On 1/1/21 7:41 PM, Andrew Hodgson wrote:
I have noticed recently I have around 2000 bogus sign-ups that have created accounts in Django. Looking through the logs these have come from the Postorius sign-up pages. I checked and email confirmation is required before the accounts are created and the email addresses that have been used do seem like they could respond to these requests.
I don't want to add captchas to the form right now but is there any way to clean out these users from the database perhaps periodically based on whether the accounts are subscribed to any list?
I can't help with this but I want to say a bogus sign up will usually have a first/last name filled with randomly generated upper/lowercase letters eg. HiedfURW FHIUEYde. That was what we saw. I also implemented a server wide block against Russia and that cut bogus signups by 75%!
What we did with our Affinity system is to auto-remove all unverified user accounts after 36 hours. You can perhaps put in a feature request for something similar with Postorius/Django on their Gitlab page.
-- Brian Carpenter Harmonylists.com Emwd.com