Closed Bug 1119532 Opened 9 years ago Closed 9 years ago

[spam] bot blocker for account/profile creation

Categories

(developer.mozilla.org Graveyard :: General, defect)

Product:
developer.mozilla.org Graveyard
Component:
General
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: aspivak, Assigned: groovecoder)

References

Details

(Whiteboard: [LOE:?])

Summary: bot blocker for account/profile creation → [spam] bot blocker for account/profile creation
Question: Should obvious bot submissions have their IP automatically banned? I think so.
In bug 1119545 I have been using a data export to explore profile data. Most recently I found some patterns relevant to this bug:

* A huge number of spammy profiles have populated the URL and bio fields, but have 0 revisions
* A huge number of spammy profiles have usernames that are random gibberish or include digits (for example, of the 23,913 profiles that include a URL, 11,435 have a digit in their username).

The second point above suggests to me that spam profiles are being created with automation, and we could prevent them by building this feature. :groovecoder, can we get an LOE on...

1. Add honeypot fields to profile create and edit screens
2. When profiles created or edited include those fields, ignore the request but do not indicate that in the response

Optionally...
3. Ban the IP with django-banish
Whiteboard: [LOE:?]
I'm looking at this library from sunlightlabs:

https://github.com/sunlightlabs/django-honeypot/

Looks very promising, if :jezdez approves.
Assignee: nobody → lcrouch
Flags: needinfo?(jezdez)
:groovecoder as long as you don't use django-honeypots' automatic response content patching via the HoneypotResponseMiddleware middleware. IIRC you can use it explicitly via the template tag and decorator
Flags: needinfo?(jezdez)
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Just a note here: this has had 0 effect on the number of accounts created.

mysql> select count(id) from auth_user where date_joined > '2015-02-11';
+-----------+
| count(id) |
+-----------+
|      1551 |
+-----------+
1 row in set (0.09 sec)

mysql> select count(id) from auth_user where date_joined > '2015-02-04' and date_joined < '2015-02-11';
+-----------+
| count(id) |
+-----------+
|      1525 |
+-----------+
1 row in set (0.05 sec)

So, the current account registration rate appears to be all humans. ;)
(In reply to Luke Crouch [:groovecoder] from comment #6)
> Just a note here: this has had 0 effect on the number of accounts created.

A steady rate might indicate great success blocking bot attacks, or a lack of bot attacks. This feature (and bug 1124390) is a preventative. Thanks for adding it!
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.