Stopping spam registration on acts_as_authenticated

Hi
I’ve got a_a_a running on my site, and it’s working great, but …
I’ve just noticed that one of the new users email addresses is a
spammer’s address. And there are a whole batch of slightly suspect new
users called e.g. Larry, with mail addresses as [email protected],
[email protected] etc.

What’s the best way to stop spam registration?
Greg has a post here
on using captcha and javascript, but the comments seem to suggest that
it’s more of a load on the user than it is on the bots.
Any ideas or pointers really appreciated
Thanks
Piers

Maybe add acount Activation via email… read this for examples:

http://technoweenie.stikipad.com/plugins/show/Acts+as+Authenticated

Thorsten wrote:

Maybe add acount Activation via email… read this for examples:

http://technoweenie.stikipad.com/plugins/show/Acts+as+Authenticated

Thanks - I’d already added that.
Sparkling studios seem to have the beginning of a solution here:
http://sas.sparklingstudios.com/articles/2006/10/01/how-to-protect-a-rails-application-against-spam-with-akismet

It uses akismet, so will have a go at refactoring it for aaa and post to
the stikipad unless anyone’s got any better ideas

On 20 Feb 2007, at 14:00, Piers wrote:

captcha-validation-with-javascript">here
on using captcha and javascript, but the comments seem to suggest that
it’s more of a load on the user than it is on the bots.
Any ideas or pointers really appreciated

What I’ve done in the past and seems to work, is generate a unique id
on the serverside (hashing Time.now for example), then putting that
in a session variable and injecting it through a javascript function
in a field. This won’t work on browsers with JS turned off, but it’s
pretty good protection and the user doesn’t need to know about it
(i.e. your actually filling in the captcha yourself through JavaScript).

Pseudo code:
Controller show_registration_page:
@unique_id = hash_value(Time.now)
session[:form_validator] = @unique_id

View:

--- your other form fields here ---

Controller save_registration:
if params[:validator_field] == session[:form_validator]
save_registration
else
show_message_turn_js_on_or_stop_trying_to_spam_me
end

Pretty easy to implement and no complaints about spamming.

Best regards

Peter De Berdt

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs