Hello Hexide,
You’re right; I also proposed this “shared secret” used for hashing (see link automated-device-ids).

so I missed

• Devices upload interval is unusual
• Devices timestamp-value is dubious

Does someone have other (maybe mathematical) ideas, to detect suspicious data?

By the way
you also can LIMIT the number of queries in MySQL.

Maybe one MySQL-user per device is too much but user-groups for special urad und DIY-devices may be good. (See: http://dev.mysql.com/doc/refman/5.0/en/user-resources.html).

So one group can’t totally overload the server, and others can still store data.

Example: You could now use one new user for online requests (SELECT) only.
If you limit this user, the database will always be able to store new data.
Vinz