All right, like everyone else running eFiction, Ad Astra was being plagued with spam registrations. Sometimes this led to spam reviews, sometimes it led to them abusing the bio function on profiles, but any which way, it offered nothing to the archive. I did install an auto-reject for attempts from one of the threads currently in the graveyard, but that meant disallowing gmail, which was the one spammers preferred most.
Our answer? A sort of kit-bashed two-factor authentication!
Remember, first back up anything you do.
The first thing I did was wreck onsite registration completely! I went into the register.php file and blanked it. Utterly. No more registering through the front door on the site!
Then I created a Google Form and had it set to e-mail me. This only asked for name and e-mail, as well as a throw-away question about how people found the site. That means even if spammers hit the Google form, they aren't hitting the archive!
Once that was live and working and tested, I went in and edited the menus on all three active themes to include the registration on the top bar. If you've done any theme-building or modification of your own, you've probably already done this. But since all themes are different, I can't give you a step-by-step for sure.
Finally, I removed the link under the login to register, leaving only 'forgotten password'. And, of course, had my industrious and brilliant site engineer update our support site.
And voila! NO MORE SPAM! At all!
This means that you have to input all new users through the Admin panel, then release the name to the author. But if you're running eFiction and your CAPTCHA isn't doing it for you, or you don't want to babysit the site constantly, this is an excellent workaround that keeps the software more secure. So far, I've had four legitimate and one attempted spam registration. And the spam registration was easy to check: All I did was input the e-mail into google and get back a report from Stop Forum Spam, labeling that e-mail a spammer.
Anyway. Here's hoping this helps some of you fine folk out there. If you're not registering more than ten legit people a day, it's the simplest method I've found so far to keeping eFiction workable as archive software until a new version comes out.
