Dear Pootle devs, I have some concerns about certain Pootle registrations that I have been seeing recently. I am currently running Pootle 2.0.5 is powered by Translate Toolkit 1.7.0.
Have improvements in the registration process been introduced since that version (e.g. some sort of CAPTCHA)? For example, http://translate.sugarlabs.org/notices/57075 New user Deenereli registered. http://translate.sugarlabs.org/accounts/Deenereli/ on checking in the Pootle User Administration panel, I found that this user's e-mail was donation...@gmail.com furthermore, the account had been activated, presumably by a response to the registration confirmation e-mail that goes out from Pootle. The results of a Google search on that e-mail address http://lmgtfy.com/?q=donationasw%40gmail.com gives me cause for concern. The results are all from botscout and stopforum spam web-sites. I have inactivated the account manually and mailed a request to the account for a personal response. If I do not get one, I will delete the account via the Pootle User Admin page. http://translate.sugarlabs.org/admin/users.html?page=19 My concern is this is a registration from a forum spamming bot that has the smarts to reply to registration mails in order to activate accounts. The problem for Pootle is that while we accept drive-by suggestions from anonymous users (pootleuser group "nobody"), once a username is registered, we typically accept actual submissions (pootleuser group "default"). This is potentially far more disruptive than suggestions. I would rather not tighten down our "nobody" and "default" privs if I can avoid it. I would much rather understand how to prevent the forum bots from successfully registering. It may be that There are some other patterns I am seeing in username registration (without successful activation) that make me think there may be more than one bot in play here. Presumptive spam account registrations in the last 24 hours: aidesteisolve disperse...@gmail.com AnogemotUntot frank.py...@aol.com (activated) bisonbialz gobizonkev...@gmail.com BorisPef borl...@gmail.com demonmayj gobizon.kev...@gmail.com FreshNatalieXXY freshnatalie...@gmail.com gateBeathyBum hyfrogen...@gmail.com irnytxjoit withdraw...@gmail.com nunavivi nunavivi...@gmail.com olbjovnaiw stickpinmq...@gmail.com Proxitreck comoca...@gmail.com Scollussy olgamalinkowskiewicz...@gmail.com Teetlewafe danisummi...@aol.com (activated) TrenseFaT akdim...@yandex.com (activated) ------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122912 _______________________________________________ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle
