Spam user registrations

lucyparsons / OpenOversight

Police oversight and accountability through public data 👮

https://openoversight.com

GNU General Public License v3.0

240 stars 79 forks source link

Spam user registrations #761

Open dismantl opened 4 years ago

dismantl commented 4 years ago

Both bpdwatch.com and openoversight.com have gotten spam user registrations. PR #749 aims to help mitigate that, but even with reCAPTCHA turned on bpdwatch.com is still getting spam registrations.

dismantl commented 4 years ago

One approach could be to switch from reCAPTCHA v2 to v3, which assigns scores to user interactions: https://developers.google.com/recaptcha/docs/v3. That way we can monitor spam registrations and set an appropriate threshold based on the observed scores.

dismantl commented 4 years ago

Ok i've updated #749 to use reCAPTCHA v3. I'll deploy to bpdwatch.com and report back.

dismantl commented 4 years ago

After a couple days, reCAPTCHA v3 has stopped all the spam registration attempts, which I confirmed in my logs. PR #749 should solve this issue.