People signing up at Alledia in weeks to come are going to have one extra field to fill in.
Recently, we’ve seen a sharp jump in the number of fake registrations and so over the weekend we added a captcha to our registration form. This problem isn’t growing because Joomla or Community Builder have security problems, but it can be simply explained by what we’ll call "Spam’s Law":
The amount of spam a software product receives is directly proportional to its popularity.
Joomla’s popularity has been soaring in recent months and so spammers have much more to gain by searching for and exploiting any weaknesses. If any of you out there run a WordPress site, you’ll know the popular blogging platform is currently fighting a much fiercer battle with the spammers than Joomla.
The Community Builder team has done a great job of developing counter-measures against spam. Just over a month ago they issued a new captcha plugin to reduce spam registrations, and Beat from the CB team has promised that they will keep working on improvements. This is good news, because captchas are a pretty tricky topic:
The Problem with Captchas
Most captchas have one of these two problems:
- They’re either too easy to read and the spambots learn to read them in weeks or even days.or they’re too difficult to read and your visitors wonder where they left their reading glasses. The CB plugin nicely offers a range of options so you can choose how legible your captcha is.
- They aren’t accessible to people with weak vision or have learning disabilities. Captchas are designed to be unreadable by machines so screen readers can’t decipher them. The W3 have a report here outlining alternatives.
So Why Did We Add the Captchas?
First, we hope to be able to remove the captchas from the site as soon as possible, as CB is upgraded.
Second, because we make all our posts and archives freely available, there really isn’t much to be gained by registering at Alledia, except for a profile page and the ability to add an avatar to your comments. Those people unable to get past the captcha won’t be prevented from accessing any of the content on the site.
How to Spot a Fake Registration
- Most come from domain extensions such as .ru / .ro / .tk. McAfee recently produced a list of the most spammed domain extensions worldwide.
- They have the same first name and last name.
- They never do anything once logged in. Most people sign-up because they want to do something right away.
How to Keep Your Community Builder Site Safe
- Remove your components/com_registration folder for added security.
- Use this mambot to stop people bypassing the CB login (not needed if you have CB 1.0.2)
- Install the CB captcha plugin.