I have a little webpage where you can login/register for now. Everything is completed, but I wanted to make it more secure for me - server side.
For now, there is a validation of your inputs, but if the inputs are correct, it's going to register a user and send verification e-mail. I'm bit scared that someone is going to make some bot, that will generate random valid inputs and flood my database.
I was thinking about the IP addresses table in my database so I can limit one IP to register just 3-4 users, but than I realized that there is a lot of local ISPs, that are using one public IP for multiple hosts and it wouldn't be so good. I was thinking about making some cookie too, so the cookie will ban a user for a while after 5 registrations, but the user can easily remove the cookie and start once again.
I've got a little cron job, that cleans-up unverified users after a week, but that's a lot of time, so that wouldn't help me too.
Do you have any suggestions how can I do it? I want to write it in php-mysql, but if there is a better way to do it in js or any other language, I'm opened for suggestions. Maybe anyone has some experiences with stuff like that? Thank you.