18
Heres something for you to ponder on.
Ive been testing something out on 2 of my sites.
Site 1:
Has Captcha on registration
Has not banned the list of email addresses from abuser
Has RBL plugin for protector running
Site 2:
Doesnt not have captcha
Has banned the list of email addresses from abuser
RBL plugin for protector disabled
The abuser we have all been talking about has managed to sign up to Site 2 even with all the email address banned.
So here is a list of things I would apply (this is only my opinion tho, what you do is up to you).
1. Install Protector
2. Enable RBL plugin for protector (may slow site down, if its impairs your site performance the simply disable)
3. Install Captcha on registration (Also have a form available that people with Visual Impairement can fill in to sign up)
4. If a Spammer signs up, check the IP address of the sender in the email you get when a user signs up and ban the IP block using .htaccess file. In the case we have been talking about the senders IP address always matches the main IP used to spam and not the multiple addresses.
5. You may want to consider using .htaccess to ban ip adresses instead of protector as protector uses your MySQL database (dont know if it uses it when checking banned IP's, can someone confirm). You may not want unwanted IP's to make queries to your database especially if they are bots.