Posted by kgg on February 8, 2010 at 2:21am
Hello,
I have a Drupal site to represent our local electric vehicle interest club on the internet. Membership is set up to require approval, and there is a message on the registration page stating that the site is only for local interests. Despite this, there have been several registrations from unknown people with email addresses that look like they border on hackers/spammers.
Also, none of them have contacted me complaining about continuing to be blocked.
This has made me suspicious that there may be exploits that they know about. Of course, they could be on the look-out for sites where the permissions are not properly set...
I wonder if anybody else has seen the same thing, and what people could advise me on this?
Thanks in advance!
Karl
Comments
By default, spam bots can
By default, spam bots can create accounts, even if they can't access them; unless your User Settings are set to "Only site administrators can create new user accounts." In order for the user registration process to happen, a user is created; even if they are never approved. One way to cut down on spam accounts is to install CAPTCHA on a site and enable on the user registration form. http://drupal.org/project/captcha
Logintoboggan also offers some help with situations like this: "Optionally have unvalidated users purged from the system at a pre-defined interval." http://drupal.org/project/logintoboggan
Hope this helps!
Thanks for that John! Yes, I
Thanks for that John!
Yes, I have CAPTCHA on the site registration, which is why I see the weird email addresses.
I'll look into Logintoboggin.
I suppose that's the thing about the internet: add 1 thing, defend against 10...
Regards,
Karl