[support] Many false applications for accounts

Muzaffer Tolga Ozses tolga at ozses.net
Sat Apr 5 15:32:17 UTC 2014 

At this point, may I suggest a spam prevention module that I wrote? It's
called spaces_enforced and as the name implies, I force users to put spaces
in usernames. New version also allows you to set your own character and how
many of this character should occur in the username.
On 5 Apr 2014 18:22, "Jamie Holly" <hovercrafter at earthlink.net> wrote:

>  I've used the before. It helps. About 3 years ago it was catching 75% of
> them. Now it's down to less than 10%.
>
> Jamie Hollyhttp://hollyit.net
>
> On 4/5/2014 11:12 AM, Ken Robinson wrote:
>
> Take a look at the spambot module. This module will check to see if an
> entered email address is in their database of know spammers and will not
> let them register if it is.
>
>
>  Ken
>
>
> On Sat, Apr 5, 2014 at 10:23 AM, Jamie Holly <hovercrafter at earthlink.net>wrote:
>
>>  That's a huge problem that started a couple of years ago. There are
>> some companies out there actually paying people X dollars for registering Y
>> accounts on different sites. One of my clients was getting up to 1,000
>> registrations a day last year from these people. We finally let some
>> through for a couple of days to post their spam, then checked what all the
>> links were going to. They were different sites, but owned by one company in
>> the UK. The lawyers sent this company a letter and it stopped.
>>
>> The really sad part about this new tactic is that your options are
>> greatly limited to the point of non-existent on stopping them. Since they
>> are humans doing actual registrations, any attempts to thwart them will
>> also get the regular users trying to sign up. You're left with actual human
>> moderation to combat them.
>>
>> Globally 2013 saw huge spikes in spamming activity. These people are
>> getting more bold, and that does lead to us having to rethink a strategy to
>> combat them. Here's some possibilities:
>>
>> - Limit the number of registrations by IP in a given time frame. Either
>> block or require admin authorization on future attempts. This works to an
>> extent, but if people use something like Tor to register, then it doesn't.
>> - Create moderation displays, showing the first 5 posts and comments from
>> new registrations.
>> - If you allow new users to post content, force the new post to a draft
>> and email site administration/moderators to approve it. Once they get X
>> approved posts, then they can publish.
>> - Depending on your site and users, require admin authorization on
>> certain IP's based upon their geographical location (requires GeoIP library
>> or 3rd party API).
>>
>> No solution is perfect, but I have used a combination of these in the
>> past for clients and they have been very happy with the results. Most
>> options are only doable via custom coding though.
>>
>> Jamie Hollyhttp://hollyit.net
>>
>>   On 4/5/2014 8:51 AM, Walt Daniels wrote:
>>
>> I get them to, but it is not mollom's fault. They are actually
>> registering and typing the captcha just like a legitimate user. In our case
>> they even have to use a legitimate email as they cannot do anything more
>> than an anonymous user until the verify their email. I don't see any
>> pattern I could apply to the user names that would distinguish them from
>> our valid users who have some pretty weird usernames. You could find or
>> right a module that enforced using "real names", i.e. John Doe. But I even
>> got some like that that turn out to be spammers.
>>
>>
>> On Sat, Apr 5, 2014 at 8:13 AM, Linda Romey <lromey at gmail.com> wrote:
>>
>>> I am having the same issue. Have you contacted Mollom? That's on my
>>> to-do list. I'm not sure of the value of the monthly fee if I still have to
>>> continually monitor my site and delete spam accounts manually.
>>>
>>>
>>> On Sat, Apr 5, 2014 at 8:09 AM, James Rome <jamesrome at gmail.com> wrote:
>>>
>>>> I have Mollom installed, but yet a handful of account applications
>>>> escape their captcha/analysis each day. The problem is that the only
>>>> obviously wrong field is the username, which is not listed as a field in
>>>> the Mollom configuration. I get names such as: qropspension_5362
>>>>
>>>> Is there any other way to get rid of these would-be spammers?
>>>>
>>>> --
>>>> James A. Rome
>>>>
>>>> http://jamesrome.net
>>>>
>>>> --
>>>> [ Drupal support list | http://lists.drupal.org/ ]
>>>>
>>>
>>>
>>> --
>>> [ Drupal support list | http://lists.drupal.org/ ]
>>>
>>
>>
>>
>>
>>
>> --
>> [ Drupal support list | http://lists.drupal.org/ ]
>>
>
>
>
>
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/support/attachments/20140405/a77728dc/attachment-0001.html

More information about the support mailing list