Wow. I had not heard of this downside with Drupal, which has gotten great endorsements from my other web friends. I wonder if they are working to either tighten up the security on the installation package or at least create an easy plug-in to handle this issue for webmasters. Do you have it under control now?
One thing that completely blindsided me when I switched the site to Drupal was the spam problem. I never needed an anti-spam system when I used CPG-Nuke. It was rare enough that I could handle it manually.
Within a week of the site revamp, I was seeing about 50 fake user registrations per day. I installed the Mollom module for Drupal, and it's been a lifesaver. Yesterday it blocked over 700 spam attempts.
To put that into perspective:
- On a typical day, BodyInflation.org will get 2-4 new users.
- Over 99% of attempted user registrations are fakes.
- Without filtering, it would take less than 10 days for fake users to outnumber the real users accumulated over 8 years.
The problem got markedly worse about six months ago. I don't know what's causing it. I just hope there's a special place in hell reserved for spammers.