Hi I''ve got a_a_a running on my site, and it''s working great, but ... I''ve just noticed that one of the new users email addresses is a spammer''s address. And there are a whole batch of slightly suspect new users called e.g. Larry, with mail addresses as Hannah-O5WfVfzUwx8@public.gmane.org, frank-O5WfVfzUwx8@public.gmane.org etc. What''s the best way to stop spam registration? Greg has a post <a href="http://www.busyashell.com/blog/articles/2006/07/06/rails-captcha-validation-with-javascript">here</a> on using captcha and javascript, but the comments seem to suggest that it''s more of a load on the user than it is on the bots. Any ideas or pointers really appreciated Thanks Piers -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Maybe add acount Activation via email... read this for examples: http://technoweenie.stikipad.com/plugins/show/Acts+as+Authenticated On 20 Feb., 14:00, Piers <rails-mailing-l...-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> Hi > I''ve got a_a_a running on my site, and it''s working great, but ... > I''ve just noticed that one of the new users email addresses is a > spammer''s address. And there are a whole batch of slightly suspect new > users called e.g. Larry, with mail addresses as Han...-O5WfVfzUwx8@public.gmane.org, > f...-O5WfVfzUwx8@public.gmane.org etc. > > What''s the best way to stop spam registration? > Greg has a post <a > href="http://www.busyashell.com/blog/articles/2006/07/06/rails-captcha-vali...">here</a> > on using captcha and javascript, but the comments seem to suggest that > it''s more of a load on the user than it is on the bots. > Any ideas or pointers really appreciated > Thanks > Piers > > -- > Posted viahttp://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Thorsten wrote:> Maybe add acount Activation via email... read this for examples: > > http://technoweenie.stikipad.com/plugins/show/Acts+as+AuthenticatedThanks - I''d already added that. Sparkling studios seem to have the beginning of a solution here: http://sas.sparklingstudios.com/articles/2006/10/01/how-to-protect-a-rails-application-against-spam-with-akismet It uses akismet, so will have a go at refactoring it for aaa and post to the stikipad unless anyone''s got any better ideas -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Peter De Berdt
2007-Feb-20 15:39 UTC
Re: Stopping spam registration on acts_as_authenticated
On 20 Feb 2007, at 14:00, Piers wrote:> I''ve got a_a_a running on my site, and it''s working great, but ... > I''ve just noticed that one of the new users email addresses is a > spammer''s address. And there are a whole batch of slightly suspect > new > users called e.g. Larry, with mail addresses as Hannah-O5WfVfzUwx8@public.gmane.org, > frank-O5WfVfzUwx8@public.gmane.org etc. > > What''s the best way to stop spam registration? > Greg has a post <a > href="http://www.busyashell.com/blog/articles/2006/07/06/rails- > captcha-validation-with-javascript">here</a> > on using captcha and javascript, but the comments seem to suggest that > it''s more of a load on the user than it is on the bots. > Any ideas or pointers really appreciatedWhat I''ve done in the past and seems to work, is generate a unique id on the serverside (hashing Time.now for example), then putting that in a session variable and injecting it through a javascript function in a field. This won''t work on browsers with JS turned off, but it''s pretty good protection and the user doesn''t need to know about it (i.e. your actually filling in the captcha yourself through JavaScript). Pseudo code: Controller show_registration_page: @unique_id = hash_value(Time.now) session[:form_validator] = @unique_id View: <script> $(''validator_field'').value = ''<%= @unique_id -%>''; </script> <form> --- your other form fields here --- <input type="hidden" id="validator_field" /> <input type="submit" /> </form> Controller save_registration: if params[:validator_field] == session[:form_validator] save_registration else show_message_turn_js_on_or_stop_trying_to_spam_me end Pretty easy to implement and no complaints about spamming. Best regards Peter De Berdt --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---