Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent registration spams #877

Open
Themimitoof opened this issue Apr 4, 2017 · 7 comments

Comments

@Themimitoof
Copy link
Contributor

commented Apr 4, 2017

Mastodon grows really fast, and malicious users too. To counter registration spams, why not implement a preventive solution with captcha, honeypot, ip limit or other solutions?

The functionality can be disabled on instances if administrators don't care about spam.

Can it's possible to add this functionnality to prevent this?

@wxcafe wxcafe changed the title [Feature request] Prevent registration spams Prevent registration spams Apr 10, 2017

@skhameneh

This comment has been minimized.

Copy link

commented Apr 22, 2017

Should also log IPs in admin panel upon registration

@coreyreichle

This comment has been minimized.

Copy link

commented May 23, 2018

I believe this issue should be bumped up in priority, to possible get something in place for the next RC. A number of instances have been hit by dozens of spam registrations over the past 48 hours.

@quimgil

This comment has been minimized.

Copy link

commented May 28, 2018

In certain cases, another possible approach would be to rely on external authentication, removing local account creation altogether. Mastodon is missing this feature, which would have many benefits on its own (single sign-on, social logins).

We are starting to see organizations with an existing user base who are offering Mastodon as an additional service. For them, local accounts are an extra annoyance with no benefit even before spam starts to appear.

@Gargron

This comment has been minimized.

Copy link
Member

commented May 28, 2018

Mastodon is missing this feature, which would have many benefits on its own (single sign-on, social logins).

Mastodon is not missing this feature, Mastodon already has this feature: LDAP, CAS, SAML

@quimgil

This comment has been minimized.

Copy link

commented May 28, 2018

Alright, thanks. I had replied based on this topic:

https://discourse.joinmastodon.org/t/single-sign-on-with-discourse/766

Since I am interested in Discourse integration, I will continue there for further details.

@stemid

This comment has been minimized.

Copy link
Contributor

commented Aug 3, 2018

I understand the unwillingness to integrate reCaptcha as it is owned by Google. But I'd like to see the option to create a custom captcha by simply specifying two fields.

  1. Question.
  2. Answer

This will help many instances that are specialized or localized. In my case for example I run a Swedish instance so I could easily ask a question in Swedish that only Swedes would be able to answer because it would be culturally ambiguous. And that would get rid of all foreign spam bots for me without having to maintain endless IP-blocks.

And were you to create an API endpoint to update the captcha it could be automated to serve a math question very easily.

@Gargron Gargron added suggestion and removed enhancement labels Oct 20, 2018

@vaartis

This comment has been minimized.

Copy link

commented Feb 12, 2019

I made a a simple CAPTCHA service a while ago specifically for Pleroma, but I'm sure it can be integrated into mastodon as well, as it only has a single endpoint. I'm willing to help integrating it if needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
8 participants
You can’t perform that action at this time.