On 10/31/2012 03:42 AM, support-request@drupal.org wrote:
I have several drupal sites and I constantly get barraged with requests for accounts. I have Image CAPTCHA setup on all these sites and still I'm still getting 20 requests a day, mostly from China. Anyone able to share what these people/automatons are trying to do? How are they getting through CAPTCHA? How can I stop them? I am running a pretty old version of Drupal on a couple of sites, but even with almost current versions they flood in.
Thanks for any help you can offer.
I think we may find that it's actual live people doing this and getting paid for it. Blocking their their ip address is almost useless as blocking their email addresses which are almost always phony. The only way I can see is for captcha to be quite different.
Our sites could have a random series of say 10 or 20 images so that for every request a different image is displayed. To request membership or to log in, a real person would have to answer questions about the displayed image. Roger