plone - How can I get rid of spam users


Question: 

The company I work for have a small Plone blog. But we have a problem with spam accounts. We use captcha on the site and Plone sends a mail to the users that they must confirm before they can edit the user profile. Still about 600 spam users are created every day. In the Plone user profile they paste all kinds of commercial links.

We are located in Denmark and the blog is in danish, therefore I have made a script to delete all users with a non danish mail adress. But even though most of the real users have a danish mail account I probably still deletes some real users when running the script.

The spam users register from a vide range of ip-adresses, so blocking ip's is not an option.

Does anyone have ideas to what to do about this problem?




2 Answers: 

Disable Plone comments/public user creation and use a third party commenting service such as Disqus.

 

They somehow trick recaptcha (if you find out, please let me know :)

But how do they do the email validation? They don't have to. Plone join_form has a hidden field for password which is filled by this bot and Plone saves it as the real password (check the REQUEST object comming from this bot)

So the bot doesn't need to check email for password. That's how they get in and activate those accounts. So fix the hidden password field from join_form.

Then, remove all users that have links in their profile description (as a real user you don't do that, do you?). Also don't let the users to input HTML within their profile description.

 

More Articles


specifications - Essential techniques for pinpointing missing requirements?

An initial draft of requirements specification has been completed and now it is time to take stock of requirements, review the specification. Part of this process is to make sure that there are no sizeable gaps in the specification. Needless to say that the gaps lead to highly inaccurate estimates,

javascript - jQuery .load: any way to load the same page when page is refreshed

So I have a website that loads pages to a container div:function goto(addr) { $("#content").load(addr);}and a link that executes it<a href="#" id="aboutus" onclick="goto('page/aboutus.php');">About us</a>My problem is that whenever the page is refreshed, the loaded content resets to t

cookies - PHP Unique Computer ID

Is it possible for php(or javascript in the worst case) to create a unique id for a user that is not cookie or ip dependant. I have seen on myminicity.com that on each city the count only goes up once a day(it has a unique id for everyone i think) and even if I delete my cookies and refresh ip it st


c# - Regular expression to match a string that contains only numbers, not letters

My code is currently using the following Regex expression which matches on numbers:Regex numberExpression = new Regex(@"(?<Number>\d+)");This current works fine for input strings like "1", "100", "1a", "a1", etc....But I want to change it so it does NOT match when the input string contains a l

Dose google play count insalls out of itself downloads?

I recently published my app in google play . The question is how google play show counts ?1 - All device that have google play installed and my apps too , total count of my apps install will show in play store .2 - Just all downloads that directly are downloaded from google play will be count .

python - sklearn.KNeighborsClassifier gives very low accuracy score

I am new to machine learning.I created a data, random numbers in two sets. I am trying how to find a sample, however when doing following, I receive very low accuracy score:from random import randint as Rfrom matplotlib import pyplot as pltimport numpy as npfrom sklearn.neighbors import KNeighborsCl


Scala Collection in JSF

I have developed a Scala and JSF application for learning purpose. In this app I have to convert all my Scala collection objects to Java cllectios before it get rendered in JSF. Is there any easy way this can be achived with something like ScalaElResolver, if yes anybody have a sample code for Scala

css - How to add equal padding between buttons?

http://buttonspace.com/I want to put equal space between the 4 buttons at the top, but I'm having trouble. At first the "social-buttons" id was in a DIV floating left, but that caused the slider to get pushed to the right.So I changed everything to and now the padding style doesn't seem to have an

javascript - Why are props being shared between seperate instances of an emotion-js component?

Why does emotion-js appear to share the props from seperate component instances?<Button isDisabled={'true'} /><Button />const Button = styled.button` background-color: ${props => props.isDisabled !== 'true' ? 'green' : 'grey'};`;export default (props) => { return (<Button>

mysql - PHP-FPM crashes when having too many users while doing a heavy job

I have a Server running Apache/2.2.22 (Debian), PHP 5.6.17 as FPM and MySQL 5.6.25.The project runs using a CMS called Redaxo (I don't think it's that important, but I'll tell ya anyway). In Redaxo there are some functions which take some time (e.g. deleting cache and rebuilding it takes 1-2 minutes