Hi

Was having spammers ruin my site using Xoops 2.4.4 so I upgraded to 2.5.3 the other day so that I had some CAPTCHA options to ensure only humans registered.

However, the spammers are still getting through! If you look at my 'Recent Members' block n my site (http://www.lost-doggies.com) for 7/10/11 I think all of them are spammed accounts added since two days ago when I added CAPTCHA

How are they getting past it and how can I stop them? They surely aren't manually registering, and I don't really want to have approve registrations myself because I am often away for a few days at a time and I don't want genuine members to have to wait to upload their lost dog reports.

They may very well be manually registering.. Most captchas have been broken by software means as well.

There is no ultimate protection other than vigilance.

which version you have a profile?

you can try to disable the first step to save and enter a mandatory field in the second step

If your server has CURL php extension, you can enable 'stopforumspam' in protector preferences. It will filter 90% of the spammers that break captchas.

You can also add extra protection by checking if the user(spammer) accessed register.php directly (without clicking on register link)
You can edit profile/preloads/core.php and add this extra method:


This code will empty $_POST when direct access is detected and spammer will not be able to commit any data. This approach will filter 90% of the remaning 10%. You may still get spammer accounts, but they will probably be done by real users.