Blog Post

Throttling user registration

This morning we woke up to a massive and ongoing stream of spam registrations here on We're going to limit new user registration until the wave subsides (or until we can get CAPTCHA working better). After you sign up, one of us will manually approve your account, which can potentially take a couple of hours, or longer if it's after business hours. If you would like to register and can't please contact us and we'd be glad to create an account for you. 

This is just a temporary solution. We're sorry for the inconvenience.



We have tried a variety of solutions, but haven't been able to stem the tide. I have taken the added step of disabling the website field on the registration form as I've heard this can be an attractant to spammers.

If you have attempted to register on the site since 7 am this morning, please accept our apologies as your sign-up may be lost within the deluge (currently 10 - 15 new registrations each hour). We will get to you eventually.


A technique I've found effective is to add a simple question to the registration that only a human can answer. A revolving series of simple math questions (like 2+3=) seem to work very well. I don't know how automated the spammers registering here are, though.


Another update: we've tried a variety of tools including a simple image-based CAPTCHA, reCAPTCHA, Mollom, and the math-based CAPTCHA as Michael sugested above. None of them have stopped the flood of registrations because the user(s?) are completing the CAPTCHA test correctly.

We are still trying a variety of different solutions including other Drupal modules and workarounds.  Meanwhile anyone who would like to create a new account, should contact us directly because we are not able to review the registrations currently.


We are still receiving a constant flood of new user registrations, but I have channeled them into a request form so that fake users don't clog up our system.

Meanwhile I have receive two strange e-mails about the situation, claiming that we're just the victims of innocent "link builders" who are legitimately trying to capitalize on our Google ranking. (See backlink in Wikipedia.) I'm sorry but this is just a polite description of comment spam. I'm pasting one of the messages below in case anyone who knows more about this area can shed additional light.


Just in case you hadn't already figured it out, the spam isn't an automated bot process.
What's going on is something called link building;

Bascially, because Hastac is highly page ranked, dropping links on a created user profile can seriously boost organic search ratings for the websites linked to.
In every single case, it's a human undertaking this task to benefit their own or others websites.

Changing the CAPTCHA technique won't solve a thing.
By making an announcement that you don't wish for backlinkers to register, that should quell the "spam" registrations, since most are very much white hat and will respond well to such a request.