John Smith invasion: bot protection
A bot has fun creating an infinite number of accounts named John Smith. All the other fields are filled in randomly. HTTP requests come from different IP addresses but are always of the same size. Therefore, blacklisting the whole IP list is not a viable solution. The accounts are not verified of course.
Here are the consequences on our re2o instance. The creation of these bots "steals" the room numbers of the members since the bot fills all the fields. Every day about half a dozen accounts are created. If they would pay for a connection, that would be cool ^^
Here is an example of a fake account:
I know that @nanoy has some ideas to fix this in re2o. I'll let him detail it in the answer.
With love
OpenSuze