predictable like a math question. That makes a new member fill in a field that is not expected by a robot. Xrumer spammer software can be programmed "see" an unexpected field and compare the contents of what comes before the field to a table of simple math questions and answers and try an answer that might be appropriate. Devilishly clever software.
I have performed a couple of experiments since then. I set the captcha to extreme difficulty. I removed the questions and extra profile field. Left for a period of 15 minutes there were 5 registrations that came up in both StopForumSpam and Project Honeypot. Two immediately started posting messages containing spam. Once the questions were re-instated the spammer registrations ceased immediately. Xrumer can read many captchas, including Gmail type, faster than most people can.
2. I removed the captcha altogether. No discernible change in registrations. But much more friendly to "real" people.
Notes:
I have also restricted guests to simple viewing of topics. Guests can not see member profiles, etc.
New members must make one post to topics before they can modify their own profile. I have only had a couple of queries my members about this in the couple of years we've had this policy in place. Zero signature spam. We use "post count" so members automatically advance after the first post.
Restricting guest view of posts could harm your search engine ranking, just be warned about that :)
By restricting viewing, I mean to say just about all the guests can do is view all the general membership topics. They can not post to topics, can not see the memberlist, and so on.
No problems with the bots reading our forum; Google does 10000 on an average day; good numbers on all the others too.
Quote from: MtnDon on November 22, 2011, 11:11:21 PM
By restricting viewing, I mean to say just about all the guests can do is view all the general membership topics. They can not post to topics, can not see the memberlist, and so on.
No problems with the bots reading our forum; Google does 10000 on an average day; good numbers on all the others too.
Oh okay, I see what you mean :) Yeah guest posting IMO is always a bad idea.
Good Guide :)
Also highly recommend making a post count group for all newbies that requires first X number of posts to be approved by a moderator.
While this is a small delay to posting it is worth it to help keep the spam off the list from manual signups. Currently I have this set to only 1 on our forum as by the tone of the first post you get an idea of what the intent is normally.
A huge help, thank you.
Thanks for the article.
I always preferred the question type mod that rotated through several questions.
Thanks Shawn for taking the time to write an in depth article.
This reply is for info share only.
Seems there are differences in effectiveness between SMF's V2.0.x Anti-Span Verification Questions and the SMF MOD Anti-Spam Verification Questions for SMF 1.1.7 found at http://custom.simplemachines.org/mods/index.php?mod=1516
Background: My club's SMF forum was under increasing foreign registration attack since March 11. IP Bans failed to stop the registrations and BotScout helped slow the flow but did not halt the attacks. Finally in August 2011 I installed SMF MOD Anti-Spam Verification Questions for SMF 1.1.7 with three questions. How many sides to a triangle, How many sides to a square, What is the sum of 3+4. I had peace at last. Implementing that mod stopped all foreign registration attempts.
Fast forward to today. I upgraded the club SMF forum from version 1.1.15 with the Anti-Spam Verification Mod listed described above, to SMF version 2.0.2
I implemented the same three questions with the built in anti-spam verification features of SMF V2.0.2.
Within the first 12 hours under this configuration, there were sixteen successful registration attempts.
All User Registrations require Admin Approval, so I get to delete these Foreign Registrations. No impact to our members.
I just find it peculiar that the Anti-Spam MOD used in SMF V1.1.15 was 100% successful but the same verification functionality using the same questions in SMF V2.0.2 has a crack in the armor.
Just wanted to share my experience.
Not really surprising, though.
If you use questions that are obvious when put in a search engine (and sufficiently generic you'll get consistent answers out of a search engine), it becomes trivial to automate... Especially when you realise that the markup in 2.0 is now consistent.
But the same markup area is different in 1.1.x with the questions, meaning that bots wouldn't necessarily pick it up while they would in 2.0 - to them it might be seen as a customised 1.1.x that they don't know how to beat automatically.
Or, alternatively it could just be coincidence... Just because you did the upgrade, there is no direct evidence to show a correlation in spam changes (though I think that in this case it is more likely not to be a coincidence)
:-[
I'll admit when I'm an idiot.
"I swear officer, I only had a little to drink tonight!"
Must be an age thing kicking in... I swear that that I tested the registration with validation questions, but when I investigated today, no anti-spam measures invoked.
Finding the errors in my ways, I checked the box for "Require verification on registration page " and I'm using two questions with answers that are specific to the club.
Then I went back and tested to confirm. Yep... it's there.
Will check over the next 24 hours to see if the anti-spam measures keep foreign registration bots at bay.
If no news from me... then we'll all know that I had a brain fart.
I have a really dumb question - how exactly do you install the third-party verification Stop Forum Spam? I downloaded the file SFS_StopForumSpam.1.0.tar.gz, but I'm not sure where to put it to activate it.
Thanks for the guide!
There might be an easier way to do this, but this is what I figured out (I am using 2.0.2):
1. I downloaded the file from custom.simplemachines.org/mods/index.php?mod=1519
2. Hover over Admin, then click Package manager
3. Click Download packages, then Choose File under Upload Packages
4. Upload it, and it will walk you through the rest
I hope that helps someone!
Anyone got any advice for a forum running smf1.1.16?
On the verge of giving up due to the amount of SPAM on a daily basis..
Quote from: paulocon2 on November 05, 2012, 06:04:32 AM
Anyone got any advice for a forum running smf1.1.16?
On the verge of giving up due to the amount of SPAM on a daily basis..
Have you tried these MODS?
http://custom.simplemachines.org/mods/index.php?mod=2502 and http://custom.simplemachines.org/mods/index.php?mod=2815
I'll give them a go thanks!
Just need to figure out how to install them/where in the directory hirearchy to upload them!
Edit: Ignore that, just found instructions at http://wiki.simplemachines.org/smf/Package_manager
Quote from: paulocon2 on November 05, 2012, 07:54:35 AM
I'll give them a go thanks!
Just need to figure out how to install them/where in the directory hirearchy to upload them!
http://wiki.simplemachines.org/smf/Package_manager
SMF has always been my favourite forum script.
I have never had a problem with spam registrations in the past. Well, apart from the first day or so. But, in the past, after installing Stop Spammer, all was well.
Anyways, I have not been using SMF for a year or so (I had been using an old RC version).
I installed the latest SMF version last weekend. I have been getting spam signups every day since.
On Sunday, I installed Stop Spammer, httpBL, Bad Behavior, Forum Firewall......and I set up a honey pot.
On Monday (yesterday) I was still getting these spam registrations. So as well as email activation, I set up two simple questions last night (Monday) that had to be answered.
And today, I log in to find another spammer sitting waiting for registration approval.
What am I doing wrong. I have never had this severity of problem before, in all my years of using SMF. Is it a lost cause? Have spammers finally won?
update
I have made my two registration questions more difficult.
I am using the refrigerator question now! (many thanks to the folks in that other great thread about good questions to ask)
let's see how this works out.
I seem to be in the same boat as Strawberries. I've been having no major issues with spammers since setting up the forum, and when I previously did I just set up some questions and my problems went away. Unfortunately though in the last week, something seems to happen where spam bots are able to register for my forum and (I assume) they are some how bypassing my registration questions and (I assume) the captcha.
I added in another question, but that didn't seem to stop the spammers from registering. I installed stop spammer and httpbl and set up a honey pot... thats cool, it helps me as the admin easily see which new registrations are known spammers... but ideally I'd just like to somehow block them from ever being able to register....
Any ideas?
the spambots have clearly become stronger (almost unstoppable) in 2012.
but I am happy to say that by using a difficult question, in my registration page, I have not had a single spam registration since then (i.e. since Tuesday morning)
so if you have just installed SMF, I would suggest that as default precaution, that you set up a difficult question.
not too difficult mind!
There is a lot of good information in this thread. Thanks to everyone who contributed. My problems with spam bots was pretty minor until the past 10 days or so when it went from a couple a week to as many as 150 in a day. After devoting my entire days to deleting them as fast as they joined I decided to turn off registration in my forum totally while I decide what security measures to add. That worked good for a while and now even with registration turned off I have had 6 today already. It does make me wonder how they manage to register with registration turned off and if there is really any security measures that will work if turning off registration doesn't work. Well, back to my forum to try to apply some of the things I have learned in this thread. Thanks everyone.
I have my forum set up so that I have to approve registrations.... Since my forum is an invitation only forum, I have to manually reject all of them.
It seems there is a default setting that I can not figure out how to change that goes basically like this, "If the administrator does not approve them within 7 days, they are automatically approved."
My life would be so much better if I could figure out how to get it to be the other way ~~~ in other words: "If the adminsitrator does not approve them within 7 days they will be automatically rejected." Any ideas on how to change this?
no, there is no automatic setting like that.
seems their back again on my site. I've done all I can think of to keep them from joining my smf 2.0.3 site. they were out for quite a long time, now I'm finding they are joining again.
seems theirs nothing that will keep them out short of shutting the site down. I've tried most everything, nothing works for very long. How do they get past the anti spam questions? beats me... but they do.
I just changed the questions first time in a year. I doubt that will stop them. Ultimately they will get in.
these guys are just everywhere. their platforms can penetrate registration forms like an intelligent human being. i guess, our last option is to assign someone to religiously monitor every registration or have it approved by you first. :D
Im thinking of doing that. check every new registration personally using http://botscout.com/
every other method has failed.
I didn't notice a huge drop in spam after implementing Project Honeypot. Bad Behavior Mod helped. Installing a StopForumSpam plugin, however, was decisive in preventing spammers.
Just passing it along, in case it helps someone else out. :)
Blocking registration by partial user name - I like the ability to do that, but I would like to not show exactly why a registration was blocked.
Lately I have been getting a lot of spam registrations from user names ending in the numeric digits twenty three. If they immediately get a message saying twenty three is a restricted user name then they will just start using twenty four.
You're giving spam bots way too much intelligence.
Also... not telling a REAL user why the registration was blocked would just piss people off...
What if I wanted to register on your forum with the name "23-days"
If it just got bumped without telling me WHY, I would leave your forum and assume that it was buggy and was not allowing any registrations
I thought of a fun way to use security questions the other day while also helping to block even more spammers.
We all like our niches right? We also like quizzes! So require 3-X (or something like that) questions to be answered upon registration, first posts and so on and make the theme of the questions not only related to the direct niche of your forum but also in a quiz-like theme. The more questions you have (but don't have too many), the better you will block that bad robots and quizzes might be fun at least to a "majority" of new members signing up.
Just a thought though to ease the registration process... Who knows, maybe the idea can be used to make an advanced security question feature or mod, add some additional security questions options like radio checking, multi-checking, drop downs, etc.
Thoughts on this idea? Good? Bad?
personally, I think that may be overkill...
(and with checkboes or radio buttons, the spammer could actually have a rnadom chance to choose correctly...)
The new 2.1 multi-answer and multi-language capability would seem to handle most situations...
Yup, reducing it to a dropdown or radio button means you change it from an arbitrary collection of choices to a few which could be beaten totally at random without significant effort.
Well I can't argue that!
But how about the general idea of making it like a quiz with just regular fill in the blanks?
My main thing is that I don't want to annoy people trying to join. Most people are not going to think like we do, we know we are trying to prevent spam because its way more annoying but they just think we are trying to make things difficult.
Go for it - that's one of the ways to outsmart the spam bots.
Hi Everyone. I'm a new member with a rude awakening. I got 100 adult-spam posts within 12 hours even though people had to register.
My question, can I assume spam these days is often by real people rather than just bots?
Not at all. The vast amount of it is by bots.
Quote from: ‽ on June 15, 2014, 05:42:00 PM
Not at all. The vast amount of it is by bots.
I don't understand how I'm getting lots of spam registrations even with captcha and a question and admin approval. Are these likely to be human spammers rather than bots?
Admin approval is the "ultimate" way of preventing bots. If you approve them and then they spam you all over the place, that means that you are not doing your job properly :P
If you choose to have members approved "by hand", you have to be careful enough to manually check their IP and email address in known spammers databases. If you approve without checking, well, then just skip the admin approval and save yourself the hassle ;D
Furthermore:
* Captcha is useless (spammers crack it way easier than humans understand it :P )
* A question: What question are you using?
* As always: check this --> http://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do
Quote from: Mikelund on June 16, 2014, 03:41:03 AM
Quote from: ‽ on June 15, 2014, 05:42:00 PM
Not at all. The vast amount of it is by bots.
I don't understand how I'm getting lots of spam registrations even with captcha and a question and admin approval. Are these likely to be human spammers rather than bots?
Are you using challenging questions at all? Also, where are you promoting your forum at?
It seems about the best way to prevent spammers from taking hold would be to provide an option to approve of the first post(s). Other forums do this. Not sure why SMF does not.
Actually, it really doesn't work that well. SMF can do it, but in reality it just puts up more barriers to participation and drives people away.
As stated, you can do that if you want... With a standard installation, even...
Quote from: Kindred on July 13, 2014, 08:20:18 PM
As stated, you can do that if you want... With a standard installation, even...
How would this be done? It seems that it would be preferable to make a person wait for the first post than to make them wait while someone pours through ip addresses to see if they are a spammer. Generally it would take longer to approve the registration than the post.
You can configure post approval with permissions in 2.0, and have been able to do so for years.
As far as IP lookups go, it's not like Stop Forum Spam etc. can't be automated (because they can), necessitating not having to do manual lookups. And of course, good Q&A at the door has a knack of keeping them at bay anyway.
enabling verification image and question can help. I wrote a small guide on how I fixed mine here (http://projectnaija.com/topic/how-to-stop-spambots-on-smf/294)
verification image... aka captcha - is useless.
we have a much better FAQ here... http://wiki.simplemachines.org/smf/Spam_-_my_forum_is_flooded_with_spam,_what_can_I_do
(which was already linked to, above)
Reading through some of the topic here, would leaving questions only but not captcha be more efficient than just the captcha or efficient enough to leave the captcha out then?
I personally dislike when there are those annoying hard to read captchas on registration, etc, so I've left them simple because I'm sure I'm not the only one, and I don't want anyone to be scared off by the registration form, but then that wouldn't be of much use after all?
The forum has a bonus that it is not english, so could add any simple questions that anyone can get right and not be an annoyance, and still be too hard for a bot.
yes... I no longer use captcha on any of my other forums
Then I wonder why the smf site uses it? Way too many spambot attempts?
(And yeah, sorry about the "obvious" question, don't wanna confirm this one the hard way, I'm trying to "rebuild" the forum and not just move it, so that sort of things could cause quite some damage :P, also seems odd that most people use captchas and not questions)
because we have no other option in 2.0.
I swear, this has been discussed at least 4 or 5 times.
We know that captcha is almost useless. However, almost is not the same as completely... and if we prevent a few spammers by using captcha, then we'll take it.
We can't use questions here because this is a multi-lingual site... and multi-lingual questions are not a feature until 2.1
Ahh. I see.
Sorry, I usually prefer to read first and ask later but I have not really been having all that much spare time to do that. Specially when there's so much discussion around it, would take a while to read everything, didn't come across any message related to this on the parts I read :P
Was thinking those image-recognition captchas seem to be better as well, but it would probably be unnecessary effort to implement this if the questions are good enough (probably even better);