Topics

Tribe Support

Tribe Support's Topics

Nick Swinford

Nick Swinford

2 weeks ago

Spam accounts

I got my first spammer today. They created 3 accounts and about 1,200 groups on my site.

https://www.getanahita.com/photos/162831

Any recommendation on how to stop these guys?

Oh wow, any idea how they got in? Was it a single author who created all the groups? Do you think google recaptcha will stop them?
It was three user accounts. Whenever we closed one, they registered a new one. I think it was a real person creating the accounts cause they didn't make a ton of those. Then they used a bot to auto-create the groups so I disabled group creation.

Idk, I can try implementing it on the registration form, but not sure if its a real person registering.
We never had such a scenario until now!

Google recaptcha seems to be quite efficient in stopping bots from registering or logging in. Once they login, they can use a bot or chrome app to make rest calls and create new groups.

Also are you using cloudflare? They filter out a lot of bot traffic before they can reach your website.

I'd start with putting in google recaptcha on both registration and login forms: https://developers.google.com/recaptcha/docs/invisible
https://developers.google.com/recaptcha/docs/verify
You can also build an app that puts limit on the number of post requests one can do per day or hour
also- could the three users be associated with a certain ip range and browser configuration, etc, you could filter against such a pattern if one existed in the signup form procedure.
Rastin Mehr liked this
Also try limiting your server's Access-Control-Allow-Origin to all the requests coming from your domain only.
Another approach is only allowing members who meet certain criteria to create groups. For example those who have gained some followers on their profiles as well as comments, and likes on their posts.
We currently have an SPA that connects to the Anahita API and requires access-control-allow-origin to be set pretty widely. I might be able to make it a bit stricter.

That second option is a possibility. Would be an interesting application for #gamification.
You can also allow only the verified accounts create groups. That's a good way too.
For those who are following this topic, the implementation of reCaptcha is happening here: https://www.getanahita.com/topics/162886-developing-a-google-recaptcha-plugin

Powered by Anahita