[Open-bio-l] OpenID working again

Andy Jenkinson andy.jenkinson at ebi.ac.uk
Fri Apr 19 15:55:43 UTC 2013


On 19 Apr 2013, at 14:28, "Fields, Christopher J" <cjfields at illinois.edu> wrote:

> On Apr 19, 2013, at 4:57 AM, Peter Cock <p.j.a.cock at googlemail.com> wrote:
> 
>> On Fri, Apr 19, 2013 at 10:48 AM, Andy Jenkinson
>> <andy.jenkinson at ebi.ac.uk> wrote:
>>> 
>>> 
>>> What was it that was fixed yesterday, manual account creation or
>>> OpenID?
>> 
>> OpenID work certainly, but I'll defer to Chris F or Chris M (both in the
>> USA so not awake yet) regarding exactly where things stand now.
> 
> I don't know if you can implement a secondary captcha for OpenID, but we (the other Bio*) haven't found it to be necessary as long as the only way in is to use an OpenID.  I think we had maybe one instance on bioperl.org with someone trying this, and they were very easily blocked.  Haven't seen ugg boot spam in a while (fingers crossed).
> 
> chris

So Chris, what was it that was fixed yesterday then? Currently I don't know if the spammers are coming via OpenID or the regular account creation process. I would have thought the latter, hence my suggestion to amend the captcha.

One thing is clear to me, it is automated. The fact that so many new accounts are created as soon as the registration/login is fixed makes me not so confident that moderating new accounts will stop the attempts. Either we turn off the part of the registration process that they are coming in via, or we make it more robust. And doing it only for biodas.org is of course fine.



More information about the Open-Bio-l mailing list