Print

[Kermit98]

Hello Community

Since several years i run Coppermine as an album for model-railroad pictures and it runs very well. Some months ago it began, each 1, 2 daye someone registers with a gmail.com-adress. Of course this doesn't mean that every gmail-user is a spammer, but these ones look like automated bots because of the appearance of their adress. Sometimes these guys follow the registration link, sometimes not. They haven't done any harm yet, never uploaded any pictures and i also found nothing un-normal in my database, but i'm a little paranoid about security at my websites, so it makes me a little nervous....
This brings me to my question: Is there a (yet unnoticed) build-in feature to block unwanted adresses or an avialable hack ?

Thanks in advance and much greetings

Thorsten

[Nibbler]

Yes, there's a mod.

http://forum.coppermine-gallery.net/index.php/topic,16833.0.html

Using the captcha plugin for registration might be more effective though.

[Joachim Müller]

They haven't done any harm yet, never uploaded any pictures and i also found nothing un-normal in my database, but i'm a little paranoid about security at my websites, so it makes me a little nervous....

The potential bots (humans or bots) registered to figure out if they were allowed to post comments if they registered. You probably don't allow comments or have changed things around (can't tell for sure as you have failed to post a link to your gallery although you should have done though) that kept the potential spammers from posting comments.
Excluding eMail addresses can reduce the number of registration, but that is going to become a hide-and-seek game: there will be other email addresses that will go through. Google mail accounts are not actually thow-away accounts: you have to rfegister there as well using a captcha. In all countries of the world (except Germany due to legal issues, where Google mail is not allowed to use the domain name gmail.com, but googlemail.com), there are legitimate users with gmail accounts - that's why the spammers use them as well: it doesn't make sense to block the domain gmail.com if you're not ready to disallow a lot of legitimate users. This being said, applying the mod suggested may be an option for Germany, as we hardly ever have people with gmail accounts (I'm an exception to this rule, as I joined gmail at an early stage, when it was still a closed beta and the Google still provided addresses like your_alias@gmail.com to everybody world wide including German residents).
That's why I explained this in more detail: don't be too concerned about some potentially malevolent users registering: as long as you allow registration, some jerks will register as well as legitimate users. Keep your app up-to-date, and try to make things harder for bots.

HTH

Joachim

P.S. Bots don't actually "follow the registration link" - that's something only humans do. Instead, the bot script issues http requests, which is much more efficient for machines. Subsequently, an automated registration script for Coppermine would send the registration form data to the form target.