Hi
Our Moodle installation is being hammered by spammers trying to sign up for accounts.
They never follow through the step of account confirmation but we still have to go in and delete the accounts one by one. We've had a look at Admin ->users-> authentication but can't see any step to use to implement a captcha test to stop machines from signing up.
Is there anything available or in development at all?
With best regards
Bill
--
Sheffield, UK
http://www.communityradiotoolkit.net/
Is there anything available or in development at all?
Nothing that I'm aware of
Saludos. Iñaki.
There was a CAPTCHA question type in the feedback module. I'm not sure how much of that code might be useful. There are also other FOSS projects - like PHPbb that as I remember were using CAPTCHA with registration. Hopefully it will not be too difficulty to put something together. It sounds like a reasonable feature request so if it is not already in the tracker please feel free to add it. Peace - Anthony
I use the script at the link below in some other web applications, but not in Moodle...I did test it a few months ago on an old Moodle site that I no longer use...see it here by clicking on the "Create new account" button...if it's working correctly, then you shouldn't be able to get to the account creation page.
If I were going to use it on an active Moodle site, I would simply add the username and password to the sign-up page so "real people" would know what to enter...then I may even periodically change the username and password. Not exactly Captcha, but accomplishes the same result.
http://www.phpsecurepages.com/
Steve
I haven't heard of anything either. Not too hard to do though 
OTOH, an easier fix would be to add a cron task to purge those stale never confirmed accounts after 48hs.
OTOH, an easier fix would be to add a cron task to purge those stale never confirmed accounts after 48hs.
Hi
Martin said:
> I haven't heard of anything either. Not too hard to do though
Ok, got any clues?
There are a few free captcha scripts available but I have no idea as to how to integrate with ../login/signup_form.php
> OTOH, an easier fix would be to add a cron task to purge those stale never
> confirmed accounts after 48hs.
Sounds good to me. Any clues as to where the unconfirmed account data is held. I've checked various tables but no joy so far.
Many thanks in advance and best regards
Bill
--
Sheffield, UK
Martin said:
> I haven't heard of anything either. Not too hard to do though
Ok, got any clues?
There are a few free captcha scripts available but I have no idea as to how to integrate with ../login/signup_form.php
> OTOH, an easier fix would be to add a cron task to purge those stale never
> confirmed accounts after 48hs.
Sounds good to me. Any clues as to where the unconfirmed account data is held. I've checked various tables but no joy so far.
Many thanks in advance and best regards
Bill
--
Sheffield, UK
Or, you could set the cleanup (Admin>Server>Cleanup) to less than 7 days (the default time when unconfirmed accounts are automatically deleted).
You may want to look at tracker issue number MDL-7407. It looks like someone wrote one and posted a patch there
I just discovered that spambots have hit our site with sqillions of spammy requests for membership. Whilst none are approved and none of our students can actually see them, it is still a damned nuisance getting rid of them all.
Just wanted to say that I applied the patch detailed in the previous post. It only took a few minutes to do and it seems to work very well indeed. Only thing is, I suggest you you use the later freecap_patch2.zip patch c/w language file.
Also if you overwrite the existing signup_form.php with the one contained in the patch the you do NOT need to execute...
patch -p < signup_form.php.diff
But you MUST edit your moodle/config.php adding this line...
$CFG->usecaptcha = true
I really hope that this (or something similar) will be built in to future releases of Moodle as standard because spambots are really becoming a nightmare for site admins.
Best wishes, Garf.
Just wanted to say that I applied the patch detailed in the previous post. It only took a few minutes to do and it seems to work very well indeed. Only thing is, I suggest you you use the later freecap_patch2.zip patch c/w language file.
Also if you overwrite the existing signup_form.php with the one contained in the patch the you do NOT need to execute...
patch -p < signup_form.php.diff
But you MUST edit your moodle/config.php adding this line...
$CFG->usecaptcha = true
I really hope that this (or something similar) will be built in to future releases of Moodle as standard because spambots are really becoming a nightmare for site admins.
Best wishes, Garf.
Whilst none are approved and none of our students can actually see them, it is still a damned nuisance getting rid of them all.
Set "Delete unconfirmed users after" to "1 hour" in Administration/Server/Cleanup and they should go away without having to do a manual delete.
Set "Delete unconfirmed users after" to "1 hour" in Administration/Server/Cleanup and they should go away without having to do a manual delete.
Thanks Tony. I did that too - albeit only until all the bogus users had disappeared off our system.
Strangely enough, the bogus users didn't disappear after the first cron - which worried me a little. But they did after the second. Certainly simpler (and safer) than running an update query on the "Users" table in PHPMyAdmin!
Thing is I really wanted to stop it happening in the first place. It is hogging bandwidth, generating email traffic that bounces back to me and most importantly, I want to allow legitimate users plenty of time to pick up their mail. The "Captcha" patch certainly seems to do the trick.
One up for the Moodle community methinks! Thanks to everyone who helped in resolving this.
Best wishes, G.
Strangely enough, the bogus users didn't disappear after the first cron - which worried me a little. But they did after the second. Certainly simpler (and safer) than running an update query on the "Users" table in PHPMyAdmin!
Thing is I really wanted to stop it happening in the first place. It is hogging bandwidth, generating email traffic that bounces back to me and most importantly, I want to allow legitimate users plenty of time to pick up their mail. The "Captcha" patch certainly seems to do the trick.
One up for the Moodle community methinks! Thanks to everyone who helped in resolving this.
Best wishes, G.
I am running an old version (1.4.2) of Moodle on www.flxclasses.com. I tried applying this patch to install Captcha, but it doesn't seem to be working. I did overwrite the existing signup_form.php and did edit the config.php file. I did not run the patch program.
Fortunately, the signup form still seems to work, but I'm not seeing and Captchas.
Dan
Fortunately, the signup form still seems to work, but I'm not seeing and Captchas.
Dan
Dan,
IIRC, the patch was written for 1.8. I recommend you to upgrade to a more recent version of Moodle - 1.4 is so old you can't expect backporting new features.
IIRC, the patch was written for 1.8. I recommend you to upgrade to a more recent version of Moodle - 1.4 is so old you can't expect backporting new features.