Yesterday, for the same reason as I posted the message about spammers and real names here
, I tweaked the CAPTCHA settings to make it a lot more difficult for bots to try to register.
It worked immediately, in the sense that the number of spammer applications fell by about three quarters, but I guess I've made it too difficult to read. I'll back it off a bit, between where it is and where it used to be.
We've had a few people saying they've been asked for confirmation codes, without being aware of any failed login attempts. It might be a bug. We're probably going to upgrade the version of phpBB shortly, so let's see if that gets rid of it.