Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Stopping spammers from creating accounts (reCaptcha not doing the trick)

Tags:

captcha

spam

spam-prevention

Hi we have just noticed a bunch of Nigerian spam accounts in our email system. Now, we do have a reCaptcha in the signup form but apparently they circumvent it, manually or otherwise. It seems like a semi-manual circumvention since the accounts aren't created in bulk but instead as a steady stream with a few minutes in between.

Since most of the spam accounts were created by IP addresses from Nigeria, we have just set up some simple IP filters over a couple of pretty broad IP ranges and that seems to be working for now. However we would like to make a more permanent solution to this problem.

The most reasonable improvement we are thinking about is to change from using reCaptcha to use a textcaptcha in danish. This might make it hard for a Nigerian to manually enter the answer since he would have to learn Danish or search the web for an answer. However, I would like to know if you have a better suggestion or maybe just alternative or additional screening methods we could implement.

like image 233
JohannesH Avatar asked Jul 14 '10 15:07

JohannesH

People also ask

How do I stop fake registration?

Add a CAPTCHA Field to Your User Registration Form You can also use a CAPTCHA field to stop spam user registrations. This boosts the security of the form token we already turned on. A CAPTCHA is a challenge or puzzle that the user has to solve to submit a form.

Does reCAPTCHA stop all spam?

CAPTCHA prevents any spam or bots from entering data into fields on your site. This can include fake comments on posts, emails, fraudulent transactions, contact form entries and fake registration submissions.

What is spam honeypot?

MDaemon Messaging Server 22.0 Spam Honeypots (located at Security » Spam Filter » Spam Honeypots) is for designating local email addresses purposely designed to collect spam. These spam honeypots are not valid MDaemon accounts or address aliases and should never be used for sending or receiving legitimate email.

1 Answers

The best approach that I know of is requiring verification via SMS. It's very easy for you to detect that the same phone number is being tried more than once, and it's reasonably difficult to have a large number of SMS-capable phones.

like image 185
Adam Crossland Avatar answered Sep 26 '22 06:09

Adam Crossland
Sign in to Comment

Related questions

Is there a way to filter out offensive words from Jcaptcha?
Alternative solution to CAPTCHA
How to add Captcha in Zend Form?
Bypassing Captcha with curl in PHP
How can i increase the font size of codeigniter captcha helper
Easiest way to integrate captcha's into Symfony2 FOSUserBundle registration?
Open Source Invisible reCAPTCHA alternatives [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!