Those trolls should be boiled alive and fed to urchins. Spammers suck. Good luck getting rid of them. They sometimes seem pretty clever. But usually will move on rather than fight anything that changes soon after they start. There is always an easier target out there.
I have added some extra code to hopefully prevent spam account registration. If this does not solve the problem I will put measures in place to prevent spam thread creation as well.
Any script doing that would be considered a keylogger. And I would take great offense at any site using keyloggers on the users for even legitimate reasons.
On RPS, they are part of the landscape... It's almost fun there, but only almost. I guess a lot of people have gotten themselves an infection there, would be good if you could get rid of them. A first-post approval hell? Any user registering can only post in a special subforum, and only once 2-3 members approve a post they can go on to the real forums. Might make the entry barrier too high though.
Hm. I find stuff like that is prone to not working. One author whose blog I've posted on a few times uses something very similar (but it's a case of "drag the correct image to this point") and for a long while I was unable to post as it was bugging out. It may have improved or that one may be different, though.
To give more context. I'm hoping to only apply advanced spam detection on account creation. I would really hate for users to have to solve one anytime they post.
I like the KeyCaptcha. It works and does not try to convince me I am a robot by failing to work with what it actually looks like. (I just wasted an hour looking for an image I once had of a cartoon where someone attempts a captcha and determines they must be a robot.)
I think this one might be worth trying, Sir Derek. Though I'm worrying about people who aren't able to make movements precise enough to get over that one...
I just tried the demo and you don't need to be perfect. As long as the pieces are close to the correct position it will say okay. I think it would be a good vetting procedure to determine if they are a human setting up an account. It might need more than 2 or 3 pieces of an image but should quickly lose the bots.
It would be better if it occasionally put a piece from a different image there to fool the bots. Normal humans could figure out easily enough that the extra piece is just that, but a bot would probably try and fail to connect it somehow.
If someone cannot figure out a captcha after several tries, they are not capable of intelligible posting anyway.
And who from us is capable of intelligible posting? But I like your idea of using a captcha as an anti-moron barrier.