So im trying to develop a multiplayer game in Unity. I have login/register scenes and so on. I’m using PHP to proceed the login/register requests. The thing i want to do is to limit the user from creating more accounts in a short time, i want to limit his requests to the server. He could use some spam bot to create unlimited accounts and overload my database. I was considering making the anti-spam system to work in the following way. When the user creates 5 accounts in less than 20 seconds using the same IP adress, then the PHP would deny his request. But i somehow feel that this wont be enough. What if he is using much more advanced way to overload my database, and for each account that he registers to my database, he changes his IP? He could also register 100 accounts in 0.01 seconds which would overload my database and cause my webhost to shut down my website. (My website contains the PHP files that are used to proceed the requests from my Unity application). Please i need some help over here, thanks for the attention.
You would need ask, why would you allow to create more than one account for same user.
Look into current countermeasures, when creating accounts on various websites.
Emails, captcha, ip, device, just to name few.