my forum is online from 2002 so there was lot of spam attacks on it, most are made by robots not humans.
We've tried several options like limiting guests from posting, turning on confirmation mails for registration, banning IPs.
But after all experiments our forum is using this:
- If it's robot attack CAPTCHA would stop them.
- There is no need to limit guests posting, just limit them posting URLs as spammers are coming for inbound links not to contribute some text... Some would try to post message anyway but this is what you have moderators for.
- We don't issue confirmation mail as such protection seems to be overridden by most spammers, just CAPTCHA code and if spammer is really annoying banning his IP should help.