Random Account Creation
Kelly Drake
We've had a number of seemingly random accounts created within the last few weeks. Accounts that appear to be spam attempts as the registration information is not related to any real person.
1. Do you receive the same types of account requests?
2. Do you have any way to discourage this?
3. Worst case scenario - What would be involved in removing the "Create Account" option?
Kelly
Nate Sarr
Kelly
--
You received this message because you are subscribed to the Google Groups "irplus" group.
To view this discussion on the web visit https://groups.google.com/d/msg/irplus/-/6NIrvjXuAJoJ.
To post to this group, send email to irp...@googlegroups.com.
To unsubscribe from this group, send email to irplus+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/irplus?hl=en.
Nate Sarr
From what I can tell almost all of our users are valid. Hope this helps.
-Nate
Kelly
Kelly Drake
Thank you for looking into this.
The accounts do have email verification, so maybe they're just being created by people who don't understand the purpose of having an account. We are seeing a significant amount of file downloads - so maybe it's just becoming popular.
I'll run your options by our libraries and see what they think.
Also - Another option for us, considering that these may just be uninformed users may be to add some explanatory text to the Registration page. I'd guess that's relatively easy?
Kelly
Paul Hoffman
require users to register using their institutional e-mail address --
e.g., foo...@example.edu would be permitted but foo...@gmail.com would
be rejected.
It looks like a code change in edu.ur.ir.web.action.user.registerUser
would be required, maybe something like this (fudging a little as I
don't know Java):
UserEmail email = defaultEmail.getEmail();
IrUser emailExist = userService.getUserByEmail(email);
if (emailExist != null)
{
addFieldError("emailExistError", "This Email already exists in the system. Email: " + email);
emailAlreadyExists = true;
failure = true;
}
else if (registrations are limited to example.edu and email.getEmail doesn't match the pattern /.*\.example.edu/)
{
addFieldError("emailExistError", "You must use an example.edu Email. Email: " + email);
failure = true;
}
This would also make it possible to hook into LDAP *before* the user has
verified their registration -- i.e., if there's no foobar in the LDAP
directory then foo...@example.edu would also be rejected. But I won't
bother trying to pseudocode that.
Paul.
On Tue, Dec 20, 2011 at 10:31:26AM -0500, Nate Sarr wrote:
> Hi Kelly,
>
> From what I can tell almost all of our users are valid. Hope this helps.
>
> -Nate
>
> On Mon, Dec 19, 2011 at 1:43 PM, Kelly Drake <ksd...@gmail.com<mailto:ksd...@gmail.com>> wrote:
> I have a few questions about the "Create Account" function.
>
> We've had a number of seemingly random accounts created within the last few weeks. Accounts that appear to be spam attempts as the registration information is not related to any real person.
>
> 1. Do you receive the same types of account requests?
> 2. Do you have any way to discourage this?
> 3. Worst case scenario - What would be involved in removing the "Create Account" option?
>
> Kelly
>
>
>
> --
> You received this message because you are subscribed to the Google Groups "irplus" group.
> To view this discussion on the web visit https://groups.google.com/d/msg/irplus/-/6NIrvjXuAJoJ.
> To post to this group, send email to irp...@googlegroups.com<mailto:irp...@googlegroups.com>.
> To unsubscribe from this group, send email to irplus+un...@googlegroups.com<mailto:irplus%2Bunsu...@googlegroups.com>.
> For more options, visit this group at http://groups.google.com/group/irplus?hl=en.
>
>
> --
> You received this message because you are subscribed to the Google Groups "irplus" group.
> To post to this group, send email to irp...@googlegroups.com.
> To unsubscribe from this group, send email to irplus+un...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/irplus?hl=en.
--
Paul Hoffman <pa...@flo.org>
Systems Librarian
Fenway Libraries Online
c/o Wentworth Institute of Technology
550 Huntington Ave.
Boston, MA 02115
(617) 445-2914
(617) 442-2384 (FLO main number)
Nate Sarr
Sounds good. Let me know what you find. You may want to look at what id doing the downloads in the administration section (IP Address/Statistics->Download Counts by IP Address). You may need to remove crawler results.
-Nate
Nate Sarr
That might work as a filter a specific institution could use, however, it might not work for everyone. For example we want users to log in and subscribe to our collections even those outside of our institution. For example our musical scores collection gets international recognition and we have a large number of users who subscribe to the daily digest of what new musical scores have been added. We also need to allow users who want to collaborate on documents from other institutions.
-Nate
Paul Hoffman
Hmm, yeah, I forgot about subscriptions. Do you find that people prefer
to subscribe to a collection rather than using an RSS feed?
Paul.
On Tue, Dec 20, 2011 at 11:06:13AM -0500, Nate Sarr wrote:
> Hi Paul,
>
> That might work as a filter a specific institution could use, however, it might not work for everyone. For example we want users to log in and subscribe to our collections even those outside of our institution. For example our musical scores collection gets international recognition and we have a large number of users who subscribe to the daily digest of what new musical scores have been added. We also need to allow users who want to collaborate on documents from other institutions.
>
> -Nate
>
> On Tue, Dec 20, 2011 at 10:55 AM, Paul Hoffman <pa...@flo.org<mailto:pa...@flo.org>> wrote:
> One possible way to mitigate the spam registrations problem would be to
> require users to register using their institutional e-mail address --
> e.g., foo...@example.edu<mailto:foo...@example.edu> would be permitted but foo...@gmail.com<mailto:foo...@gmail.com> would
> be rejected.
>
> It looks like a code change in edu.ur.ir.web.action.user.registerUser
> would be required, maybe something like this (fudging a little as I
> don't know Java):
>
> UserEmail email = defaultEmail.getEmail();
> IrUser emailExist = userService.getUserByEmail(email);
> if (emailExist != null)
> {
> addFieldError("emailExistError", "This Email already exists in the system. Email: " + email);
> emailAlreadyExists = true;
> failure = true;
> }
> else if (registrations are limited to example.edu<http://example.edu> and email.getEmail doesn't match the pattern /.*\.example.edu/<http://example.edu/>)
> {
> addFieldError("emailExistError", "You must use an example.edu<http://example.edu> Email. Email: " + email);
> failure = true;
> }
>
> This would also make it possible to hook into LDAP *before* the user has
> verified their registration -- i.e., if there's no foobar in the LDAP
> directory then foo...@example.edu<mailto:foo...@example.edu> would also be rejected. But I won't
> bother trying to pseudocode that.
>
> Paul.
>
> On Tue, Dec 20, 2011 at 10:31:26AM -0500, Nate Sarr wrote:
> > Hi Kelly,
> >
> > From what I can tell almost all of our users are valid. Hope this helps.
> >
> > -Nate
> >
> > On Mon, Dec 19, 2011 at 1:43 PM, Kelly Drake <ksd...@gmail.com<mailto:ksd...@gmail.com><mailto:ksd...@gmail.com<mailto:ksd...@gmail.com>>> wrote:
> > I have a few questions about the "Create Account" function.
> >
> > We've had a number of seemingly random accounts created within the last few weeks. Accounts that appear to be spam attempts as the registration information is not related to any real person.
> >
> > 1. Do you receive the same types of account requests?
> > 2. Do you have any way to discourage this?
> > 3. Worst case scenario - What would be involved in removing the "Create Account" option?
> >
> > Kelly
> >
> >
> >
> > --
> > You received this message because you are subscribed to the Google Groups "irplus" group.
> > To view this discussion on the web visit https://groups.google.com/d/msg/irplus/-/6NIrvjXuAJoJ.
> > To post to this group, send email to irp...@googlegroups.com<mailto:irp...@googlegroups.com><mailto:irp...@googlegroups.com<mailto:irp...@googlegroups.com>>.
> > To unsubscribe from this group, send email to irplus+un...@googlegroups.com<mailto:irplus%2Bunsu...@googlegroups.com><mailto:irplus%2Bunsu...@googlegroups.com<mailto:irplus%252Buns...@googlegroups.com>>.
> > For more options, visit this group at http://groups.google.com/group/irplus?hl=en.
> >
> >
> > --
> > You received this message because you are subscribed to the Google Groups "irplus" group.
> > To post to this group, send email to irp...@googlegroups.com<mailto:irp...@googlegroups.com>.
> > To unsubscribe from this group, send email to irplus+un...@googlegroups.com<mailto:irplus%2Bunsu...@googlegroups.com>.
> > For more options, visit this group at http://groups.google.com/group/irplus?hl=en.
>
> --
> Paul Hoffman <pa...@flo.org<mailto:pa...@flo.org>>
> Systems Librarian
> Fenway Libraries Online
> c/o Wentworth Institute of Technology
> 550 Huntington Ave.
> Boston, MA 02115
> (617) 445-2914<tel:%28617%29%20445-2914>
> (617) 442-2384<tel:%28617%29%20442-2384> (FLO main number)
Nate Sarr
It seems to be that way - we have a large number of people who like to subscribe using email.
-Nate