Yes I can block by IP. In fact when I have noticed a huge number of the fake registrations coming from the same IP ranges I have in fact blocked those large ranges. Unfortunately the IP ranges tend to be everywhere. I wouldn't be surprised if this was being done via a botnet. Some of the ranges I was unable to block because some of our legitimate users fit into the range.
Thankfully with the moderation setting I can select and delete large numbers of accounts all at once. The sad thing it looks like we are getting 25-50 / day so this will be a never ending process.
On a number of occasions Free-DC will see a botnet attack where I've seen upwards of 300 users (guests) attempting to register at the same time. I get quite a lot of attacks on the stats site too, often with sql injection attempts. Unfortunately it's part of the modern internet. In our forum, I don't delete the users which are spammers but ban them permanently instead, that way their email address and id are at least taken up and can't be re-used
I can ban IP's on the firewall which is cleaner and faster than the filtering done in the forums, just let me know which ones.
Question. Are these botnet attacks coming from for-profit enterprises like mass marketing and the like? Or are they coming from jackasses that like giving site admins and moderators headaches?
We are using that too. It's an option within vBulletin to set Human Verification on and I set it to use Random Font/Size/Slant/Color.
If it's not on here, I would definitely put it on. It stops most bots, but I find users still get through. Likely these are real users paid to join up in order to make basic posts with url links in to try and get people to various sites.
Difficult to stop this automatically, though there is a new option in vBulletin I have not tried which scans posts for spam and removes it, only when the users have less than a set amount of posts. Looks promising and I've been meaning to try it out.
I think there is the option to add an additional question as well. This can deter lazy spammers...or ones who can't answer simple questions like what is 1+1?
These are definitely bots at least in a large number of cases as they have a pattern to the registrations. We are using the maximum complexity graphical imagery for the registration process.
On a good note, it has been almost 24hrs without a spam signup.