A lot of spambots automatically create new user accounts on Drupal sites then load up the user bio field with spam URLs. Enable the spam module to scan this field as it would any other content type. Ideally, it would not only notify the user and admin, but also block the account until the problem is resolved.

Comments

NancyDru’s picture

Component: Bayesian Filter » Code
Status: Active » Postponed (maintainer needs more info)

@Jeremy: I hope you don't mind my moving this issue. This is not really an issue with the filter itself, as it will examine whatever field it is pointed at.

This is an interesting problem. Certainly it's do-able, but far from trivial. First, each site's profile fields will be a bit different. Second, it doesn't address those sites that use the user-as-node solutions, although they might be handled by content type filters. Third, what do you do on sites like one of mine that has a profile field where lists of URLs are invited. Fourth, the profile and user modules are not really good at formatting profile fields for others to look at - in some cases the data isn't even properly placed in the tables for some time after being created.

To do this, one would have to read the profile fields table to find out what fields are available, then require the administrator to select which fields should be examined. Then one would have to use the user and profile hooks to catch the data on the way into the site, both at registration and later at account modification.

Personally, I would suggest that if this is a problem on your site, it would be better for you to use "Admin must approve" on new accounts. How many users are registering per day or week? Is this an egregious workload?

Jeremy’s picture

In an upcoming rewrite of the spam module I hope to address this by making the spam filter more generic and available against all Drupal forms. User creation involves filling out a form, and if that form is run through the spam filter abuse could be automatically detected...

Jeremy’s picture

Status: Postponed (maintainer needs more info) » Postponed

Marking as postponed, so it doesn't get lost but also so I can clean up the issue queue for immediate issues.

This feature request will be addressed in the next major version of the spam module. (5.x-2.x)

Jeremy’s picture

Version: 5.x-1.x-dev » 5.x-3.x-dev
Status: Postponed » Active

Re-opening feature request against the 5.x-3.x development branch of the spam module.

I am running into this exact problem on my website, so rest assured that this feature will be added early in the development process.

NancyDru’s picture

Version: 5.x-3.x-dev » 5.x-1.x-dev

Hmm... Maybe I can change my plans for Gotcha or deprecate it entirely? I was going to make it more form-generic.

Jeremy’s picture

Version: 5.x-1.x-dev » 5.x-3.x-dev

Why did you revert the version? Switching back to 5.x-3.x.

Gotcha is unrelated to this issue, please let's not clutter these issues with unrelated discussion -- instead, open a new issue. (Quick answer: Spam 3.x should make it easier for your Gotcha module to do what it does, as a simple spam filter)

Jeremy’s picture

Assigned: Unassigned » Jeremy
Priority: Normal » Critical

Assigning to myself, I want to this implemented before we have a beta release. Marking as critical, as until implemented it's difficult to impossible to catch user spam.

Jeremy’s picture

Status: Active » Fixed

Finally implemented in 5.x-3.x-dev as I was getting tired of spammers creating user accounts on kerneltrap.org. It was actually a rather small change.

Anonymous’s picture

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.