bots making accounts on my site?

[jwk811]

theres a bunch of membership sign ups on my site. they make their account, verify their email and never come back. i can tell they are all similiar because their passwords are always 10 random numbers and letters and their usernames have a similar style.

 

jw if these are bots and if so what the hell does that mean?

 

thanks

[mapleleaf]

Keep track of ip,user_agent info and the time of registration. Often bots will do lots of activity in a couple of seconds.

At least this will help you know what you are dealing with

You could also block bots by browser string. Java.... is never a user agent you need on your site. Some are malicious.

[jwk811]

i dont understand

[premiso]

If they are bots, you can try and implement reCaptcha to at least slow them down in their user creation process.

 

But if they are spam bots, ips etc is not going to help. They generally use proxies and generate a new ip for each new account etc and user_agents are easily spoofed.

[Alex]

i can tell they are all similiar because their passwords are always 10 random numbers and letters

I know it's not directly on topic, but you shouldn't be storing passwords like that. It's very insecure and no one should register on your website if that's how you're storing passwords. I know I wouldn't. Instead you should be storing a hash of their password so that if your database is compromised the passwords are still protected.