Hi TJ,

We have a Query Tool built in to mojoPortal that you could use to access the database. It is disabled by default but you can enable it if you at least have access to Web.config/user.config.

I have seen these bots on this site for several weeks now. I guess its a sign of mojoPortal becoming more popular that people are writing bots to automate registration. On this site we require email validation for registration so the accounts it has created have all been locked accounts that never got activated. I don't really want to add barriers to legit registration on this site so I'm just monitoring closely for these, if it gets worse I guess I'll have no choice but to add a captcha on the registration page as you did but for now its manageable by monitoring.

I've created a saved query in the Query Tool to find them and then I just look them up in the member list and find the ip address and block it. That stops it for a while at a time but some days later it starts up from a new ip.

SELECT UserID, Name, Email, Pwd, PasswordAnswer, DateCreated FROM mp_Users WHERE Pwd = 'super123' ORDER BY UserID DESC

I guess it could change over time and a different query might be needed but so far they have all used the same password and the same answer to the password question though various questions.

Hope that helps,

Joe

looking at mine again I see you are right there is more variation in the question and answers though they do re-use them, the password has been the most reliable.

What I do is then get the ip address and search for other users with the same ip address.

It was a bit of work finding the common password, I got a local copy of the db and site and changed from encrypted to clear text to query them so you may not be able to do it from query tool unless the site is using clear text. 

Best,

Joe