[Open-bio-l] OpenID working again

Fields, Christopher J cjfields at illinois.edu
Sat Apr 20 01:39:08 UTC 2013 

On Apr 19, 2013, at 10:55 AM, Andy Jenkinson <andy.jenkinson at ebi.ac.uk> wrote:

> 
> On 19 Apr 2013, at 14:28, "Fields, Christopher J" <cjfields at illinois.edu> wrote:
> 
>> On Apr 19, 2013, at 4:57 AM, Peter Cock <p.j.a.cock at googlemail.com> wrote:
>> 
>>> On Fri, Apr 19, 2013 at 10:48 AM, Andy Jenkinson
>>> <andy.jenkinson at ebi.ac.uk> wrote:
>>>> 
>>>> 
>>>> What was it that was fixed yesterday, manual account creation or
>>>> OpenID?
>>> 
>>> OpenID work certainly, but I'll defer to Chris F or Chris M (both in the
>>> USA so not awake yet) regarding exactly where things stand now.
>> 
>> I don't know if you can implement a secondary captcha for OpenID, but we (the other Bio*) haven't found it to be necessary as long as the only way in is to use an OpenID.  I think we had maybe one instance on bioperl.org with someone trying this, and they were very easily blocked.  Haven't seen ugg boot spam in a while (fingers crossed).
>> 
>> chris
> 
> So Chris, what was it that was fixed yesterday then? Currently I don't know if the spammers are coming via OpenID or the regular account creation process.

Regular accounts.  If it were OpenID you would more than likely see a full user name (like 'Christopher Fields') vs the shortened one; you can also see who has an OpenID if you're an admin by visiting this page:

http://www.bioperl.org/wiki/Special:OpenIDDashboard

and following the link in the 'registered users' line.  These accounts shouldn't have them so they can't effectively log back in w/o attaching an OpenID to them (and then they must each be unique).

> I would have thought the latter, hence my suggestion to amend the captcha.
> 
> One thing is clear to me, it is automated. The fact that so many new accounts are created as soon as the registration/login is fixed makes me not so confident that moderating new accounts will stop the attempts. Either we turn off the part of the registration process that they are coming in via, or we make it more robust. And doing it only for biodas.org is of course fine.

Let's see if OpenID squashes this, my guess is it will eliminate most problems.  If it resurfaces then we can go the more strict route.

chris (f)

More information about the Open-Bio-l mailing list