Thread

Oh, BTW, in my aggressiveness during this recent bunch of spam attacks, I accidentally deleted at least two good members! That is a bad thing, even on a board like mine with 20,000 members. I had to write them sad notes of apology.

Been there. Done that.

Most members are understanding, but it’s embarrassing nevertheless.

😉

We just started getting a bunch of spam registration at devot:ee. While I’m happy that this thread is here, I’m not happy that I have to figure out some way to combat this. It’s only become an issue in the last month or so. I was looking at using the reCaptcha extension, but it sounds like that doesn’t work with registration as well as it does for comments.

yes recaptcha is for comments only and fails on the registration section.
It is a prime one to be rebuilt though - whoever has time first!|

ReCAPTCHA does, indeed work on the registration form.

Can we confirm we’re all talking about the same reCaptcha implementation? There is reCaptcha in it’s pure form (just PHP) which I’m sure could work with the registration form, and a couple add-ons:

JA reCaptcha (supposedly doesn’t work with registration): http://devot-ee.com/add-ons/ja-recaptcha/
reCaptcha for EE2 (which sounds like it would work for me, but is currently for EE2 only): http://ellislab.com/forums/viewthread/153152/

Hi Lisa,
Can you confirm which version of recaptcha you are using and EE version.
Because i remember recently a post on here with dozens of people saying it does not work on registration forms. It might display, but it never successfully goes through a registration. This was the 1.6.8 era.
If i was using a different recaptcha plugin, or a newer version released i would certainly be intruiged to try it…

I am referring to the EE2 extension linked in my original post. I tested it and it worked in the registration form without problem.

ah okay - i thought i was missing a trick then!!!
To be honest i am having SPAM issues now, on commercial sites, all running EE1.6 - so in this case an extension for a BETA software that is not ready for commercial use yet will not put out my (or my clients) fires…

How easy is it to back track these extensions - rather than convert forward??? 😊

Here are the instructions for converting from 1.x to 2.x.  So you’d need to go in reverse. You’d likely want to be somewhat comfortable with EE development to do this successfully.

This didn’t look too difficult to back-port, but I’m not sure I’ll have the time. As an alternative, it turns out Greg Salt’s Accessible Captcha works on registration forms, so I may give that a try before getting into any code.

The spammers seem to be going for it. I checked one site today that doesn’t use forums or members. Admittedly members registration was left “on” when it was built two years ago, but hey it’s something we’ve never had to deal with before - 1650 registrations in 7 days!

Easily dealt with but it’s now something to consider for every new install “to do” list.

Likewise - on my to do list for when inext have a slot! EE1.6 reCaptcha… here’s hoping.

There are some useful tools at our disposal, but I’d definately like to see more.

A decent first party CAPTCHA would be great. The current one has clearly been bypassed given the amount of POST’ed signups I am receiving without the registration page being loaded. Yes, I have SecureMode enabled too, but somehow that’s being bypassed too.

Worth considering a rewrite of: http://expressionengine.com/docs/general/spam_protection.html

A CAPTCHA is a computer-generated test that humans can pass but computer programs cannot.

If only it were that binary 😊

Blocking links in the bio field by default would be another super enhancement. I can’t work out how to prevent links in the bio field on the forum public profile. Perhaps running through a template and allowing php, but that means runnning through a template and allowing php..

Out of curiosity, does anyone go through the spam reports from these forums?  I report spam posts/accounts whenever I see them, but often when I go back a week later the spam is still there.  Not a big deal to me either way really, just wondering if I’m wasting my time.

Yes, we clean up any spam we know about on here, ender. =)