One thing that concerns me on sites I build is the signup routine(s). What prevents users from signing up multiple times, with different email addresses? In fact, what prevents them from spamming the signup script, adding an extra 1,000 users to my database?
Most sites send an authorized email, telling the person to click on a link to activate their account, but that can be easily passed up by harnessing perl's ability to receive mail for you (adding a line to sendmail's /etc/aliases file, and using Mime::Tools.) This security doesn't seem to be too strong, on a site where people may be inclined to spam signup scripts. On the other hand, maybe I just haven't built enough around that idea? Would it be wise to work in multiple "do this to this word," and store the answer/user information in a "register in the next day" table? My personal method of choice would be to block multiple daily signups from sites (*.com/*.net/*.org), but that doesn't seem feasible (hotmail.com,aol.com, etc.) Is there some sort of list of free email providers, so I could work around that? The idea seems to be impossible, but maybe somebody could enlighten me on an implementation of this?
My personal choice for making a signup script harder to spam is making it issue multiple requests (redirect you to a second page to enter information), and (I'm still considering this) using CAPTCHAs. or An implementation of them. (If you don't feel like going to the site: CAPTCHA stands for "Completely Automated Public Turing Test to Tell Computers and Humans Apart".) Captchas are programs that (at this point) are recognizable by humans, but hard to code a program that can decipher them. Larger sites such as yahoo & paypal use them for signups, which attests at least a bit to a captchas preventative value. In addition to this, I may be implementing Apache::Session's abilities, and storing both the correct captcha, and other pertinent user information from his two requests in a session key (preventing him/her from signing up ten times with the same cookie "CAPTCHA password". Any advice on implementing this? Is it even worth it? Do you foresee people being to program around CAPTCHAs in the near future?
How do you make sure that people don't spam your signup scripts with bots? Is this even a worry? Any pertinent previous discussions on this subject?
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.