By a concidence?, I received 20 bogus 'Launchpad: complete your registration.' yesterday night.
So I see what you mean. I see two things we could do to hinder the use of bots on that page:
1) Check the referer on the POST to be the actual form. I bots don't fake sane referer by default, that would stop a few of them.
2) Use a nonce on the form, so that the bots would need to fetch the form and support cookies to register.
I think 2 is probably more robust than 1, but the former is a lot cheaper.
What do you think?
By a concidence?, I received 20 bogus 'Launchpad: complete your registration.' yesterday night.
So I see what you mean. I see two things we could do to hinder the use of bots on that page:
1) Check the referer on the POST to be the actual form. I bots don't fake sane referer by default, that would stop a few of them.
2) Use a nonce on the form, so that the bots would need to fetch the form and support cookies to register.
I think 2 is probably more robust than 1, but the former is a lot cheaper.
What do you think?