So they are using a whole bunch of accounts in an effort to conceal their identity? And they hope that one of the accounts will be approved for full access to adult material, without the sysop really knowing who they are?
Yes, the intention is to get one approved without the SYSOP really knowing who he approves.
Do you always check the phone number supplied as part of the registration process or wait until the user abuses the BBS? It seems that someone could simply start taking names out of the phone book if he wanted to conceal who he really is...
I used to check phone numbers, now I only check those of users with strange names or wait until they abuse the system. The first thing I check when someone abuses my system is their identity. If it's fraudulent, I put the account in the system kill file and they can no longer login. I use a pretty good method for allowing access to adult areas. A consent form must be filled out and signed. Then it is mailed to me with a photocopy of the same person's driver's license (SSN can be blacked out, I'm not concerned with it). I file it away and give them access if it looks correct. Generally, I detect system abuse pretty soon after it occurs. Then, I handle the situation as quickly and efficiently as possible. The same user rarely tries it again. I did voice validate all of my users, but that got to be tedious, so I just check when something happens. Many BBS's require that they be able to call a user back directly before granting full access. This would not work over the Internet, a University modem pool like many were using here, or long distance for the cheap SYSOP. There are, however, a flurry of programs that perform "automatic call-back telephone number verification." Chael Hall -- Chael Hall nowhere@bsu-cs.bsu.edu, 00CCHALL@LEO.BSUVC.BSU.EDU, CHALL@CLSV.Charon.BSU.Edu (317) 285-3648 after 3 pm EST