Could it be php? The following php board has that feature.

One way to prevent this is to require email activation. When the account is created do not activate it immediately. Send an email to the address given with a link for the person to click that activates the account. Then just set things up so that the accounts that don't get activated after a certain number of days have passed are deleted.

To activate your account

how very informative fr0stx

problem with email verifation ONLY is that bad people might clog up your mail server with fake e-mails. then you might get lots of emails from people saying thnigs like "what are you sending this to me for!" best is grfx check and e-mail

The only thing that the graphics feature does is prevent automated scripts from exploiting the registration. It can't stop a person from sitting there entering it in. So even with that feature a person can clog up your mail server.

The main point here is to prevent the creation of an account as the subject of the thread states. Spammers are usually the ones that wish to create the accounts especially if it is to a site where they can publicly post things so they can spam.

With email verification only this would prevent that as they would need a valid email address to activate the account and that makes things much more difficult for them as well as leave a trail that can lead back to them in the case of a criminal investigation.

knew i'd forgotten something timelock the registration form so you can't reuse it for a couple of minutes or so. any one else got any orther measures you could add to this forteress?

thats ok but would require sessions/cookies/IP Tracking. If you locked the form for everyone then you could lose the chance of more members.

Sessions - Close the browser, bye bye session. This wouldnt prevent much.

Cookies - Just delete the cookie or dont accept it in the first place.

IP Tracking - Could be dynamic IP, or could re-connect to the internet. Also though, if more than one person on a network wanted to register this could be a problem.

oh sorry my mistake.. i thought it was verfiation new account

no probs fr0stex. just try and read whole post.


@missing score: well theres always a hole in every kindof protection of this sort, but hey, why make it easy for the losers

True... just becuase they have disadvantages doesnt mean you shouldnt use them (i often implement one of these methods, if not more), becuase its not going to reduce security and like you said, people who have no idea what they are doing will not be able to get very far, I just think its important that people know that these methods arent going to stop someone who knows what they're doing. eg: When I began coding, I thought that the IP tracker was this amazing tool that would stop everyone dead in their tracks, but now I know different.

First of all, woah...i just would like to take this opportunity to thank all those who has replied me... THANK YOU!!

Len Whistler, i went to that link, it has the feature that i want to develop? Any ideas on how to do that, a link maybe?

Spookster, we already have the email activation system up and running...thanks for the effort though!

whackaxe, you got what i'm thinking...actually by implementing the dynamic image generation algorithm , our system will still be populated by the fake emails, if there are some useless ppl who has too much time, to register again and again and again...i'm interested in this dynamic thingy mechanism because other programmers can't simply create an algo just to attack my registration script (the script that is used to create the user accounts)...

Spookster, and again...the way you think is totally the same as me!!

Actually all this stuff is to prevent some programmers that were hired by another ppl to attack our sites...Myself, i don't believe that ppl will be so free enough to create and create and create a new user account...It is taking too much time...(so this is not a possiblity). The main idea is to TRY to prevent malicious codes from attacking our sites...Don ya all think so??

The link i posted contains every line of code you need...
If only life would be that simple...

It's a necessary measure and it looks sprofessional and creates some nice illusion of safety to some users, but it wouldn't stop me and a few thousand otrhers, from bringing down your server r hacking into your app. Like others said here : you need to apply all defenses you've got against DSO attacks, brute-forcing and fake registrations.

But most importantly : be sensible !

Don't create to much fuss if there are hardly any fake registrations. Checking up on things, monitoring which accounts are actually activated and used, don't allow hotmail-adresses, require people to accept cookies, checking your loggs etc are much better defences then automatic checks ('Human interfaces' still rule! You'll never be able to beat the robots that determined and skilled people let loose on your site. I wonder, how many people would be able to write/adapt a tool to read a gif and do some pattern recognition to extract the numbers and letters from it?)

just my two cents.

raf, thanks for the two cents...your point of view is very much taken into consideration. Thanks again for the informations.

Still i'm keen on implementing that nifty thingy that i was looking for, thanks for the link though...

until then...