First of all don't allow POST as the first request in a session and/or the dude that has recently registered cannot use the post/reply feature till some cooldown/delay runs out.(for example: Dimitry Tzimiskes has registered at 10:00AM and wants to post something, but he is not allowed to because of the post-cooldown. So he will be able to post/reply after 5 hours or some certain time.)
And/Or-require a valid HTTP Refer(r)er when posting.
That likely wouldn't affect them much. Since the person/program already makes the accounts then starts spamming at a specific time, they'd just have to increase how long after creation they start spamming. Also 5 hours would likely really annoy anyone who actually wants to sign up and post.
]]>I wish there was another, more clever way around this.... hmm.
]]>Why? Because these spammers are HUMAN.
Well, at least the people creating the accounts are human.
So, the only way to stop them was to make it too much of a pain for a non-TCD human to get through. These human spammers want the most bang for their buck. A captcha is fine.... having to go out to the wiki to look up an answer actually stopped the spam cold!
Well, until now.
]]>