Thread

Registration spam has long been a significant drawback to ExpressionEngine, one that I have long hoped EllisLab would take measures to address, but for the most part I have just resigned myself to accepting that it is one annoying facet of an otherwise brilliant CMS.

Starting today, however, I’ve noticed an incredible increase in registration spam on a client’s site. All day long, there have been an average of one or two new spam registrations every minute, for a total of hundreds of new spam registrations so far today. Is this a sign of a newly discovered exploit? Something is definitely not right. Any advice would be greatly appreciated.

I guess you could use a captcha to stop any spam accounts if this is not used already. I take it the spam is coming from the form on the front-end.

It would seem that the spam is coming in on the front end, but no CAPTCHA I have seen to date seems to be very effective at preventing registration spam.

I think it would be good for EllisLab to rework the way that profiles are handled, making them not an automatic feature of registration or something, so that ExpressionEngine would not be such a huge target for this sort of thing, but I can imagine that they might be quite reluctant to do something like that.

Thousands of spam registrations are accumulating in a very short period. This is the very opposite of how things should be.
:-(

I was getting around 100 registered spammers a day.  Then I changed the Profile Triggering Word, added Accessible Captcha and Barricade.  Now I am down an average of 3 a day.

Hi Garden-variety Fool,

Are you using any Spam prevention add-ons such as Project Cerberus. It’s been designed specifically to combat ExpressionEngine registration spam. There are also some tips in the User Guide on spam prevention.

I know spam is frustrating, and EE seems to be a prime target. I invite you to express your concerns in a Feature Request as well.

Cheers!