How can I prevent SPAM users from signing up?

Question

I have a website that is starting to grow but with that comes users who continue to signup and send SPAM messages to other members. I currently use google's captcha API service but if a user creates an account manually then it's of no use. My main problem is after a user creates a fake account they start sending duplicate messages so my thought here is to check with some PHP code for similarities in messages and deny them after x amount sent but I'm not sure how much of a load this puts on the server. Is there a way I can maybe grab the IP when they signup and ban that IP if they start spamming people. It's driving me nuts because I spend almost an hour a day now cleaning up SPAM and removing invalid users. Have others run into this and what measures have you taken?

Answer 1

There are various solutions but none of them work perfectly, It would be best to use a combination of solutions.

A few solutions:

• Enforce a time limit for sending messages (1 message per 30 or 60 seconds)
• Use the PHP function similar_text to check a new message against the last sent message and deny sending the message if the similarity is above a set percentage (I would guess above 70%)
• Use CAPTCHA's if a user sends a lot of messages during a set time
• Keep a list of IP adresses ($_SERVER['REMOTE_ADDR'] tells you which IP the user has) in your user database and keep a ban list which you then use to check against when a user registers to keep them from creating an account.
• Give your users a report button which notifies you of spam
• Automatically Temp-Ban a user when he/she is reported often
• Also keep a ban list based on the email address of users (It takes more time for a spammer to create a new email address (only do this with confirmed email adresses as email adresses can be hijacked)

These are only some of the available options, just try to make the life of a spammer as hard as possible.