Products

Solutions

Resources

Partners

Community

Blog

About

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen

HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...How to stop the spam registrations?How to stop the spam registrations?
Previous
 
Next
New Post
5/19/2014 12:18 PM
 
    We receive a lot of spam registrations these days in our site (http://DnnModule.com which based DNN 7.2). Normally we get over 50 spam registers each day, these spam registers just fill their profile with advertise url, and also try to post spam comments. This is a big problem.

    We check on the "Admin - Site Settings - User Account Settings - Use CAPTCHA For Registration" option to show CAPTCHA control in user register interface, but it seems don't work. The spam registration continues. I think the spam machine knows how to bypass the CAPTCHA control.
 
    We also change "User Registration" from "Public" to "Verified", but it still doesn't work. Yes, these spam register doesn't  become as "Authorized" now, but they still can login and post some thing. DNN only shows a warning message for unauthorized users ("You are using an unverified account. Please verify your account by clicking on the link contained in the verification email we've already sent to you."), but doesn't limit their action.

      Our site (http://DnnModule.com) is a live store, so we can't change "User Registration" to "None" or "Private" to fully hide the user registration.  Does anyone have a good solution?  Thanks very much.
   

Over 20 + professional dnn modules for News Article, Store, Video Gallery, Photo Gallery, Ultra Flash Player,YouTube Video, Image Slide show, Skin Chameleon and much more from DnnModule.com
 
New Post
5/19/2014 12:53 PM
Accepted Answer 
If these are real humans then there's nothing you can do. You can use other kind of captchas like the ones from solvemedia.com where the user has to watch a 3 sec video and click or type in something. I have seen some other creative captchas Look around. I think the captcha that DNN uses is pretty basic and I won't be surprised if it can be broken by a bot.

One trick I use and I think it works, add a textbox and hide it. You know that this textbox can't be filled by a human. If this textbox is filled when the form was submitted, you know it wasn't filled by a human. I would even name it 'password' and name the real password field something else. Maybe it would fool the bot.
 
New Post
5/20/2014 12:30 AM
 

    Thanks for your suggestion, Tony.  However, these are not real humans, they are just posted by spam machine. They have everything filled (unit, street, city, telephone, IM, website, biography, etc). Of course, they fill unit/street/city/tel with fake information, but in website, biography, they enter advertisement.   Why these spam machine can bypass the captchas control? It seems DNN team should provide a more robust Captcha control to stop these machines.
 
      Currently we have no way to stop these spam registrations. We have to carry a cumbersome process.
     1. We select "User Registration" from "public" to "verified", of course, these spam can't pass the email verified process.
     2. Click "Admin - User Accounts" to check unauthorized users every day, and delete them manually.
        We can write a piece of code to automatic delete these unauthorized users, this is not a big problem. The problem is, change "User Registration" from "public" to "verified" will scare the real customers away from our site. Our site (http://DnnModule.com) always get about 20 -30 real registers before, but now we can only get not more than 5. This is very depressed.

       I just notice that there is another thread which talks the same issue (http://www.dnnsoftware.com/forums/for...). It seems it is the common problem for DNN now.
   


Over 20 + professional dnn modules for News Article, Store, Video Gallery, Photo Gallery, Ultra Flash Player,YouTube Video, Image Slide show, Skin Chameleon and much more from DnnModule.com
 
New Post
5/20/2014 2:30 AM
 
As I said in the other thread...

Captcha has been broken for years. Here is a 2008 (six years ago) article. http://www.theregister.co.uk/2008/02/...

Thinking that Captcha is a serious defence is naïve. In the six years since that article was written compute power has got cheaper, the crooks more sophisticated. As The Register noted, the tools are being sold as a service.

Best wishes,
- Richard
Agile Development Consultant, Practitioner, and Trainer
www.dynamisys.co.uk
 
New Post
5/20/2014 12:40 PM
 
   We can't stand it any more. Today we get more spam registers (nearly 100 per hour). In fact, if we don't do something, our site will be broken.  See below image as example:

 

     And of course, we are DNN developers. So we just open DesktopModules\Admin\Security\Register.ascx (and Register.ascx.cs), try to add some custom verify  mechanism to prevent these spam machines.  Visit http://dnnmodule.com  and click "Register" button, you will see how it works.

    Basically we just require user to enter specific characters, this is readable for a human. However, maybe a spam machine doesn't know it. Wish our luck!

Over 20 + professional dnn modules for News Article, Store, Video Gallery, Photo Gallery, Ultra Flash Player,YouTube Video, Image Slide show, Skin Chameleon and much more from DnnModule.com
 
Previous
 
Next
HomeHomeOur CommunityOur CommunityGeneral Discuss...General Discuss...How to stop the spam registrations?How to stop the spam registrations?


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out