[SAC] Re-enable LDAP user creation

Alex Mandel tech_dev at wildintellect.com
Sun May 8 07:21:45 PDT 2016 

I wanted to be 100% positive that the sign ups were being done by hand.
That part was not clear, hence my request to do an ip based fail2ban on
the registration url. I was also waiting for the spam blocking to be
enabled across Trac.

We do want email verification added, 1. because without a valid email
address a user can not reset their password, even if they ask us to
because we can't verify who they are, 2. I think an additional step
might actually slow the process of registration to annoy spammers.

Sandro, my initial query was based on modify, the chart I added later to
the ticket was based on create.

If you think the new anti-spam measures are working and we can re-enable
it. Martin was working on a script to make it faster to remove spam
accounts once found, is that in place so admins can use it without
having to ask Martin?

Thanks,
Alex

On 05/08/2016 03:34 AM, Sandro Santilli wrote:
> On Sun, May 08, 2016 at 12:28:12PM +0200, Frank Warmerdam wrote:
>> Strk,
>>
>> It seems I missed some of the discussion in #1665, but I don't really
>> see what is hoped to be accomplished.  If someone is willing to create
>> the accounts with a human then they will also be willing to do email
>> confirmation, etc.  Basically, we can't really stop humans that want
>> to span things.
> 
> I don't know the details of what happened either.
> Alex reported that users were still being created.
> I'm not sure if his query was correct as he's been using
> "modify" timestamp rather than "create" timestamp, and
> I don't know by which time was the captcha-based mechanism
> introduced.
> 
> To me, forcing accounts to be created by humans is good enough
> for a start. Then we should aim at finding a way to detect
> "dormient" users to remove them. For example I found there
> are accounts named gmail1 to gmail33, but only gmail1 to gmail8
> were found to be sending spam, so far.
> 
> --strk;
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/sac
>

More information about the Sac mailing list