I suppose it depends upon how sophisticated the spam bots you are dealing with are and whether they have human assistance.
We originally used phpBB and applied various anti-spam plugins, including some modifications that were made manually to the php code (including honeypot fields that were hidden with CSS) but the bots kept spamming it regardless.
I guess there is a sense of "we know this is a phpBB therefor we must be able to spam it so keep trying" vs "I don't know what this is","can I POST this form and see instant results?","no?","give up then".
If it had been a larger forum then I'm sure these tactics would not have been effective regardless since we would have suddenly become worthy of having a custom spam bot written just for us.
Those tactics are somewhat extreme, in many cases just giving form fields weird names has good results. Of course there is the problem of "what is bad for spam bots can be bad for screen readers".
We originally used phpBB and applied various anti-spam plugins, including some modifications that were made manually to the php code (including honeypot fields that were hidden with CSS) but the bots kept spamming it regardless.
I guess there is a sense of "we know this is a phpBB therefor we must be able to spam it so keep trying" vs "I don't know what this is","can I POST this form and see instant results?","no?","give up then".
If it had been a larger forum then I'm sure these tactics would not have been effective regardless since we would have suddenly become worthy of having a custom spam bot written just for us.
Those tactics are somewhat extreme, in many cases just giving form fields weird names has good results. Of course there is the problem of "what is bad for spam bots can be bad for screen readers".