[pedigree]

Quote:

Originally Posted by skippybosco

Sorry, I should have been more clear.
2) The notion would be that it would only check posts/pms for users that belong to specified user groups. This supports the notion of using promotions on your site to identify trusted users (ie. registered users versus trusted registered users (after 6 days and 3 posts or whatever your flavor is)

3) Contact, yes Contact Us. The understanding being that if you enable this you have prevented users from contacting you if they are incorrectly banned. Mitigation could include javascript, image based or some other obfuscated version of your email in the failure message)

2 - There is an option in 0.7 to put new users into a specific group. You could use that to apply filters against. Ill have to up the database cache time incase Russ at sfs.com gets hammered/DDoSed by large forums that leave users in a group like this. Maybe I could include a "cut off" period for users in this group, where it doesnt check them if registered over 30 days (or X) days ago.

What I could also do is add a cron job to pull the daily IP ban list and put that into the cache. They should catch a lot of spam without the necessary remote queries. Its a fine balance between protecting against spam and DDoSing the limited resources of a one-man free website

If Russ was to move the lot into DNS instead of XML/HTML, that would make things a lot easier as he would have DNS servers caching data

3 - I believe captcha can be enabled on the ContactUS page but as the loading would be much less on this page than people posting into forums, I dont think lookups would be a problem here.