I already opened a Feature Requests report about that under NMS, but I think that it is more easy do some brain storming here in the forum.
The Feature request is here:
http://dev.cmsmadesimple.org/tracker/in ... 0&atid=120
In the last 2 or 3 month I am getting a lot of fake subscription on daily bases (between 80/100 each day)
all of them as yahoo.com inexistent addresses.
Therefore all the confirmation mail are coming back.
I think this can be stopped using some simple antispam method since it is 100% sure that are done by some automatic system.
The first obvious solution is to use the captcha module in NMS or better, rather than have it as fixed, have an option to use it in the subscription form.
But in my experience captcha is becoming more and more weak and sometime more complicated one are easily interpreted by automatic system and hardly read by end user.
Before using it (or better together with), I would prefer to try other less invasive, from both code and end user point of view, like scrambling the name of the form fields in random way each time.
Automatic system usually scan pages looking for form field with email in the name. With this method I obtained very good result with phpBB that suffer a lot of spamming and has a very weak (or well know) captcha method.
Here are my 2 cents.
Some other has similar problem or other suggestion?
NMS and spam subcribe prevention
-
calguy1000
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
- Location: Fernie British Columbia, Canada
Re: NMS and spam subcribe prevention
I think that all frontend forms (particularly those where an email address is typed in, etc). should have at least the option of captcha support.
It's been implemented in FrontEndUsers, Uploads, and SelfRegistration for just this reason.
NMS just doesn't have it yet.
It's been implemented in FrontEndUsers, Uploads, and SelfRegistration for just this reason.
NMS just doesn't have it yet.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
-
Steppenwolf
- Forum Members
- Posts: 19
- Joined: Fri Dec 01, 2006 11:22 am
- Location: Germany
Re: NMS and spam subcribe prevention
Bobonov.
I got the same problem as you - about one spam subscription each day. They all come from yahoo.com email adresses, all of which have a name consisting of exactly seven letters. This is why I could catch them in a very simple way.
If your site is being attacked in the same way than mine and if your real visitors (Italians?) usually don't have yahoo.com adresses, may be you want to dare using this quick&dirty hack. Any subscription of "[7 letters]@yahoo.com" will cause the "invalid email" error message.
In action.do_create_new_user.php (near line 16) replace this line:
with this line:
I got the same problem as you - about one spam subscription each day. They all come from yahoo.com email adresses, all of which have a name consisting of exactly seven letters. This is why I could catch them in a very simple way.
If your site is being attacked in the same way than mine and if your real visitors (Italians?) usually don't have yahoo.com adresses, may be you want to dare using this quick&dirty hack. Any subscription of "[7 letters]@yahoo.com" will cause the "invalid email" error message.
In action.do_create_new_user.php (near line 16) replace this line:
Code: Select all
if( !isset( $params['email'] ) || $params['email'] == '' )Code: Select all
if( !isset( $params['email'] ) || $params['email'] == '' || preg_match( "/^[a-z]{7}@yahoo\.com$/i", $params['email'] ) == 1 )