Deal with registration spam #14
Comments
|
One addition I think we should do in WordPress is to disallow users from registering multiple versions of the same gmail address. So for example: [email protected] would be fine, but if it already existed we would reject [email protected]. This gets complicated, kind of, because we don't want to stop people from using dots the first time they register (or pluses) but only on subsequent registrations, because that is a bot thing. This is a separate issue now, #69. |
|
We have the Stop Spammers plugin installed in WP but it is not activated. I think we should launch with it not activated for a bit, see how the site runs, and enable it if necessary. It appears to be quite aggressive. |
|
As of 9/9/19, we've reinstalled the Stop Spammers plugin and activated it. It has relatively lenient configuration for now, I think, so it will probably still let it some spammers. But it's blocked 400 spammers in less than a day. My biggest concerns are: 1) that nothing weird happens with user sessions, cookies, performance of any kind, and 2) that the plugin doesn't falsely block legit users. I'd like to leave this issue open for a bit and make sure that issue is ok. Maybe after a month or a couple weeks, we can close it. |
|
The plugin above continues to work pretty well. It has blocked 66984 spammers from either registering or leaving comments. In the last month or so though I've noticed a rise in obvious bots who get through it. I'm not sure there's anything we can do about that but it's worth noting. |
https://wordpress.org/plugins/stop-spammer-registrations-plugin/
In Drupal, we have the following functionality; all of which stops many many attempts each day:
The text was updated successfully, but these errors were encountered: