DNN Forums

Ask questions about your website to get help learning DNN and help resolve issues.

Fake spam users

Sort:
You are not authorized to post a reply.





New Around Here





    Hi,

    We have been using DNN since 3.x for our website for long and fake/spam users have always been an issue for us. I would regularly have to delete unverified users which is time consuming. For a while iWebs had a registration module with reCaptcha that worked, but that failed too at some point. Now that we upgraded to 9.x this module no longer works and we're down to out-of-the box verified user registration with the built-in captcha. Of course spam users are still trickling in. However, while before it was easy to bulk delete/expunge unverified/deleted users, since 9.x it seemt to have to be done one by one which is a bit of a disaster. I hope I've missed something?

    Where does DNN stand with regard to fake users at this point? Do they get in by direct posting / exploiting APIs or is it more "screen scraping" style with something like OCR solving the captcha?

    I had not previously noted the "Question and answer" option. Has anyone used this to their advantage?

    Any pointers appreciated. We're prepared to code and contribute as well if that's what it takes, but in that case we'd appreciate some pointers..

    / Lars






    Veteran Member





      I haven't seen this be an issue on any of our websites for a long time.  I guess it's because of how we deploy websites now.  Some of the things we do to mitigate this include:

      • Change the names and create custom versions of the register and login pages.
      • Add RECAPTCHA to the registration page (only as a last resort).  
      • Use non-Core options for the registration and login forms (e.g., Live Forms).  
      • Put the website behind a CDN (e.g., CloudFlare, Incapsula, etc.).





      Advanced Member





        I have seen a lot of sites with public registration open even though they don't need it. It was only like that because it was the default. If you do not need public registration you can switch it off an only admins can create users... Not sure this is a solution for you, just saying it often happens :)
        You are not authorized to post a reply.

        These Forums are dedicated to the discussion of DNN Platform.

        For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

        1. If you have (suspected) security issues, please DO NOT post them in the forums but instead follow the official DNN security policy
        2. No Advertising. This includes the promotion of commercial and non-commercial products or services which are not directly related to DNN.
        3. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
        4. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
        5. No Flaming or Trolling.
        6. No Profanity, Racism, or Prejudice.
        7. Site Moderators have the final word on approving / removing a thread or post or comment.
        8. English language posting only, please.

        Would you like to help us?

        Awesome! Simply post in the forums using the link below and we'll get you started.

        Get Involved