Prevent spammer to abuse registration

From time to time I receive auto-replies coming from email used to register.

That behavior is usually seen when bots spam the register url with hundreds of different email. Fortunately debexpo uses an activation link so spammers cannot get an active account on mentors.d.n. However, that does not prevent the server of sending a high volume of activation link email to people that haven't requested it.

Looking at mentors's logs, I've extracted POST to the register page:

grep '"POST /register/register HTTP/1.0" 200' /var/log/apache2/access.log{,.1} | cut -d ' ' -f 1 | sort | uniq -c | sort -n
     [...]
      7 access.log.1:134.249.147.157
     51 access.log:178.159.37.139
     76 access.log.1:178.159.37.139
    105 access.log:51.91.67.153
    164 access.log.1:51.91.67.153

That's almost 400 unsolicited mails sent over 1 day and half.

I could setup a fail2ban with a custom rule banning HTTP{,S} access for IPs trying to register too often.

The definition of too often is left to defined but we could go for +20 per day per IP for a start.