I have launched my first production site based on FuelPHP today... Soon after we went life we got suspicious user registrations with weird emails. I have searched for those emails in Google and soon find out are probably some spam bots or something... How do you protect against this. Can they do any damage?
CAPTCHA's, hide a unneeded field with css - and if it's filled out deny the post, etc.. there are quite a few different ways to protect against spam, each with their own benefits and downfalls
Yes I know for captcha, I dont want to have that since it is totally NOT user friendly, didn't know about the technique about hidden text field. I have read about it now and looks like a good and simple solution. Will try it out and see if it works.
Would be nice thing if this was part of auth, or am I wrong?
I don't see it as being part of auth, because it all depends on how you want to implement the forms. Do you want spam protection? Which CAPTCHA library do you want to use if any? Do you want to use the hidden field technique? Do you want to use both? Do you have some other method that you prefer? That's stuff that an auth system should really leave up to the developer of the app.