1 saurabhjain Jun 04, 2008 18:20
3 edb Jun 05, 2008 02:32
It's not spam and it's not something to do with the antispam blacklist (so I wish your other identical post wasn't locked and this one was, but oh well).
You open registration and you get registration ... from bots sometimes. Why they do that is beyond me, but this is a *perfect* illustration of what is wrong with automagically giving someone a blog (or any permissions for that matter) upon registration.
Actually maybe one could define this as spam if one wanted to. It probably isn't real people really registering, which would maybe make it be spam ... although it could be real people out there. Imagine if your domain got passed around a forum encouraging people to register for whatever reason? Personally I think it is bots trying to do evil deeds, but if they get no permissions then they have no way to deface your installation with whatever it is the bot intends to promote.
So yeah use captcha or turing test and you'll be able to stop the bots. Don't give permissions upon registration and even if it is people they won't be able to do damage. Enable "must do email verification" and IF those are fake email addresses then they will not be able to verify the registration and then it doesn't matter what permissions your default group has enabled because they won't get them.
4 ianlewis Jun 05, 2008 04:00
EdB wrote:
It's not spam and it's not something to do with the antispam blacklist (so I wish your other identical post wasn't locked and this one was, but oh well).
Well, it's at least in the ballpark of spam. And if your intention is to run a blogging site where people can register and create a blog then it makes perfect sense to create blogs for them.
Probably capcha is a good option for restricting new users. That or that turing test plugin (not sure if that works on registration or not though). Otherwise chalk it up to running a site like this. You're going to have to deal with unwanted visitors on some level. To some degree, if they register a new user, who cares? If the security permissions are set up well and they can't post malicious stuff in their blog posts they they shouldn't be able to do too much damage.
5 edb Jun 05, 2008 04:08
IanLewis wrote:
... Otherwise chalk it up to running a site like this. ...
Yup!
No one wants bots registering, but honestly I think it shows how stupid the bot owner is to build a bot that registers with a blog app that (by default) gives them nothing for their "effort".
AFAIK the antispam system will NOT work in this situation, but I could be wrong. Captcha will, Turing Test will. So if you are going to automagically grant permissions upon registration, and especially if you don't have the "verify email address" feature enabled, then you most certainly want one of those two options to help ensure it is a real human out there signing up.
You can try to install capcha plugin: http://manual.b2evolution.net/Plugins/captcha_img_plugin