Something I learned about automated spamming today...
Even if you require users activate through email before they can log in, there is software that automates that. But here's the thing, it automatically clicks through any log-in link it finds in the email. No log in link, no automated registration. You can send an email that contains the username and password but no log-in link, so they'd have to copy and paste their password in order to log in, and the spam software can't do anything with the activation email. Yes, I know log-in links are convenient for users, but they're also convenient for automated spammer software.
I've removed the one-time log-in links that are present in Drupal's activation emails by default. So now it just says, "Here's your username and password:..." and no links in the email anywhere.
I hope this can be helpful to some :)
.
The trouble with making things harder for users to make them harder for spammers is that spammers are a lot more persistant. Users will just say forget it and move on.
Not saying your suggestion is bad. Just that you need to be careful to not drive potential members away in the name of spam fighting.
Michelle
---
I'm looking for folks to help me out by posting in my Coulee Region forums. You don't need to live in the area; there's plenty of general forums. But please, no Drupal support questions. :)
I've registered at several
I've registered at several sites that don't provide a log-in link within the activation email, and just provides the username and password. I didn't think anything of it at the time, and personally viewed the log-in link in Drupal emails as a convenience, not something that users automatically expect or require. Besides, if that's too much trouble for them, they likely wouldn't have been very motivated to contribute to the site much anyway.
I have also noticed that the log-in link gets used multiple times by spambots, even though it's only supposed to work once. For instance, I'll delete a spammer account, and then check the logs and see multiple accesses from that log-in link, oftentimes the spambot uses the link to take them back to the site to register the exact same username over and over again, no matter how many times I delete it. It's really obnoxious. The only way to stop it is to ban the IP. But that only causes a bit of a delay for them to get a new IP and start at it again. It's really never ending.
Not sending the log-in link in the first place really cuts that whole process short.
=-=
don't delete user accounts. Block them. Doing so disallows reregistering the same account over and over.
when I do that, they just
when I do that, they just start up again with a new username. No activation link, no automated spammers, nice and simple. And it's not nearly so much annoyance to users as CAPTCHA is. They can automate captcha inputs with their software now too, so that's not even worth the hassle anymore.
Don't be too sure
There are millions of sites on the web for users to go. The difference between yours and the next one may be something as simple as as clicking a link. If you have a popular community, it may not matter to you. My site is struggling so I make it as simple as possible. I allow anonymous posting and don't require confirming emails. I've had at least one member join that wouldn't have if he hadn't posted first anonymously. So it does make a difference. Whether it makes enough of a difference to be worthwhile to you is something only you can decide.
Michelle
---
I'm looking for folks to help me out by posting in my Coulee Region forums. You don't need to live in the area; there's plenty of general forums. But please, no Drupal support questions. :)
I agree with u. u method/idea
I agree with u. u method/idea is GOOD.
good guys should support good guys (good sites). As a user, I will not have any bad feeling if I need to do 1 or 2 extra steps to help a web site to fight against the spammers.
good day.
We go the drupal way. How about you?
http://www.drupalway.com
Good point. Can you tell us
Good point.
Can you tell us what you did to remove that link from the e-mail? Personally, I'm sure I could find it if I needed to, but less experienced drupallers might not know where to look.
=-=
administer -> user settings is where preformed emails are generated in core with regards to registration.
Personal opinion
Captchas are much mor annoying than a missing log in link. Maybe I am too old but I personally never miss such a link. Perhaps todays "kids" are used to it....
(I am not yet 30 years old by the way).
So my bottom line is: I would rather delete the link than using captchas. Mollom could be the answer but on a (partly) multilingual site it is a nervewracker too.
I have had zero spam on my
I have had zero spam on my site since I made this change. Before that I had several spam posts per day, or at the least one per day. It has been several days now, and absolutely no spam, it's awesome :)
Another update: Still
Another update: Still absolutely no spam since I made this change. That link was definitely the problem, and removing it was definitely the solution. I used to get spam every single day, and now I get absolutely none. I'm so glad there is such a simple solution! :)