[support] Many false applications for accounts

Sat Apr 5 15:12:03 UTC 2014

Take a look at the spambot module. This module will check to see if an
entered email address is in their database of know spammers and will not
let them register if it is.

Ken

On Sat, Apr 5, 2014 at 10:23 AM, Jamie Holly <hovercrafter at earthlink.net>wrote:

>  That's a huge problem that started a couple of years ago. There are some
> companies out there actually paying people X dollars for registering Y
> accounts on different sites. One of my clients was getting up to 1,000
> registrations a day last year from these people. We finally let some
> through for a couple of days to post their spam, then checked what all the
> links were going to. They were different sites, but owned by one company in
> the UK. The lawyers sent this company a letter and it stopped.
>
> The really sad part about this new tactic is that your options are greatly
> limited to the point of non-existent on stopping them. Since they are
> humans doing actual registrations, any attempts to thwart them will also
> get the regular users trying to sign up. You're left with actual human
> moderation to combat them.
>
> Globally 2013 saw huge spikes in spamming activity. These people are
> getting more bold, and that does lead to us having to rethink a strategy to
> combat them. Here's some possibilities:
>
> - Limit the number of registrations by IP in a given time frame. Either
> block or require admin authorization on future attempts. This works to an
> extent, but if people use something like Tor to register, then it doesn't.
> - Create moderation displays, showing the first 5 posts and comments from
> new registrations.
> - If you allow new users to post content, force the new post to a draft
> and email site administration/moderators to approve it. Once they get X
> approved posts, then they can publish.
> - Depending on your site and users, require admin authorization on certain
> IP's based upon their geographical location (requires GeoIP library or 3rd
> party API).
>
> No solution is perfect, but I have used a combination of these in the past
> for clients and they have been very happy with the results. Most options
> are only doable via custom coding though.
>
> Jamie Hollyhttp://hollyit.net
>
> On 4/5/2014 8:51 AM, Walt Daniels wrote:
>
> I get them to, but it is not mollom's fault. They are actually registering
> and typing the captcha just like a legitimate user. In our case they even
> have to use a legitimate email as they cannot do anything more than an
> anonymous user until the verify their email. I don't see any pattern I
> could apply to the user names that would distinguish them from our valid
> users who have some pretty weird usernames. You could find or right a
> module that enforced using "real names", i.e. John Doe. But I even got some
> like that that turn out to be spammers.
>
>
> On Sat, Apr 5, 2014 at 8:13 AM, Linda Romey <lromey at gmail.com> wrote:
>
>> I am having the same issue. Have you contacted Mollom? That's on my to-do
>> list. I'm not sure of the value of the monthly fee if I still have to
>> continually monitor my site and delete spam accounts manually.
>>
>>
>> On Sat, Apr 5, 2014 at 8:09 AM, James Rome <jamesrome at gmail.com> wrote:
>>
>>> I have Mollom installed, but yet a handful of account applications
>>> escape their captcha/analysis each day. The problem is that the only
>>> obviously wrong field is the username, which is not listed as a field in
>>> the Mollom configuration. I get names such as: qropspension_5362
>>>
>>> Is there any other way to get rid of these would-be spammers?
>>>
>>> --
>>> James A. Rome
>>>
>>> http://jamesrome.net
>>>
>>> --
>>> [ Drupal support list | http://lists.drupal.org/ ]
>>>
>>
>>
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
>>
>
>
>
>
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20140405/dda816fd/attachment-0001.html 