[support] Many false applications for accounts
Jamie Holly
hovercrafter at earthlink.net
Sat Apr 5 14:23:01 UTC 2014
That's a huge problem that started a couple of years ago. There are some
companies out there actually paying people X dollars for registering Y
accounts on different sites. One of my clients was getting up to 1,000
registrations a day last year from these people. We finally let some
through for a couple of days to post their spam, then checked what all
the links were going to. They were different sites, but owned by one
company in the UK. The lawyers sent this company a letter and it stopped.
The really sad part about this new tactic is that your options are
greatly limited to the point of non-existent on stopping them. Since
they are humans doing actual registrations, any attempts to thwart them
will also get the regular users trying to sign up. You're left with
actual human moderation to combat them.
Globally 2013 saw huge spikes in spamming activity. These people are
getting more bold, and that does lead to us having to rethink a strategy
to combat them. Here's some possibilities:
- Limit the number of registrations by IP in a given time frame. Either
block or require admin authorization on future attempts. This works to
an extent, but if people use something like Tor to register, then it
doesn't.
- Create moderation displays, showing the first 5 posts and comments
from new registrations.
- If you allow new users to post content, force the new post to a draft
and email site administration/moderators to approve it. Once they get X
approved posts, then they can publish.
- Depending on your site and users, require admin authorization on
certain IP's based upon their geographical location (requires GeoIP
library or 3rd party API).
No solution is perfect, but I have used a combination of these in the
past for clients and they have been very happy with the results. Most
options are only doable via custom coding though.
Jamie Holly
http://hollyit.net
On 4/5/2014 8:51 AM, Walt Daniels wrote:
> I get them to, but it is not mollom's fault. They are actually
> registering and typing the captcha just like a legitimate user. In our
> case they even have to use a legitimate email as they cannot do
> anything more than an anonymous user until the verify their email. I
> don't see any pattern I could apply to the user names that would
> distinguish them from our valid users who have some pretty weird
> usernames. You could find or right a module that enforced using "real
> names", i.e. John Doe. But I even got some like that that turn out to
> be spammers.
>
>
> On Sat, Apr 5, 2014 at 8:13 AM, Linda Romey <lromey at gmail.com
> <mailto:lromey at gmail.com>> wrote:
>
> I am having the same issue. Have you contacted Mollom? That's on
> my to-do list. I'm not sure of the value of the monthly fee if I
> still have to continually monitor my site and delete spam accounts
> manually.
>
>
> On Sat, Apr 5, 2014 at 8:09 AM, James Rome <jamesrome at gmail.com
> <mailto:jamesrome at gmail.com>> wrote:
>
> I have Mollom installed, but yet a handful of account applications
> escape their captcha/analysis each day. The problem is that
> the only
> obviously wrong field is the username, which is not listed as
> a field in
> the Mollom configuration. I get names such as: qropspension_5362
>
> Is there any other way to get rid of these would-be spammers?
>
> --
> James A. Rome
>
> http://jamesrome.net
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
>
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20140405/7f24122e/attachment.html
More information about the support
mailing list