By mkogel on

I do not provide approval on my site so any one can register. However, something took my attention recently that someone registered on the site with a username which is not suitable for the site's nature. I deleted this person but he (i presume) registered again. I don't think this person deliberately going in internet and registering on each and every site. Or, is there? I don't know.

Therefore my question is if anyone can somehow hack to register on sites robotically? If this is possible how can I know if this has been the case? I really do not want unwanted visitors on the site. Any suggestions?

Some people appear on the Who’s New section and some new one’s don’t. Does this indicate anything?

Thanks in advance.

Categories: Drupal 6.x

Comments

runssl’s picture

runssl commented

Yes bots do register accounts automatically. You can add a CAPTCHA http://drupal.org/project/captcha or require e-mail verification.

Discount SSL Certificates http://www.RunSSL.com

mkogel’s picture

mkogel commented

I have already CAPTCHA for every form on the site including the registration form. Still there are emails which are under the spam list like mail.ru. Does this mean they are now bypassing the CAPTCHA?

I will try to put some rules to see if that will stop it.

-----------------------------
I am a newbie, please be gentle with me...

I am not a developer so I need idiots guide sometimes

runssl’s picture

runssl commented

I use CAPTCHA on most of my sites but they still get spammed also. Not sure if it is due to crowd-sourcing or I have the settings to easy. It is a balance between deterring spam and still making a good user experience.

Discount SSL Certificates http://www.RunSSL.com

mkogel’s picture

mkogel commented

YOu are right on this. I use the simple math CAPTCHA because the words look too busy and confusing on screen but I guess the bots are trained to bypass these.

I have added some rules, restricted some common spam email addresses...Some email addresses are so unique that they can be blocked easily but the gmail ones are a hassle.

I guess this will be an ongoing fight.

I will wait and see what happens. If not working, then I will try to use other CAPTCHA methods.

Thanks

-------------------
I am a newbie, please be gentle with me...

I am not a developer so I need idiots guide sometimes

abe.lincoln’s picture

abe.lincoln commented

Yep, unfortunately I can confirm robots' bypassing simple math CAPTCHA :(

It's true even for non English pages. Eg. www.mitvsehotovo.cz - Czech site where I had to use image CAPTCHA then.

mm167’s picture

mm167 commented

if u may tell us your site's url, we may have a look if there's any hole over there ...

bwv’s picture

bwv commented

You can control what words/terminology are used for user registrations by going to user management >>> access rules.

A good way to prevent bot registration submissions is to use a simple captcha (look at the captcha module).

Not sure about your other question.
----------------------------------------------------------------------
http://classicvinyl.biz
http://music.bwv810.com
http://association.drupal.org/user/1207

dries’s picture

dries commented

You could aslo try to install the Mollom module. It tracks IP addresses of spammers, in addition to serving CAPTCHAs.

problue solutions’s picture

problue solutions
Location Northern Ireland
commented

Whats a lot more worrying is the fact that bots can completely bypass the registration process and create an account even when email verification is required, which I've seen several times on my own site. A massive security hole if ever I've seen one.

Mollom did absolutely nothing to prevent this. I don't allow anonymous posting and I require email verification on sign up, so I'm not interested in preventing spam posts, I'm more confused as to why the bots can create accounts in the first place.

Problue Solutions