Skip to content
This repository has been archived by the owner on Jan 16, 2023. It is now read-only.

Harden registration process against bots #466

Open
imphil opened this issue Jul 27, 2020 · 5 comments
Open

Harden registration process against bots #466

imphil opened this issue Jul 27, 2020 · 5 comments
Labels

Comments

@imphil
Copy link
Contributor

imphil commented Jul 27, 2020

I had to disable the email address confirmation at registration due to spammers registering accounts with email addresses they don't own.

Not sure about a solution, potentially we need a captcha.

@imphil imphil added the bug label Jul 27, 2020
@sandipbhuyan
Copy link
Collaborator

@imphil As the current state the confirmation mail is sent after a user login. We can add a captcha at that section. If a user is signing in through github and google in that case we don't need a verification

@imphil
Copy link
Contributor Author

imphil commented Jul 29, 2020

I was able to re-enable the email sending after fixing 85baa05. The spammers used the username as place to their ad content, with that being impossible now they seem to have lost interest. I'll keep monitoring the situation for a while.

A captcha would certainly be helpful to have around as an option so that we can enable it if the spammers come back.

@imphil imphil changed the title Re-enable email address confirmation at registration Harden registration process against bots Jul 29, 2020
@sandipbhuyan
Copy link
Collaborator

@imphil Then I will add it in the application. Shall we go for google Captcha?

@imphil
Copy link
Contributor Author

imphil commented Jul 29, 2020

@sandipbhuyan great! Yeah, I think the Google captcha is the one I've seen most widely. But whatever is easiest, really. Please also add a configuration option to make it possible to enable/disable this feature, I'd like to keep it turned off by default until we run into the next spammer issue.

@sandipbhuyan
Copy link
Collaborator

@imphil working on it

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

2 participants