Hi Andy, >> My ITS recently noticed that some people are using the registration >> form on our patchwork servers to send out confirmation emails to >> random addresses. I was wondering if anyone else had experienced that >> or had implemented some type of protection against this abuse? > > I don't operate a Patchwork instance so I can't say about the > regularity of such abuse. Jeremy might be able to offer better advice, > however.
Yep, we see the same on patchwork.ozlabs.org - it seems that there's bots that fill out random web forms with random values. I see about 20-40 per day. I probably wouldn't bother with a captcha for our instance though; it's a fairly trivial amount of email traffic for those confirmations, and the non-confirmed accounts should get purged form the db after the expiry. So yes, if you do propose a patch for this, please make it optional via a django setting :) Cheers, Jeremy _______________________________________________ Patchwork mailing list [email protected] https://lists.ozlabs.org/listinfo/patchwork
