[Open-bio-l] OpenID working again

Fields, Christopher J cjfields at illinois.edu
Sat Apr 20 01:34:51 UTC 2013 

On Apr 19, 2013, at 7:03 PM, Chris Maloney <voldrani at gmail.com>
 wrote:

> Was this fixed?

Should be.  I haven't had time to bring it up to the list today (will respond to Andy's comments separately).

> Right now on biodas wiki I only see the option to create a new account
> via OpenID.  Also, it looks like the last new account was created at
> 13:29 Z, so that leads me to believe Chris F or somebody else changed
> something.

Yep.  The original intent for OpenID was to prevent spam accounts like that from being created to vandalize the site.  Seems to have worked for the time being.

chris

> On Fri, Apr 19, 2013 at 11:55 AM, Andy Jenkinson
> <andy.jenkinson at ebi.ac.uk> wrote:
>> 
>> On 19 Apr 2013, at 14:28, "Fields, Christopher J" <cjfields at illinois.edu> wrote:
>> 
>>> On Apr 19, 2013, at 4:57 AM, Peter Cock <p.j.a.cock at googlemail.com> wrote:
>>> 
>>>> On Fri, Apr 19, 2013 at 10:48 AM, Andy Jenkinson
>>>> <andy.jenkinson at ebi.ac.uk> wrote:
>>>>> 
>>>>> 
>>>>> What was it that was fixed yesterday, manual account creation or
>>>>> OpenID?
>>>> 
>>>> OpenID work certainly, but I'll defer to Chris F or Chris M (both in the
>>>> USA so not awake yet) regarding exactly where things stand now.
>>> 
>>> I don't know if you can implement a secondary captcha for OpenID, but we (the other Bio*) haven't found it to be necessary as long as the only way in is to use an OpenID.  I think we had maybe one instance on bioperl.org with someone trying this, and they were very easily blocked.  Haven't seen ugg boot spam in a while (fingers crossed).
>>> 
>>> chris
>> 
>> So Chris, what was it that was fixed yesterday then? Currently I don't know if the spammers are coming via OpenID or the regular account creation process. I would have thought the latter, hence my suggestion to amend the captcha.
>> 
>> One thing is clear to me, it is automated. The fact that so many new accounts are created as soon as the registration/login is fixed makes me not so confident that moderating new accounts will stop the attempts. Either we turn off the part of the registration process that they are coming in via, or we make it more robust. And doing it only for biodas.org is of course fine.

More information about the Open-Bio-l mailing list