I have a little webpage where you can login/register for now. Everything is completed, but I wanted to make it more secure for me - server side.
For now, there is a validation of your inputs, but if the inputs are correct, it's going to register a user and send verification e-mail. I'm bit scared that someone is going to make some bot, that will generate random valid inputs and flood my database.
I was thinking about the IP addresses table in my database so I can limit one IP to register just 3-4 users, but than I realized that there is a lot of local ISPs, that are using one public IP for multiple hosts and it wouldn't be so good. I was thinking about making some cookie too, so the cookie will ban a user for a while after 5 registrations, but the user can easily remove the cookie and start once again.
I've got a little cron job, that cleans-up unverified users after a week, but that's a lot of time, so that wouldn't help me too.
Do you have any suggestions how can I do it? I want to write it in php-mysql, but if there is a better way to do it in js or any other language, I'm opened for suggestions. Maybe anyone has some experiences with stuff like that? Thank you.
Use CAPTCHA to prevent automatic form spoofing.
The term CAPTCHA (for Completely Automated Public Turing Test To Tell Computers and Humans Apart) was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University.