My problem is that I've been receiving some rather wierd registrations over the past month. The best way of spotting one is via the username: They always contains 4 random characters followed by "0001". In addition, the password featues the same 4 random characters but an additional 2 random characters instead of the "0001". Eg:

Username: qoei0001
Password: qoeiei

In addition, these registrations manage to get through without entering a first or last name (although sometimes random names appear to be entered). This is a bit strange because there we use javascript to redirect anyone if they haven't given a first name.

After looking at the IP address of these registrations and performing trace routes, the majority of the appear to originate from CHINANET - most commonly in the Guangdong Province.

I've tried restricting as many IP address ranges in IIS as I can i.e. 61.139.*.* to 61.149.*.* and a few others but every day more seem to come through on different IP addresses i.e. today one came from 202.104... which was also CHINANET.

Is there anyway I can simply restrict the whole ISP. I'm not worried about losing any genuine registrants from CHINANET as my website is a UK site.

Also, does anyone know how and why these registrations could be happening in the first place?

Look forward to a response.

Simon

[edited by: smg2001 at 1:34 pm (utc) on Jan. 17, 2003]