We had a disturbing new phase on the NMC web site a few weeks back. Over a weekend, our office reported a flurry of about 200 accounts created. What we found was that real humans (because they got past a captcha) with real email addresses (because we send passwords to an email address) were logging into their NMC web site accounts, and editing their profiles to include links to the usual steaming pile of spam web sites, again seeking google page link. Some of them were using actual photos to make their account look more “real” (the links they put in profiles were dead give aways).
There were all kinds of emails used (a lot of gmail but many others) and the IP addresses I could trace were random.
Our spam heroine in the office began deleting the accounts as they were created, but that’s not scalable or sane. The first line of defense (not the best) was to edit the drupal access rules to not allow access based on the email patterns we were seeing. That put a dent in it, but did not wipe them out.
They only thing I can think this is happening, is that somewhere, there is a human spam factory, some poor suckers making rock bottom wage to log into web sites and find places to create accounts/insert desired links.
My new wall has been to add the drupal Path Access module (which requires Role Weights, do you think the module sites will ever list dependencies?) to prevent access to basic authenticated users to edit profiles (blocking path to user/*/edit); and lighter (higher) role weights to the roles that I do want to allow access.
But worrisome- if there are places where spammers are paying people to enter content, captchas lose their value. If I could regain all the time I spend dealing with spammers, I could retire next week.