We recently started getting a bunch of spammer registrations using Live Forms with reCaptcha as the only means of registering users. We have some required fields on the form that are mapped to profile fields that are also required. The spammers are managing to register without the required fields. The only completed fields on the accounts are username and email. I cant figure out how they are getting through, but I have just been forced to change our public registration to verified. Has anyone experience this using Live Forms?
Check your IIS logs for source of Registrations. What version of DNN are you on? Previous versions have many known vulnerabilities.
Also, if you have required fields on the Forms and user are registering without it then it's likely not the Live Forms where they're registering from; since Live Forms does have server side checks for both field validation and recaptcha.
Thanks Mandeep. After digging deeper I found an older instance of the Live Forms module without the captcha that was previously used for registration before we changed the process, and it was still on a public page. I knew there must've been something I was missing.