[support] Many false applications for accounts

Mon Apr 7 14:07:11 UTC 2014

I tried Honeypot, and it indeed cut down the number of false
applications by about 80%. I could easily put in a field that legitimate
users could fill in correctly, but spammers could not. But how could I
check this and automatically cancel applications with bad information
for that field?  For example, on one site for a fraternity, I asked for
the street address of the fraternity.

Jim

On 4/7/14, 8:00 AM, support-request at drupal.org wrote:
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 7 Apr 2014 07:28:40 -0400
> From: Philip_Wetzel at nhd.uscourts.gov
> Subject: Re: [support] Many false applications for accounts
> To: support at drupal.org
> Cc: support-bounces at drupal.org, wdlists at gmail.com
> Message-ID:
> 	<OFF8EAD2B1.CAE81554-ON85257CB3.003ED071-85257CB3.003F0DAD at uscmail.uscourts.gov>
> 	
> Content-Type: text/plain; charset=US-ASCII
>
> The CAPTCHA code has been broken a number of times and they've
> re-engineered it.    If it's not currently effective, they'll probably come
> up
> with a fix.  The game goes on.
>
>
>
> From:	MBR <mbr at arlsoft.com>
> To:	support at drupal.org, wdlists at gmail.com,
> Date:	04/05/2014 12:31 PM
> Subject:	Re: [support] Many false applications for accounts
> Sent by:	support-bounces at drupal.org
>
>
>
> It's been reported that the bad guys have set up CAPTCHA-breaking networks
> that distribute the CAPTCHA to people in third-world countries who get paid
> a small amount for each CAPTCHA they solve. It's looking like CAPTCHA is no
> longer effective.
>
> I had to solve this problem for a site that was getting hit by about 15
> bogus account-registrations per hour, even though CAPTCHA was enabled. The
> most effective approach I know of at present is to install a module that
> does reverse-CAPTCHA - i.e. instead of asking the human to prove he's
> human, it tricks the malware that's trying to pretend to be a human into
> demonstrating behavior that proves it's just a dumb piece of software. It
> does this by adding additional <input> tags to every <form> and making them
> invisible with CSS.  A human won't fill in these fields because they won't
> be displayed. But software that's just parsing HTML will find these fields
> and fill them in, thus allowing the code on your server to distinguish
> between responses from humans and responses from machines.
>
> Among the modules that implement this approach are Honeypot, Botcha, and
> Spamicide. I tried Botcha, but I ran into installation problems.  I didn't
> try Spamicide because it had a critical bug report claiming that the
> installation erased the default/files directory.  Honeypot installed
> without problems and instantly cut the rate of bogus registrations
> dramatically.  It didn't cut it all the way to 0 as I'd hoped it would, but
> the rate dropped from about 15/hr. to about 3/day.
>       Mark Rosenthal
>       mbr at arlsoft.com
> On 4/5/14 8:51 AM, Walt Daniels wrote:
>       I get them to, but it is not mollom's fault. They are actually
>       registering and typing the captcha just like a legitimate user. In
>       our case they even have to use a legitimate email as they cannot do
>       anything more than an anonymous user until the verify their email. I
>       don't see any pattern I could apply to the user names that would
>       distinguish them from our valid users who have some pretty weird
>       usernames. You could find or right a module that enforced using "real
>       names", i.e. John Doe. But I even got some like that that turn out to
>       be spammers.
>
>
>       On Sat, Apr 5, 2014 at 8:13 AM, Linda Romey <lromey at gmail.com> wrote:
>         I am having the same issue. Have you contacted Mollom? That's on my
>         to-do list. I'm not sure of the value of the monthly fee if I still
>         have to continually monitor my site and delete spam accounts
>         manually.
>
>
>         On Sat, Apr 5, 2014 at 8:09 AM, James Rome <jamesrome at gmail.com>
>         wrote:
>          I have Mollom installed, but yet a handful of account applications
>          escape their captcha/analysis each day. The problem is that the
>          only
>          obviously wrong field is the username, which is not listed as a
>          field in
>          the Mollom configuration. I get names such as: qropspension_5362
>
>          Is there any other way to get rid of these would-be spammers?
>
>          --
>          James A. Rome
>
>          http://jamesrome.net
>
>          --
>          [ Drupal support list | http://lists.drupal.org/ ]
>
>
>         --
>         [ Drupal support list | http://lists.drupal.org/ ]
>
>
>
> --
> [ Drupal support list | http://lists.drupal.org/ ]
>
>
>
> ------------------------------
>