[support] Many false applications for accounts

[Richard Damon]

On 4/5/14, 8:09 AM, James Rome wrote:
> I have Mollom installed, but yet a handful of account applications
> escape their captcha/analysis each day. The problem is that the only
> obviously wrong field is the username, which is not listed as a field in
> the Mollom configuration. I get names such as: qropspension_5362
>
> Is there any other way to get rid of these would-be spammers?
>
The big problem is that now the spammers are using real people (being
paid a pittance) to do the registration.

The automated solutions will do a good job reducing the number, but can
not totally eliminate it, and the problem is so big that just reducing
it isn't good enough for many cases.

One thing that I use on another site (non-drupal) is a IP address
blocking list, which collects the IP addresses (and blocks) that the
spammers are using, it build the database from a large number of sites.
This helps a lot, but isn't perfect, as you may well be one of the first
to be hit from a given IP.

The only fool-proof method is to put a human at the end of the chain, to
make a final approval process, either at registration or posting (and
you still want good filters in front to keep that person from being
overloaded, but you need something as smart as a person at the end). I
personally prefer the on posting option, as lots of people may signup
without actually wanting to post, or you can get someone who is a real
person, but they totally don't understand your rules for what is a
reasonable posting. Now, if your user list is public, and it is possible
for members to post links (even if not really links, but just text urls)
in their public lookup, then you will may want to have a vetting before
they can do that, or you WILL get spammer usernames to posts links to
their sites that way.

-- 
Richard Damon