

Ask HN: Is anyone else seeing fake signups recently? - cperciva

Over the past month I've been seeing an increased number of Tarsnap accounts "registered" (by entering an email address into a form) but not "confirmed" (by following a link emailed to that address).  Aside from wasting a few cpu cycles and bytes of bandwidth, this has no effect -- Tarsnap accounts aren't actually created until the "confirm" step.<p>The faux-signup email addresses all appear to be in the following three forms: &#60;8-12 random letters&#62;@hotmail.com, &#60;8-12 random letters&#62;@sohu.com, &#60;4-6 random letters&#62;&#60;4-6 random digits&#62;@tom.com.<p>I haven't seen email bounces, so presumably these random-looking addresses are in fact valid; but I have no idea what the point of this is.  Has anyone else seen this sort of noise in the past month?
======
egiva
Yes, there is BlackHat software (Spambots) that sign up accounts on forums and
other websites. The software even waits 10 minutes (or however long you like)
before it actually clicks on the various links in any emails it receives - so
just having a "confirm this email account" link in your confirmation email
isn't enough to block these spamming accounts.

Because a CAPTCHA is generally abrasive for users as they sign up (it adds an
extra step, friction, and hence reduces signups), it's more advisable to use a
hidden field (or two) in your form that are REQUIRED to be left blank. These
are called TRAP FIELDS.

The idea is this: you create a field that is required to be left blank, but
you name is something legit like "name". Hide the field with css (like
"display: hidden;"). In your controller, you simply require that the field be
left blank for the form to be accepted.

This defeats about 85% of the dumbest spam account signup bots, because they
will try to add a value to that field, and your controller will reject the
entry, etc.

More tips/tricks about TRAP FIELDS here:
<http://www.kirsle.net/doc/submitter.html>

------
bigiain
A forum I help out on catches a lot of these using:

<http://www.stopforumspam.com/search.php>

(I think it's just a build in configuration of the smf forum software, or
possibly a readily available plugin - no personal experience
acquiring/installing it, just a happy enough user who notices it highlight in
red maybe 60 or 70% of the signups...)

The advanced search there certainly shows a lot of activity similar to your
description for @tom.com and @sohu.com addresses... ( I think there's just
_way_ too much noise on hotmail.com these days to even take it seriously
anymore)

~~~
cperciva
Heh, I don't see much noise from hotmail.com at all. Admittedly, they're the
4th most common domain for Tarsnap users, but that's at 0.4% of the total
(compared to gmail.com at 33%).

------
adityar
I've seen that as well (not exactly the same domains, though) but totally
random usernames and emails. Doesn't appear to be a bot. Each signup takes
some time. The IP address traces back to China. No idea what they are trying
to accomplish.

------
asto
I used to run a drupal site a while back where I'd post interesting linux
stuff that I came across. The sign-up process was extremely simple with no
mail verification. And there were plenty of accounts (about 50 in 3-4 months)
created that follow the pattern you state. I don't think there's anything
weird/unique about it.

PS: Yes, I know that sort of registration is a bad idea!

------
dholowiski
Yup for sure. All from 222.186. _._ and since I blocked that 60.169.78.42.
5-10 a day and it's driving me crazy!

