[support] Spammers
Earnie Boyd
earnie at users.sourceforge.net
Wed Oct 31 11:45:35 UTC 2012
On Tue, Oct 30, 2012 at 7:41 PM, Roger wrote:
> On 10/31/2012 03:42 AM, support-request at drupal.org wrote:
>>> >I have several drupal sites and I constantly get barraged with requests
>>> >for accounts. I have Image CAPTCHA setup on all these sites and still I'm
>>> >still getting 20 requests a day, mostly from China. Anyone able to share
>>> >what these people/automatons are trying to do? How are they getting
>>> >through CAPTCHA? How can I stop them? I am running a pretty old version
>>> >of Drupal on a couple of sites, but even with almost current versions they
>>> >flood in.
>>> >
>>> >Thanks for any help you can offer.
> I think we may find that it's actual live people doing this and getting
> paid for it.
> Blocking their their ip address is almost useless as blocking their
> email addresses which are almost always phony.
You could always validate the email address. See
http://drupal.org/project/email_verify for a module that is already
written. The D7 version only has a 7.x-dev release. At least you
wouldn't have invalid email addresses. Also you could capture the
bounced registration email from the server and force a delete of the
user in your Drupal system.
> The only way I can see is for captcha to be quite different.
>
> Our sites could have a random series of say 10 or 20 images so that for
> every request a different image is displayed. To request membership or
> to log in, a real person would have to answer questions about the
> displayed image.
But a person could get that correct. Another method is a two step
registration. The user gives user name and email address, the
verification needs to occur or the account is automatically deleted
after X days. I would set X to 3. You might be able to do that with
the rules module or one of the registration contrib modules.
--
Earnie
-- https://sites.google.com/site/earnieboyd
More information about the support
mailing list