I have a community site with a public registration page, i.e. everybody
can register simply by filling a form.

I wonder that a malicious user could write a program to register a million
users at the same time, effectively killing my server.

What are good advices to prevent this? I can think of asking a
question to the user (i.e. "what do you see in that red box?")
to avoid automatic login, or keeping a count of the requests
(if too many registration requests arrive in a short amount of
time, take a break).

Do you have other ideas? What's the best way on handling this
situation, in your experience?

            Michele Simionato