Hello,
I maintain a site that has a page that is restricted to authorized users. They must fill in a form that contains a captcha math box, when the form is properly filled in the user is passed to a registration form. When they submit the registration form they are added to the users of the site as un-authenticated. The users are set to be automatically removed in 2 days if they do not authenticate their account via the email message sent from Drupal. Lately we have had people fill in the information with fake information including email addresses. They fill in the first form, then the second and submit it which sends the email to me they have created an account. The problem is that I cannot find their account to delete them. I have followed the same steps using fake information but everytime I submit the second form the un-authenticated user is added to the list of users. How are they able to not have their username added to the user list?? The only answer I have is they can somehow delete their account. That is really scary. Does anyone have an idea of what is happening?