[CentOS-devel] URGENT: Website and fora at risk due to automated spammer account creation

Wed Sep 14 15:44:54 UTC 2011
Phil Schaffner <Philip.R.Schaffner at NASA.gov>

http://bugs.centos.org/view.php?id=5105

Forum moderators have been battling spammers creating bogus accounts by 
the thousands using automated "bots".  The only way moderators currently 
have to attack the problem is by a laborious process of searching for 
such accounts and selecting them for deletion.  This has been working, 
although at the cost of considerable time to perform the operations; 
however, such accounts are currently being created at a rate of 
thousands per day making deletion of 50 at a time via the web interface 
a practical impossibility.

Our approach has been to delete all "Inactive" accounts more than 7 days 
old (these are being created at a rate of about 1 per minute) and 
"Active" accounts with no posts and either no logins, or with no logins 
in the last 30 days.  The latter are the rapidly growing problem, and 
more than 40,000 accounts with zero posts created between 7 and 30 days 
ago currently exist.  Account creation at this rate will likely bring 
the site down if the situation is not dealt with soon.

Proposed approach:

1. Implement some automated way of deleting accounts as described above.
2. Implement captcha or some other mechanism in the account creation 
process to foil the bots.

Phil