Admins seem to only have 2 ways to deal with possible spambots and fake user registrations:
1. use some sort of plugin/mod like captcha, etc., which are never perfect, or
2. close registrations and manually add new users, which is really only feasible for very small organizations
My idea is to add a third option for admins of non-public forums:
1. user clicks "register" on site
2. site takes them to a simple, 1-field form that says "enter our Organization Passcode"
3. user enters passcode (same for everyone in organization)
4. if correct, user gets taken to the regular registration form, where they create a username, password, etc.
Requirements:
1. Only usable for non-public sites (ex: internal business forum, mmorpg guild sites, family forums, etc.)
2. The organization would have to provide the "passcode" to new members before they register
3. Only 1 passcode exists at a time, but it could be changed in the ACP. (existing users would never need it, only new registrations). The passcode would be changeable in case it got out to the general public.
4. Original registration form would be renamed, and this new passcode form would be named ucp_register.php so that clever people/bots couldn't just bypass the form and go straight to the original registration form.
Example:
You get hired by a company... say, "AAA Advertising Inc.". Now let's suppose they have 1000's of employees nationwide, so have decided on a private forum to discuss campaign ideas, etc.
Your new boss tells you "Here's the address of our forums. When you click 'register' it'll ask you for our Passcode... enter AdvertizingIsAwesome."
Nobody outside of AAA Advertising Inc would know the passcode, so no person/bot would ever be able to register and post porn/viagra links.
Nobody who has registered on the site would ever need the passcode ever again. It's a 1-time redirect, only at original forum registration.
Hope all this makes sense... I'm running on no sleep.
-- I suppose another method would be to simply add an "Organization Passcode" field right into the registration form itself, and add a place in the ACP to set/change the passcode. (Rather than a second form)