Protecting from "registration bots"? [closed]

Question

What is best strategy of protecting from "registration bots". Ones that just POSTing registration forms to my server, creating dumb users.

For my application, it started with just several new accounts per day. But now it became a real problem.

I would like to avoid confirmation mail, as much as possible. What are strategies to prevent this?

Answer 1

You can use a variety of techniques here:

1. Use a CAPTCHA like reCaptcha
2. Present the user with a trivial problem like "2+2=?". A human will be able to respond correctly where as a bot won't.
3. Add a hidden text field to your form. Bots are programmed to fill in every field they can. If you find that the hidden field has some data in it when the form was submitted, discard the request.

Answer 2

Use something like reCaptcha

Answer 3

Any kind of captcha will do it. eg: reCAPTCHA, but for popular bots a simple check like: "from the following checkboxes below please select the nth one" will do it.

Also, if you use a popular app like phpBB, just a little tweaking of registration page will do it.

If your site is very popular, then it's a different story altogether, and there will be always a way to write bots specifically designed for your site, but these basic tricks should be enough to stop generic bots.