[Lazarus] Forum under attack

[waldo kitty]

On 1/11/2011 11:48, Razvan Adrian Bogdan wrote:
> On Tue, Jan 11, 2011 at 6:40 PM, Helmut Hartl <helmut.hartl at firmos.at
> <mailto:helmut.hartl at firmos.at>> wrote:
>
>>     Diversification is as alway the root cause of all evil.
>>     In that case diversivication between poor and very poor.
>>
>>     http://www.blackhat-seo.com/2009/captcha-farms/
>>
>>     The only real solution is personal verification of all forum users.
>
>   Maybe the admins/moderators should be able to mark users with a class/level of
> trust and at critical times simply delay the posts from those newly registered
> until they are manually reviewed and their profile is validated.
>   As always manually verifying is time consuming and almost nobody wants to do
> it but in the case of Lazarus/FPC the number of users is not that large.

i forgot to add to my previous post that we also do this... new users sign up 
and validate via email and confirmation... then their initial posts are 
moderated until X number of valid ones...

one can also easily find the automated bots trying to stuff the get/post vars 
because they rarely simply get all of the forms in the proper sequence... this 
is one of the basic tenets of  my IDS/IPS rules sets for this particular activity...