> So, this dude from Poland managed to register without a first name, > without a last name and likely without an invitation code. I'll deal > with the EE issues separately, but is there a known issue where > someone can mess with the jquery in the page to bypass the validation > that is running? >
As David said, client-side validation is purely for the benefit of the user--it offers no security to your site. All you need to do is to turn off JavaScript to bypass the validation (however, the spammer is problem just using a bot to post directly to your submission page.) -Dan