Two of my communities were attacked by spam bots earlier today. Get this, they register 80 accounts (per site) and make hundreds or thousands of posts within minutes. They make one post per basically every thread on the entire website.
I had it cleaned up in a half hour. First, I went ahead and turned user e-mail activation on, so that they couldn’t do it again (and probably won’t be able to do it again). You see, they register all these accounts with bogus e-mails. So, if they have to confirm them via e-mail to post… they’ll never be able to post. Then I have a nice phpBB hack installed that allows me to delete all inactive accounts with a few clicks.
Anyway, back to today. I found a hack that would allow me to delete all posts made by a certain user. They had spread their posts out across maybe 80-100 user accounts overall, so I just did each username individually over and over and I was done in a little while. Then I deleted all of the bum accounts with a query in phpMyAdmin.
I now have e-mail activation turned on at all of my communities and I recommend that you do the same. I used to say that small communities should do without it, but I’ve changed my tune. The good far outweighs the bad. These guys try to register accounts on my sites all the time, but because I have the e-mail activation turned on and that hack installed, I can delete their accounts within 30 seconds. Piece of cake.
Some people have too much time on their hands.