[You're even more of an addict than me! :-)
--Phil.

I just read something about that.  Supposedly it's the same sort of addiction as a slot player.  Each time you visit it's like pulling the handle, and the jackpot is a good posting to reply to.

I'm keen to minimise the impact on legitimate new (or existing) users. If things get "bad enough" I guess we could consider moderation of initial messages but my suggestion would be to see how long the "deletion regime" remains effective.

I tend to agree, if the sign-up process is too invasive, I generally don't sign up for a site.  One forum I'm on has an initial period where you can't post links, can't sent private messages, etc.  I think their threshold is 10 legit posts.  

But for now I'm just enjoying my spam-free Arduino experience, so thank you, Phil .

And for the record, I'm in Eastern time in Canada

Phil, the improvement was almost immediatly noticeable, thanks for volunteering. I will help out if no-one else steps up. It would be useful if the other mod was in a very different time zone to you, are you are in the US?

I did notice the improvement right away, even without knowing it was Phil at work.  It's so nice to go to that forum and not see spam as the top 20 posts.

I wouldn't mind helping, but you're right about the time zone issue and I am in Canada.

This is getting really bad, we're past the point of it "not being a huge problem"  and might be getting to that "90% spam 10% content ratio" that Massimo talked about.

FWIW, I'm willing to help any way I can.

The attacks Arduino.cc's has been suffering, are Bot attacks, and bots "cannot" navigate sites protected by "good" implementations of CAPTCHAs, such as the format used over at Yahoo.

It's trivial to break any captcha.  You simply link it into a "free porn" site and have users answer the captchas.  They type the captcha, the bot automatically enters it into the victim site, and if it's right, the script lets the viewer have their porn.   There is no such thing as a good implementation because any captcha can be defeated with this sort of attack.

To be honest I don't understand the reluctance to enable a couple of people to implement this. Is there something about the situation I'm not understanding?

From the point of view of the core team, Arduno is their baby, the built it up, and it's very hard to let go of control.  It's the same sort of feeling that parents have as their children grow up.

As the Arduino community grows, I suspect it will become more and more necessary to have some help, but I can certainly understand the reluctances of the core team to give up control of their baby.

I'd say just be patient right now, they are dealing with the spam.  The only real downside right now is they're spending time that could go into helping users or further developing Ardunio on deleting spam.

As the legitimate user base grows, it's not simply deleting spam, but more subjective things mods would have to do.  Moving threads to more appropriate forums for example.  Should a mod only delete spam or a grossly off-topic thread?  Where do you draw the line?  

what about to use a captcha system for the borad?

http://www.yabbforum.com/community/YaBB.pl?num=1186785854/0

I'm not conviced captchas work, when I added them to my own site it barely slowed them down.  Though by the time I added them, I was getting about 200 spams a day and legit traffic had pretty much died out.

From my experience though, it is important to do something more than just deleting the spam.  It started out as a trickle on my site, and grew and grew until it was almost a full time job deleting them.

Use a static variable in the interrupt handler to store the current status.  Have have the interrupt occur every time the blinker status needs to change.  Then all your handler has to do is check and then change the status and toggle the blinker.

I'd like to hear more about the application.  I can't think of a good example of when it would be a good idea to have a delay in an interrupt handler.  As Bens says, interrupt handlers should be as short as possible.

If the old method was still supported and the change was clearly documented in the code and wiki then I don't think it would be a great inconvenience to existing users.

Is there a way to delcare library functions as depricated?  So for now printIn will raise a comple-time warning to change your code.  Then 1-2 years from now, take it out completely and let is raise an error.

Does YaBB keep track of poster's IP addresses? We could start blocking ranges of repeat offenders.

I'm sure it does.  But based on my experience with spammers, there are no repeat offenders, they use a distributed spam-bot network.

They're exploiting a known YaBB vulnerability, the attacks will stop with captcha added into the registration process. The board isn't just being spammed, it's being flooded - captcha will plug the hole enough for it to stop.

Interestingly, my site was 100% custom code.  I had what was effectively a multistep process to post anything, the data entry form generated a unique ID that had to be submitted back with the form and each ID was good only once.  I thought that would stop automated spamming, but it only slowed it down very briefly.  Even when I changed the format of the ID to try and break a parser it made no difference, so I really don't know what they were doing.  When I completely deleted the php file that had the code to write my database, the spam stopped instantly.  When I put it back a few weeks later, it restarted almost as instantly.

Unfortunately the spam has disappeared, next time it shows up (if it does) I'll take a look at what they're "desperately" trying to tell the world about. They're not impervious to detection, that's why most of them get caught... eventually

Wow, how'd you get it to disappear?

I have a moderated area where posts don't go live until I approve them, I've been ignoring it because I have better things to do than delete spam, but it's growing by about 300 spam aday right now.  These posts never show up anywhere on the web, not even a hidden admin page, yet they keep flooding it.

Adding captcha with new registrations will render the forum a "less easy" target, and like house thieves, they'll move on to easier pickings.

It already has email verification now, so I don't think a captcha would offer much more help.  I'm all for trying it, but I wouldn't expect it to be any good.

It's possible to track the domain the spam is referring to, find out who the host and ISP are, then file a complaint with interpol.

They usually link to an IP, not a domain, they have a very, very large botnet pool of IPs, and even if they use a domain, not all countries respect our views on spam and the domains can be registered there.

These attacks are worthless if the sponsors of them are tracked down and hunted like the dogs they are. There'll be a site that's benefiting from the clicks, and that's your culprit.

It's not often that simple either.  Some of the ways these spammers profit is to sell traffic to a domain to boost the domain in google rankings to increase its resale value (who do you report it to?  google doesn't like to listen and the domain will be sold to the victim by the time anything happens), or selling scam goods like illegal software on a site they set up in 10 minutes and don't care if it's taken down.  Or they force malware onto your computer and get paid a per-download fee from the malware authors.

Fighting spam just doesn't work on the level you're talking about, by the time you track them down and get someone to do something about it, they've moved on 10 times already.

Captchas don't help as well as being universally despised.  

Anything to force human interaction is trivially crackable.  Set up a site where you offer free porn, but the user has to solve this test to prove they're human first.  Then have your script substitute in the test from the other site.  It's being done that way on a massive scale now.

[10]

What is going on with the forums?  I woke up this morning to 15 "new thread" emails, 10 of which are obviously spam.  There doesn't appear to be a way to report a post or thread to an administrator.  Is someone aware of the problem?  I think this forum's on the verge of getting completely overrun with spammers.

I don't know what the solution is though.  I used to run a community-drive site, and I had to give it up because it got to the point where it was 90% spam and taking me hours a day to delete the spam.

Captchas aren't very effective, and nobody even had any other suggestions.