If they are technically sharp and have access to a variety of IPs and/or computers, then you can never really stop someone from re-registering. However, a non-obvious cookie system can catch multiple registrations from the same PC.

In the long run, swift and aggressive deletion of posts and banning of accounts will frustrate these people. Each time, they have to set up a new email address, register a new profile, and then post... only to see everthing go away.

Other nifty techniques are putting the person on global ignore so that only they can see their posts, and simulating server problems on just their account. vBulletin has features or hacks for all of these, and I'm sure other forum software has some similar tools.

Other nifty techniques are putting the person on global ignore so that only they can see their posts...

i just read recently that someone has developed a WP plugin for this called "cave the troll"...

CAVE THE TROLL? An feedback on it? Would be nice to hear how it works.

I haven't seen this, but it seems like a lot of the WordPress spam is commercial stuff and coming in from various proxies, etc. A simplistic cookie-based system would seem to be unlikely to work very well.

Anyone tried this out?

Somehow or other, you know that these are the same person using multiple usernames and IP addresses. Therein lies your defense.

Figure out how you know they are the same person, and do the same in code. It might not be easy! Let us know how you know you have this problem and perhaps someone might suggest a system to mimic your own thought processes.

i.e. if you normally see a new member each week, and these ten arrived on one day - you could write code which only allows one auto-activated account a day; after that the accounts created on that day need manual admin activation.

If they are pushing the same sites, then add something to the form submission which deactivates their account when that domain name is mentioned.

Additionally, when you ban them, don't give them a "banned" message. This clues them in that they need to change to a new IP or get rid of a cookie.

You could do one of these things, instead, in descending level of programming difficulty

1) Only show their comments to them -- nobody else sees their comments. They don't actually know there's any issue at all. They think they're just being ignored by the other users.

Edit: I see now that this was recommended above. Teach me not to read the other comments thoroughly, sorry.

2) When they try to comment, automatically delete their comments after a very short set period of time

3) Redirect 'em to a mirror of the forum or blog that has no comments at all, so it looks like the site is deserted

4) Make the site "hang" indefinitely -- they'll think it's broken

5) Show 'em a page of obnoxious ads that makes it look like the site's domain lapsed

6) Give 'em an error message -- not found, bad request, etc. so they think the site's down.

Ah, fun with trolls ...

[edited by: Leva at 11:21 pm (utc) on Sep. 13, 2007]

7) and last, but not least - give em a page of Google Ads! :)

swift and aggressive deletion of posts and banning of accounts

Thanks for all the replies. I've been doing the above deletion of members and their posts, this seems by far the best way. They rejoin only to see their post deleted etc, many create Polls and input a ton of web code, again just to see it disappear.

They seem to 'learn' not to spam after about 6 or 7 re-submissions, so at this point I'm guessing the spammers could be getting the message, only to be replaced by another spammer and on and on hehe.

Currently getting about 30 spam posts each day, which is about 840 per month. Quite enough to nearly make me quit, the running of the forum may not be worth the trouble for what I get out of it.

One trick that's worked reasonably well for me on one of my sites is after the member registers they have to reply to a validation e-mail. So far that's fairly standard practice. But I go one step beyond that and let validated members know their account will be activated after it's been reviewed by a site admin. This gives me the option of deleting suspicious accounts before they ever get a chance to post. There is at least one admin on the site 24/7 and it rarely takes more than an hour to get activated. If someone can't wait that long they're probably just looking to spam your forum so good riddance to them.