We have a website that offers paid membership for premium content. Somehow, there are bots/spammers who are adding themselves as new members through EE. They’re not submitting a form through the website, they’re coming directly into EE which nobody has access to except authorized staff members, so it’s a little disconcerting.
We think we’ve locked down EE as much as possible in regards to membership. Accounts need to be approved by staff before they are able to use the website. Accounts also are set to pending status before they are approved. We’ve also added the IP address to the Blacklist within EE.
Oh and we’re running EE 1.7.3, which I believe is the latest version.
Is there anything else we can do to block these requests from being processed?
thanks
geof