I had to make a couple important updates to the site today. Turns out someone/something registered on the site to phish the email I use in the registration forms and used it to send spam to that address. It had been spam-free up to today (A good, long run)
So, my response:
- Updated the Terms of Service for registration.
- Setup something new for the anti-spam system. It now relies on one of several random images.
- Got rid of the contaminated email and and re-setup my contact page to direct to that one.
- Changed the email "Reply-to" to an existing junk email account, which I don't care if anything happens to it, because I never read or use it.
- Dropped the banhammer on an account for violating me in such a way. I had setup a 'banned' option when I first re-built the site in PHP. Took this long to actually use it for the first time...
There is no reason for me to tolerate this, and given that the account was never validated, I have strong reason to believe it was created for this specific purpose.