by LAokay on Wed Aug 26, 2009 2:44 pm
It's so the database won't grow to such a large size with unactivated spambot accounts, or just unactivated users in general.
Maybe you have unlimited hard drive space and unlimited time to maintain a message board but I don't. I need an easier way to stop the spambots from filling up my database with junk.
The captcha doesn't seem to do that much when in a few days I can have over 100 spambot accounts un-activated on my message board. Granted they are not activated, but through the ACP it will timeout when trying to remove the unactivated accounts (even with a 5 minute timeout), and I have to used a sql database editor to do it manually, or I could spend days trying to remove accounts through the ACP, one at a time (so it won't timeout after 5 minutes).
My request I believe will stop the bots in their tracks when they can't even get an unactivated account unless they confirm their email right then and there. Basically right now it creates the unactivated account, and then sends the email. I would prefer it doesn't even create the account until a validation code is entered from that person's email (if it is a person at all).
Think of it as you are at a car dealership and they won't let you test drive a car unless you show your drivers license to them.
They'll let you sit in the car, but not drive it. I don't want anybody sitting in the cars unless they're going to drive them.
So basically this would force a real person to check their email just before registration/activation is complete, put in the code in that email, and then registration/activation is complete. Does it matter that the email was sent mid-registration? All spambot accounts that then put in a fake email address will not get an account, and there won't be hundreds or thousands of spambot accounts sitting at the end of a week waiting for me to remove them all.
Or does somebody else have a better idea?