[support] Spammers

[Earnie Boyd]

On Tue, Oct 30, 2012 at 7:41 PM, Roger wrote:
> On 10/31/2012 03:42 AM, support-request at drupal.org wrote:
>>> >I have several drupal sites and I constantly get barraged with requests
>>> >for accounts.  I have Image CAPTCHA setup on all these sites and still I'm
>>> >still getting 20 requests a day, mostly from China.  Anyone able to share
>>> >what these people/automatons are trying to do?  How are they getting
>>> >through CAPTCHA?  How can I stop them?  I am running a pretty old version
>>> >of Drupal on a couple of sites, but even with almost current versions they
>>> >flood in.
>>> >
>>> >Thanks for any help you can offer.
> I think we may find that it's actual live people doing this and getting
> paid for it.
> Blocking their their ip address is almost useless as blocking their
> email addresses which are almost always phony.

You could always validate the email address.  See
http://drupal.org/project/email_verify for a module that is already
written.  The D7 version only has a 7.x-dev release.  At least you
wouldn't have invalid email addresses.  Also you could capture the
bounced registration email from the server and force a delete of the
user in your Drupal system.

> The only way I can see is for captcha to be quite different.
>
> Our sites could have a random series of say 10 or 20 images so that for
> every request a different image is displayed. To request membership or
> to log in, a real person would have to answer questions about the
> displayed image.

But a person could get that correct.  Another method is a two step
registration.  The user gives user name and email address, the
verification needs to occur or the account is automatically deleted
after X days.  I would set X to 3.  You might be able to do that with
the rules module or one of the registration contrib modules.

-- 
Earnie
-- https://sites.google.com/site/earnieboyd