I’ve been wrestling with registration spam on a site. I don’t have the luxury of controlling access with private registration/invitation codes, but I am employing a strong CAPTCHA, so I can only assume that if they’re getting in, there is a human involved for at least some portion of the registration process.
But, the convenient thing is this: All these spam accounts have certain things in common that distinguish them from legit members:
* authcode is NULL (for legit members, it is blank)
* bday_d, bday_m, bday_y are all set to 0 (for most users, these are NULL)
* language, timezone, and time_format are all blank (for most users, these are set to real values)
* The profile fields (i.e. occupation, interests, aol_im, yahoo_im, bio, signature, etc.) are all blank (for legit users, these are NULL)
Can I assume that these differences are the result of whatever automation the spammers are using? (i.e. When they POST to the registration script, they leave these variables out?)