[support] Many false applications for accounts
Jamie Holly
hovercrafter at earthlink.net
Sat Apr 5 15:19:56 UTC 2014
I've used the before. It helps. About 3 years ago it was catching 75% of
them. Now it's down to less than 10%.
Jamie Holly
http://hollyit.net
On 4/5/2014 11:12 AM, Ken Robinson wrote:
> Take a look at the spambot module. This module will check to see if an
> entered email address is in their database of know spammers and will
> not let them register if it is.
>
>
> Ken
>
>
> On Sat, Apr 5, 2014 at 10:23 AM, Jamie Holly
> <hovercrafter at earthlink.net <mailto:hovercrafter at earthlink.net>> wrote:
>
> That's a huge problem that started a couple of years ago. There
> are some companies out there actually paying people X dollars for
> registering Y accounts on different sites. One of my clients was
> getting up to 1,000 registrations a day last year from these
> people. We finally let some through for a couple of days to post
> their spam, then checked what all the links were going to. They
> were different sites, but owned by one company in the UK. The
> lawyers sent this company a letter and it stopped.
>
> The really sad part about this new tactic is that your options are
> greatly limited to the point of non-existent on stopping them.
> Since they are humans doing actual registrations, any attempts to
> thwart them will also get the regular users trying to sign up.
> You're left with actual human moderation to combat them.
>
> Globally 2013 saw huge spikes in spamming activity. These people
> are getting more bold, and that does lead to us having to rethink
> a strategy to combat them. Here's some possibilities:
>
> - Limit the number of registrations by IP in a given time frame.
> Either block or require admin authorization on future attempts.
> This works to an extent, but if people use something like Tor to
> register, then it doesn't.
> - Create moderation displays, showing the first 5 posts and
> comments from new registrations.
> - If you allow new users to post content, force the new post to a
> draft and email site administration/moderators to approve it. Once
> they get X approved posts, then they can publish.
> - Depending on your site and users, require admin authorization on
> certain IP's based upon their geographical location (requires
> GeoIP library or 3rd party API).
>
> No solution is perfect, but I have used a combination of these in
> the past for clients and they have been very happy with the
> results. Most options are only doable via custom coding though.
>
> Jamie Holly
> http://hollyit.net
>
> On 4/5/2014 8:51 AM, Walt Daniels wrote:
>> I get them to, but it is not mollom's fault. They are actually
>> registering and typing the captcha just like a legitimate user.
>> In our case they even have to use a legitimate email as they
>> cannot do anything more than an anonymous user until the verify
>> their email. I don't see any pattern I could apply to the user
>> names that would distinguish them from our valid users who have
>> some pretty weird usernames. You could find or right a module
>> that enforced using "real names", i.e. John Doe. But I even got
>> some like that that turn out to be spammers.
>>
>>
>> On Sat, Apr 5, 2014 at 8:13 AM, Linda Romey <lromey at gmail.com
>> <mailto:lromey at gmail.com>> wrote:
>>
>> I am having the same issue. Have you contacted Mollom? That's
>> on my to-do list. I'm not sure of the value of the monthly
>> fee if I still have to continually monitor my site and delete
>> spam accounts manually.
>>
>>
>> On Sat, Apr 5, 2014 at 8:09 AM, James Rome
>> <jamesrome at gmail.com <mailto:jamesrome at gmail.com>> wrote:
>>
>> I have Mollom installed, but yet a handful of account
>> applications
>> escape their captcha/analysis each day. The problem is
>> that the only
>> obviously wrong field is the username, which is not
>> listed as a field in
>> the Mollom configuration. I get names such as:
>> qropspension_5362
>>
>> Is there any other way to get rid of these would-be spammers?
>>
>> --
>> James A. Rome
>>
>> http://jamesrome.net
>>
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
>>
>>
>>
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
>>
>>
>>
>>
>
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20140405/a93093af/attachment.html
More information about the support
mailing list