As some of you may know, I am a college student, which hampers my ability to work on this script throughout the year. However, summer is near and I am mostly free (will be working through June and some of July) to finally finish version 5.2.0.
Here is my current todo list
. There are a lot of minor enhancements there, but the main problem is spam. Nothing else really matters. So here is what is being done to battle spam:
By default, new members must be approved by the admin manually before they are listed. There will be an option to change this.
This should make it less worthwhile to spam lists. I don't know if it will have any affect though, because there will still be lists without the manual approval activated. Also, spammers might see value in just getting their url in the approval queue, even if only the admin sees it.
A new captcha (demo)
It includes multiple fonts, better background noise, and character rotation. This might buy us a little time, but I am sure spammers will crack this captcha as well.
Banning by URL, IP, username, and email (with wildcards)
URLs, IPs, usernames, and emails can all change. I don't think this will do much to stop spammers. But people have been asking for it, so why not. This could be used in conjunction with a centralized blacklist, but I fear that that list could grow so large that it would become unweildy.
Security question (something like this)
This will be disabled by default, because if I seed it with default questions it defeats the purpose, but admins will be able to enable it by adding a question that (hopefully) only a real person can solve.
Ultimately, these methods are probably flawed and will probably be cracked. So if anyone has any other suggestions, please suggest them.