[SAC] Re-enable LDAP user creation
Sandro Santilli
strk at keybit.net
Mon May 9 11:37:59 PDT 2016
On Mon, May 09, 2016 at 05:08:11PM +0200, Sandro Santilli wrote:
> We badly need the email confirmation thing, no dubt.
> Frank: do you think you could work on that ?
For the record, as mentioned in the other thread, at least one
of the suspicious users (ct7316944) was confirmed to be a spammer,
so I disabled the user registration form again.
I can't tell for sure if the registrant is a bot or a human, but
I can tell the captcha itself is not preventing spammers from
registering, so I disabled the registration form again.
--strk;
> > >
> >
> > Ya I'm wondering if we should run a daily report, or hourly, that emails
> > SAC or at least the main admins if more than x number of accounts have
> > been made in the last hour (maybe 20). Since that would be a good sign
> > of bulk registration. This would use the ldapsearch above...
>
> Another 2 accounts were just registered, and they uid doesn't
> look sane at all to me:
>
> kumartinkusingh08
> ct7316944
>
> I can't match those to the IP they came from as I don't know how
> to extract createTimestamp from LDAP, the apache log does not contain
> information about the name AND the script creator itself does not
> create any log.
>
> I'll look at creating a script to report the number of users created
> in the last X hours, and then get it called to report to sac.
>
> --strk;
More information about the Sac
mailing list