Suspicious user activity in OBS (automated mass sign-up)
Open, Unbreak Now!Public

Description

In the past two weeks or so there has been a constant influx of new users who create home projects and apparently do nothing else. Every hour or so, a new user gets registered and a new home project gets created. All of the users have seemingly random names and random Mail.Ru email addresses. It looks like the process is automated.

I have no idea whether these users pose some kind of risk, but that sort of activity is definitely suspicious.

Details

Ticket Type
Task
sicherha created this task.Jun 7 2018, 10:23 AM
sicherha raised the priority of this task from 40 to Normal.
sicherha raised the priority of this task from Normal to High.Jun 19 2018, 1:27 PM

And here come the spammers: https://obs.kolabsys.com/project/show/home:{hairweavingbangalore,elegantitservices} (link not clickable)

We really need to get this muck under control.

Just FYI, this is still going on.

sicherha raised the priority of this task from High to Unbreak Now!.Aug 8 2018, 12:04 PM

Bumping priority. This is ridiculous - there are currently approximately 300-400 automated registrations, obviously from bots, every week.

I don't know what to do about it, to be honest. There doesn't seem to be any modules or settings that protect against this type of thing, as far as I could find.

Maybe if you disable gmail, facebook, etc. user login ... as a work around...

Quick question, why is it enabled that users can register on the OBS.