78
OK. I tested this. After making peekay's hack the registration process works normally if one clicks on register on the site home page and fills in the forms. I used a fake email address for the test user but I did receive the email sent to the admin address advising of the registration.
If I type in mysite/register.php directly I get the error message.
If I type in mysite/modules/profile/register.php I get the normal registration form and the registration process works. I assume this is because accessing that file does generate a referrer.
So, I assume the bot was accessing the mysite/register.php directly and not the profile module register.php? What happens if the bot gets smart enough to look for that file?
I haven't had any registrations with the google url since implementing recaptcha, so recaptcha alone seems to be effective for now.
[Edit] Actually, I decided to try adding peekay's hack to modules/profile/register.php. That works. With the hack in place in both register.php files, you can register normally by clicking on the register link on the home page but if you type in mysite/modules/profile/register.php directly you get the error page.
barryc