Alas, the forum has been discovered by spammers, as this post shows… Well, perhaps it does qualify for the Miscellaneous section as "anything not related to development"; nevertheless, it feels wrong to me. With all those Yii-based blogs out there (and mine in-the-making) perhaps this is an opportunity to discuss anti-spam techniques?
Well spam is spam. We had little spam here before, no big deal yet. As you can see re-captcha is used on register-page, that will/should block all auto-spammers. The thread in question was obviously created by a human. So all we can do is marking those threads as spam, then they get deleted.
Well I for example have dynamic ip. Every 24 hours I get new ip or I can request a new one by reconnecting to the internet. That would mean to block me, you would have to ban a whole ip range 84.128.***.***. That means you would probably block others as well. Also I could just use a proxy-server to signup here and then post something (with completely different ip). Another problem is that some users use a global proxy (for example from AOL) and they have same ip address as well.
The captcha on signup-page is enough. You can’t do anything against threads started by humans except deleting.
I was going to suggest you remove the re-captcha on the registration page but looks like my timing is probably off. Not the time to convince people that captcha as a technique is useless as security unless it is completely unusable by a human and just gives a false sense of security. It is far better to use a behavioural approach especially as you already require registration and email confirmation. An example would be limiting functionality for new users like max 3 posts per day.