A couple people have asked me to post here so I will.
It is in fact bots. It's not really a big deal since there is no benefit the bots can gain by having an account. If you don't have a key you can't edit your profile, so there is no visible link to boost search engine ranking to their fraudulent medical site or whatever. The only cost is a relatively small amount of server resources. At some point I will make keys required to register although I'm afraid that might reduce conversion.
What this shows is that OCR has advanced to the point where recaptcha is now useless. Personally, I have noticed around the web that captchas in general are getting more difficult, to the point where I cannot solve them reliably. Bots of course can try 50 times in a row without getting frustrated but I cannot. Captchas are now doing the exact opposite of what they were intended to do.
If you don't run a website you probably don't realize this, but the general state of spam on the internet is terrifying.
I have exchanged email with an above average number of people. Probably around 5,000 or so. Once you reply to a person, they are considered a "contact" and future emails from them are less likely to be blocked by the spam filter (makes sense). So when someone who I have exchanged email with in the past has their email account hacked, I get spam from them in my actual inbox which I then have to manually flag as spam. There was a point where I was receiving hundreds if not thousands of such spam messages a month. Every one of those messages represents a hacked email account. I would estimate that total percentage of hotmail/yahoo/aol/etc email accounts that are compromised to be in excess of 10%.
My blog,
badspot.us, gets about 10k visitors a month. I have a custom anti-spam system that will automatically ban any IP address that posts bbcode or html. It also checks a 3rd party database containing millions of known spammer IP addresses and auto bans them when they post. I also have a magic button that will delete all posts made by a given ip and ban the ip. After an IP address is banned, I have a hit counter that increments every time that IP address attempts to post.
The total of all those hit counters is currently 107,775
And that does not even include all the posts that are pre-filtered for containing popular keywords (drug names mostly). Including the prefilter the actual number of spam posts attempted on just my blog is probably in the millions. The posts that get through now don't even serve any purpose for the spammer. They're just stuff like "nice site! very inorfmatvei!" or copy-pastes of other posts from the internet. It's just a broad scale global crap-flood of the entire internet. That's what we're seeing with these forum accounts.
