I am looking for the current best practice for defending against this problem.

Registrations of new users that by pass even private and captcha security.

DNN installations need to be secure and they need the registration function.

I have read a number of solutions, most commonly involving customized registration pages and recaptcha.

I am looking for input on how to best solve this so i don't have to customize login pages each time I create a site.

the solution should also allow for updates of dnn platform.

IF you can disable registration, do that.

If not, require that administrators have to accept registrations.

Using reCaptcha and custom login pages will help with the above, or if you have registrations enabled.

I believe that our friends over at DNNHero.com comver this topic in some detail.

thanks,
the first works only if you dont need to register users.
the second is difficult because the bots create hundreds and thousands of new registrations..... takes too much administrative time to manage these.
If its an eCommerce site you would have to approve the account prior to making sales....unless you do anonymous sales...which is ok for an option but defeats the capture of clients power of a website....

the third seems to be the best available, however if you are dealing with multiple sites its a lot of work......

thanks for your response, Ill look at dnnhero and see what they suggest.

Granted, some use cases are much more difficult than others.

If your attacks are coming from specific IPs or a range of IPs, you can block them at the IIS level. There may also be services to which you can subscribe that will allow you to check for blacklisted IPs, much like email blacklisting works.