How to fight spam

Hello,
I have dozens of accounts registering on diaspora-fr every day and spamming. I set the captcha to the hardest, banned weird email domains such as hotmails.com to register, but now I don’t know what I can do, they are using different IPs, gmail.com emails. I guess even e-mail validation would not stop them, even if we should probably put this in place at some point.
Any ideas, suggestions?

You might not like this, but the way to stop registrations is to close registrations. No matter what we do, any somewhat sophisticated attacker can bypass that - especially since the currently-known-to-me spam is based by real humans using real browsers to do real actions.

Yeah, I did that at the moment. The state of my DB is really a mess, I had to stop this. Out of the 70k registered users, I guess at least 20% are spam accounts. It’s a shame.

I have activated e-mail confirmation - the accounts will be activated.
They use a kind of temp/freemailer with changing addresses, so even a banned list of fake-mail will not get rid of them.
Mass-spammers I have stopped by allowing only a certain amount of posts per minute.
We probably never get rid of a certain amount of spam.

1 Like

How can you go through 70k users and expunge the ~14k spammers ? Does it help if we report them when we see them, or is that just more work ?