The only problem is that spambots are starting to defeat captchas. So it's not a permanent solution.

Depends on the complexity of the Captcha. Very simple ones are easy enough to break using OCR and color differences, but ones with more bends and confusing swirls quickly become too complicated. It would be far easier to hire 100 people to answer captchas handed to them, but i doubt we're dealing with more than 4 separate human spammers...

Of course there are people who will work basically for dirt cheap depending on where they are at, like in Mexico...

This is the one I mentioned. They're appearing on many sites now and are very friendly to humans. Even on touchpad devices. Apparently quite effective too and can't be easily beaten by OCR.

http://googleonlinesecurity.blogspot.ie/2014/12/are-you-robot-introducing-no-captcha.html

Or porn viewers, it's said. (The link is from 2004, of course, so perhaps things have moved on since.)

That looks like an excellent solution.

Interesting...

Naturally making the Captcha have a very short life span would help prevent this, although if they do something else i'm not sure. But that's an interesting way to get free help for bots...

Although i wonder if verification of an email account would help... More specifically they ask for verification, then a second verification, or even a third. If they immediately throw an email away after a single pass it would ruin the verification...

Or they could always go to requiring phone verification which is a lot harder to fake because there's a limited number of phone numbers you can enter or have at one time, and once there's an overlapping number, it won't work anymore.

True, but it raises the bar. And that's really all you can do without disgruntling legit users.

I'm still wondering as of the "Why". Obviously the spam makes no sense:

1) SEO? The bots can't post links, and even if they could - the frequency was much too high. Google and co will actually lower your ranking if they detect link farms and mass spam like this. And they are pretty good in detecting it.
2) Advertisement? As with spam mail for Viagra and penis enlargement it could be worthwhile if only 1 in 100.000 actually goes to the website and buys something. But here? There are no Korean users (that I know of) here. There are some from China and a handful from Japan and that's all I've seen from eastern Asia.

So what then? It was either a malicious attack aimed at gog.com, or a shotgun blast at the internet. What does Google say?
(see attachment)

We learn that we're not the only ones. BamWar has become poetry *LOL* and even the Ubisoft forums have been hit. There are all in all 12 pages in Google referring to the bot.

My guess is that someone bought a bot like XRumer complete with a set of plugins including gog.com. Gog must have an extra plugin since they don't use standard forum software. Then someone configured the spam text variations and simply checked the boxes of all plugins and fired away. Probably some poor script kiddie living with mom and earning a few cents with it.

For those who are interested in such things, the bamwar domains are registered by a Japanese registrar from Chiba province under a Korean disposable email address. Names given in the Whois are Japanese.

Script kiddie... I'm reminded of how much trouble some of the nuke programs caused for networking back in the late 90's, so called 'hackers' with no knowledge of how the system worked but using a program designed to circumvent specific weaknesses...

And XRumer... Geez... 170,000 answers to common questions to quickly circumvent Captcha... Uggg...

It's this kind of shit that will probably cause SOPA to kick into effect.

The pest of the internet right out there in the open with a price tag and a buy now button... *yuck*

Sadly, you're probably right. Until we overhaul the system (both email and HTTP), we will remain vulnerable to that nexus of human failings - greed, ignorance, and indifference.

All spam should be forwarded to the site(s) that provide this kind of software; All of them. Let them see the monster they created...

Sadly I don't see that coming, at least not even medium term. And even if - this will be the foot in the door for new proprietary protocols owned by big companies and walled off with patents and an army of lawyers.
They have contact page with email addresses... Hmm...

Well email would be rather easy, just requiring a PGP key attachment and signing the message would ensure it came from a site.

HTTP, i don't see changing... but TCP/IP could include a few extra security features to ensure it wasn't changed in transit, although for proxy and forwarding i'm not so sure...

I agree, it's a pipe dream to think it will ever be overhauled in a good way. Any revision will be viewed through the priorities of the corporations and governments first. Spam is just one of the many prices we pay for freedom, in the end.