On 10/31/2012 03:42 AM, support-request@drupal.org wrote:
I have several drupal sites and I constantly get barraged with requests for accounts. I have Image CAPTCHA setup on all these sites and still I'm still getting 20 requests a day, mostly from China. Anyone able to share what these people/automatons are trying to do? How are they getting through CAPTCHA? How can I stop them? I am running a pretty old version of Drupal on a couple of sites, but even with almost current versions they flood in.
Thanks for any help you can offer.
I think we may find that it's actual live people doing this and getting paid for it. Blocking their their ip address is almost useless as blocking their email addresses which are almost always phony. The only way I can see is for captcha to be quite different.
Our sites could have a random series of say 10 or 20 images so that for every request a different image is displayed. To request membership or to log in, a real person would have to answer questions about the displayed image. Roger
Hi,
out of general interest much of the Linux email anti-spam software adds a prefix to the subject line of emails denoting them to contain SPAM. So contributors may find that posts to this particular thread get hived off to their trash bin by virtue of having the word SPAM in the subject matter.
Alison.
On Wed, Oct 31, 2012 at 1:07 AM, Alison wrote:
Hi,
out of general interest much of the Linux email anti-spam software adds a prefix to the subject line of emails denoting them to contain SPAM. So contributors may find that posts to this particular thread get hived off to their trash bin by virtue of having the word SPAM in the subject matter.
Yea, but the mail client is what would filter that to the SPAM folder. Usually the subject prefix is [SPAM] or whatever the server admin decided it should be. The client should filter the entire prefix string, this one doesn't contain [].
On Tue, Oct 30, 2012 at 7:41 PM, Roger wrote:
On 10/31/2012 03:42 AM, support-request@drupal.org wrote:
I have several drupal sites and I constantly get barraged with requests for accounts. I have Image CAPTCHA setup on all these sites and still I'm still getting 20 requests a day, mostly from China. Anyone able to share what these people/automatons are trying to do? How are they getting through CAPTCHA? How can I stop them? I am running a pretty old version of Drupal on a couple of sites, but even with almost current versions they flood in.
Thanks for any help you can offer.
I think we may find that it's actual live people doing this and getting paid for it. Blocking their their ip address is almost useless as blocking their email addresses which are almost always phony.
You could always validate the email address. See http://drupal.org/project/email_verify for a module that is already written. The D7 version only has a 7.x-dev release. At least you wouldn't have invalid email addresses. Also you could capture the bounced registration email from the server and force a delete of the user in your Drupal system.
The only way I can see is for captcha to be quite different.
Our sites could have a random series of say 10 or 20 images so that for every request a different image is displayed. To request membership or to log in, a real person would have to answer questions about the displayed image.
But a person could get that correct. Another method is a two step registration. The user gives user name and email address, the verification needs to occur or the account is automatically deleted after X days. I would set X to 3. You might be able to do that with the rules module or one of the registration contrib modules.
-
Alison -
Earnie Boyd -
Roger