Just a question... I was bombarded last night with 25 new sign-ups from the domain cashette.com where the first and last name fields are identical and all are pending. I know I have deleted these members before because they signup and never confirm the account. No doubt they are spammers but is this a security hole in amember that they are doing an automated signup with or do they have another method the amember can't avoid? The problem is that for every account that signs up with a fake e-mail, I get an e-mail from my hosts MAILER-DEAMON stating that the confirmation e-mail could not be sent. Thankfully there is the confirm account feature though.
I did add the domain to the BAN list. I guess my question is more of how are they signing up in the first place because it doesn't appear they use the form..
it is easy to write a "robot" for signup, and it is not a bug in aMember, it can be done with any registration form. If you are offering paid membership, it is not a problem at all.
Hmm, since evertime it seems that the first name and last name fields are identical and gibberish would it be possible to implement a feature where you could disallow signups where the first and last names match?
It is possible, but does not stop anything. If you contact me via helpdesk (add note "personally for Alex Scott"), I will install CAPTCHA module which we have implemented now.