I tried looking to see if this issue has been discussed yet but I could not find a thread for it. For a couple of months now I have to go in and periodically delete several website accounts that get created from spam sites/advertisements like Viagra, adult entertainment, water heaters, etc. I haven't had any particular issues yet with the exception of 3 people in the guild getting their WoW accounts hacked into over the last several months. I don't know that this has been the cause of the hacking but I wanted to bring it to attention.
These accounts get created without any 'Alert' coming up for authorization approval even though the settings indicate an approval is required. These accounts also haven't been "Validated" as the Manually Validate Account button is on all of them.
Is there a reason this happens and is it something to be worried about? Is there a way to prevent it or is the only solution to go in and periodically delete these accounts over and over?
It's nothing to worry about really. I've been debating sticking the verification code stuff on the account creation form just like it is on the application.
The accounts that are being created are never verifying their email address, which is why you're not getting the prompt to authorize the accounts.
The process goes like this:
1) Create the account 2) Verify the email address 3) Admin authorizes the account
If (2) never happens, you'll never get prompted for (3).
This certainly would have nothing to do with accounts getting hacked. These are just spiders that crawl the web looking for forms to fill out and fill it out with it's spam.
One last question I forgot to include. Can these accounts post to the website without being validated. I haven't had any of them do it so I would think not but just wanted to verify.
One last question I forgot to include. Can these accounts post to the website without being validated. I haven't had any of them do it so I would think not but just wanted to verify.
Nope. No account can interact with the site without first validating the email address.