[CentOS-devel] URGENT: Website and fora at risk due to automated spammer account creation

Thu Sep 15 15:28:54 UTC 2011
Phil Schaffner <Philip.R.Schaffner at NASA.gov>

Fabian Arrotin wrote on 09/15/2011 06:54 AM:
...
> I guess that someone with access to the machine and the corresponding
> mysql db/tables can do that, assuming that such 'research' has to be
> done to know what to delete from the xoops db ...
> I don't know if captcha is available for that old xoops version. What i
> did for the fr.centos.org forum (using captcha by default) was also to
> moderate the first post of every new user : spammers not seeing their
> posts appearing on the forum stop to post (i guess the bot does a check
> and stop after several attempts). That means that the moderator (me) has
> to check the first post of each new user, but that's safer and easier
> than having to deal with millions of posts from autogenerated accounts

We are not having a problem (yet) with automated posts.  The manual 
spammers can be dealt with fairly easily by moderators.  The concern is 
that the thousands of bogus accounts are sooner or later going to break 
Xoops or otherwise bring the site to its knees.

The motivation of the bad guys is not clear to me.  Perhaps they are 
just expecting to generate hits on their URLs by search engines, or just 
want to be disruptive.

Phil