User account injection problem?

I'm not finding any mention of it anywhere, but I have a forum where someone is creating around 30 user accounts daily. There's nothing in the raw server logs, so it doesn't appear he's using Curl.

The accounts are all random and have fake email addresses, so they just sit in the bin to delete them. Has anyone heard of this?

require email verification and image verification - at least for awhile. That'll stop him...

I do require email verification. The bot always uses nonsense email addresses, so the accounts never become active.

I assume the image verification is some sort of hack? I can't see the point of why the attacker is creating accounts.

I assume the image verification is some sort of hack?

It's a standard feature you can enable under user registration options.

You should also check the IP. Maybe it's one you can easily ban w/o affecting others.

It is either a DoS attempt (fill up your database with junk and flood the server) or a worm or both.

The best defense is definitely Visual Confirmation (aka captcha). Email verification won't stop this sort of attack because they never want to actually sign in... just to create havoc. This was the ploy used by the "Turkish hackers" last fall.

Well the image-verification seemed to stop it, but I'm planning on keeping an eye on it.

You are right that it seems like a disruption style attack. Kids these days :)