Drupal Association members fund grants that make connections all over the world.
We are getting about a dozen spam user registrations per hour. This spike in spamming is over the weekend. Prior to that it was maybe a few a week. The user registrations generally follow the pattern of registering, posting some spam links in their User Profile, and never logging in again.
1. We have already implemented Mollom, and then switched to Captcha, and then reCaptcha. We have tried image puzzles, math puzzles and word puzzles. None of them have prevented user registration spam.
2. We do have email verification in our Drupal user configuration.
3. We are currently running 6.17 and there are no modules with a "security" upgrade required in our Upgrade Status report.
4. The only way we have found to stop the spam registrations is to set registration to "administrator only" which for our site is only a temporary solution. Our business model demands that legitimate people be able to register for an account on their own.
Whatever techniques these spammers are using it is circumventing our measures to stop them.
What next? Any tips on how to stop this nonsense?