Protecting the forum from auto signups (Page 1 of 2)

If this were integrated with the board (and I think it is a good idea) it would have to be an option within the administration section. This would require the GD lib and not all hosts support that.

Mmm
Someone could create a mod for this

I generally dislike the use of images for this. There must be a better way.

I don't think that something that strengthens site security should be considered a mod.  Maybe it could start out that way to see how well it works and effects speed & performance.

How come?

Would you realy need to have a seperate user group setup?  Could it just be done with a boolean "on or off" in the user account information that could only be changed by an admin?

New user signs up.  Gets email confiming sign up
Admin(s) get email that a new user has signed up. 
Admin Validates
New user get an email confirmation.

One of the problems I see with this is that some "legit" users may get turned off by waiting for the admin to validate the registration.  Some admins don't visit their message board as much as ours does

The validating user group is only temporary - as soon as the admin approves them, and the user validates their registration, they are automatically changed from 'validating' to 'member'.  When you view a person's profile who hasn't been approved yet, their user group clearly states 'validating' to identify that they are awaiting approval / validation.  Nobody stays in that group for long - they are either approved or rejected.  Perhaps it could be done the way you suggest - the admin simply toggles their status before approving them, but the default when a user signs up would have to be 'on' (on = validating).

If you run a busy forum, you are at the forum daily, probably several times a day.  The one that I am an admin at - there are 2 of us that are admins - the 'queue' gets checked regularly, as in at least twice daily.  It's part of the job.

This would probably not be something that a small forum would need; however, a busy one like the one that I'm speaking of, would definitely benefit from this.

As far a 'legit' user getting turned off, if they truly want to join, then they'll wait for approval.  I have yet to run into one who didn't have the patience to wait a few hours to have their registration approved.

Rickard:  Isn't the GD lib package with PHP now?  They only thing I had to do with my host was to use an htacess file that included it in the PHP path.  But I can see where this would be a problem with Windows Server.  I don't have much server experience other than toying with one at home.  I guess I am one of the lucky ones to have a host that  has it.

Thanks for the input.

Well a friend of mine made me some image verification code a while back, I just never got around to implementing it into my game. The code is relatively small (11 lines). Only problem with it would be 1) possible server load like Rickard said and 2) determining the color of it with the default style of your forum.

I'd be willing to do this up though. It looks like some of you want it. Just let me know.

Which is basically exactly what we do today

The gd lib is required if you want to, for example, use ttf fonts and rotate them etc. It is possible to make this captcha image without gd lib. I have to make this happen for my forum so why not publish it as a mod after I'm done, unless someone beats me to it.

E-mail thing doesn't really help. Database gets a new record, e-mail get's sent and so on creating dos effect without user ever responding to the e-mail. Been there, deleted accounts.

Can you run cron jobs? If so then you could write a script to remove accounts that have not been authenticated after some arbratary timeframe such as 7days.

7 days is too late i guess servers already died by then lol