[CentOS-devel] URGENT: Website and fora at risk due to automated spammer account creation
Philip.R.Schaffner at NASA.gov
Wed Sep 14 15:44:54 UTC 2011
Forum moderators have been battling spammers creating bogus accounts by
the thousands using automated "bots". The only way moderators currently
have to attack the problem is by a laborious process of searching for
such accounts and selecting them for deletion. This has been working,
although at the cost of considerable time to perform the operations;
however, such accounts are currently being created at a rate of
thousands per day making deletion of 50 at a time via the web interface
a practical impossibility.
Our approach has been to delete all "Inactive" accounts more than 7 days
old (these are being created at a rate of about 1 per minute) and
"Active" accounts with no posts and either no logins, or with no logins
in the last 30 days. The latter are the rapidly growing problem, and
more than 40,000 accounts with zero posts created between 7 and 30 days
ago currently exist. Account creation at this rate will likely bring
the site down if the situation is not dealt with soon.
1. Implement some automated way of deleting accounts as described above.
2. Implement captcha or some other mechanism in the account creation
process to foil the bots.
More information about the CentOS-devel