Hi,

Well, I have been deleting them all pretty quickly - but they are probably bots. I didn't realize tha unactivated accounts are automatically deleted after 24 hours. If that's true then I will leave them and see if they actually get activated or not. If not, then problem solved!

Note that I’m using a heavily modified mlf 1.8beta – not 2.x. In my register.php (just after requiring the captcha) there is a line:

# remove not activated user accounts:
@mysql_query("DELETE FROM ".$db_settings['userdata_table']." WHERE registered < (NOW() - INTERVAL 24 HOUR) AND activate_code != '' AND logins=0", $connid);

That comes handy. Every time the script is called, not activated accounts are deleted. The more bots try to register, the faster. If less, it may take longer than 24 hours, of course.

Well, all captchas are going to inevitably be harder for accessibility visitors to deal with […]

Agree with Auge.

In the past I used ZB-Block from spambotsecurity, which worked perfectly for years.

So did I. Had to switch it off cause I changed my site to TLS and I couldn’t get it working (was locked out myself)…

The original author stopped supporting it awhile back - but it's development has been picked up by someone else …

I saw this thread at the SFS-forum and considered it as well. Was weary to give it a try (operation on the open heart).

… so while it's a bit of a kludge to configure at first it is definitely the best protection against spam I've ever used.

Past tense? Don’t you use it any more? If yes, why?

More comments in a reply to Auge.