Project

General

Profile

Actions

Feature #2340

open

Self-registration needs captcha

Added by Brad Schick almost 16 years ago. Updated over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
2008-12-15
Due date:
% Done:

0%

Estimated time:
Resolution:

Description

I've had a public issue tracker running Mantis that was flooded with spammer attempts to create accounts. The spammers registered, but never completed the "click the link in email" step. So the didn't get accounts, but I had a constant stream of bogus half registered accounts to cleanup. I was only able to prevent this abuse by enabling captcha on the self-registration page.

I am now converting to Redmine, and I've noticed that there is no option for captcha on the self-registration page. I'm concerned that I'll soon be back in the same boat once Redmine goes live. Please consider adding captcha to all self-registration pages.


Related issues

Related to Redmine - Feature #5073: Method of dealing with spam registrationsNew2010-03-14

Actions
Related to Redmine - Feature #675: Anti-spam or captcha for issuesNew2008-02-16

Actions
Has duplicate Redmine - Feature #8130: CAPTCHA Option Closed2011-04-12

Actions
Actions #1

Updated by Michael Koch about 15 years ago

+1 on this. we're starting to have the same issue at www.openpario.net

has anyone jumped on this?

Actions #2

Updated by david austin over 14 years ago

we have the same issue and need a captcha badly... HElp

Actions #3

Updated by Oleg Volkov over 14 years ago

It is better to help the interactive questions, such as "how many days this month."

Actions #4

Updated by Kamil . over 14 years ago

+1

Actions #5

Updated by Bruce Joy over 14 years ago

Actions #6

Updated by Sebastien Bahloul over 14 years ago

+1

Actions #7

Updated by Jean-Baptiste Barth over 14 years ago

-1

CAPTCHA is one of the darkest sides of the WWW. Human users should never have to prove they're not robots. I like the idea of "inverse captcha", or "negative captcha", i.e. you put in the form a trap for spambots, hidden with css or javascript, and/or obfuscate just a bit fields for humans. Until a spammer looks specifically at your website, it does the job, I use it on some blogs I manage and have nearly no spam for years.

The idea of interactive question is just a bit better than CAPTCHA, but it's still annoying for the user imho.

Please, don't introduce such a thing into Redmine...

Actions #8

Updated by Brad Schick over 14 years ago

Jean-Baptiste, if those techniques worked as well as CAPTCHA more people would use them. The main problem is the most of them fail if a human looks at the site once, and then updates their registration bot to "behave correctly".

I'd also mention that CAPTCHA can easily be made an optional feature. But not having it at all will likely be a show-stopper for some.

Actions #9

Updated by Jean-Baptiste Barth over 14 years ago

It could be completed, made more complicated so that it has no impact on user experience and it's still efficient. I understand your point, but I disagree with the "not widely used => not working". This is the reason why Rails doesn't enter many enterprises, and J2EE survives.

Anyway, I was thinking of a default feature. If it's optional and turned off by default, why not... Maybe it could also be implemented as a plugin, see #1131 for that, which will be integrated in the next 1.0 release.

Actions #10

Updated by Trond Lossius over 14 years ago

Another useful functionality would be to check user name and mail address against stopforumspam.com

Actions #11

Updated by W Snyder over 14 years ago

+1 for a plugin. I also was having spam problems on my site, it reached several per day, so I hacked into the sources a "Enter 'foo' here" text field. I realize a human could easily hardcode around this, but the reality is most of the spam doesn't have a human involved at any point in the process. I've had only one get through since.

Actions #12

Updated by Shane StClair about 14 years ago

+1

Actions #13

Updated by Enrique Garcia almost 14 years ago

+1

Jean-Baptiste Barth wrote:

-1

CAPTCHA is one of the darkest sides of the WWW.
(snip)

To me Captchas on websites are like the Police, the Firefighters or Hospitals on the real world. It would be very nice if they were not needed. But the reality is that they are needed.

Actions #14

Updated by Shane StClair almost 14 years ago

This plugin adds a reCAPTCHA to the user self registration...

http://www.redmine.org/plugins/redmine_recaptcha

Actions #15

Updated by Etienne Massip over 13 years ago

  • Category set to Accounts / authentication
Actions #16

Updated by Jean-Claude Wippler about 12 years ago

1 ( a lot more, actually) - see #675

Actions #17

Updated by Christoph Dwertmann over 11 years ago

Recaptcha plugin for Redmine 2.x:
http://www.redmine.org/plugins/recaptcha

Actions #18

Updated by Toshi MARUYAMA over 11 years ago

  • Related to Feature #675: Anti-spam or captcha for issues added
Actions #19

Updated by Zer00 CooL over 5 years ago

How i can use a captcha with redmine 4.x ? I want protect post issue, post wiki, and, post to the forum.

I asked about the unofficial discord of Redmine that sends me back here.

Actions #20

Updated by Zer00 CooL over 5 years ago

How to treat the protection against spam, in 2019, for Redmine?

How do Redmine administrators proceed?

Actions

Also available in: Atom PDF