Any ideas how to stop bogus account creation?

[daneh]

I keep having bogus accounts created. I know this is part of doing business, but does everyone have this issue?

I have been adding the offending IP's to the htaccess file, but it is a continuous problem. I have had captcha since day one, but they are quite persistent.

Today I happened to notice something strange: Two visitors with different ip's with the same zen id, and one of them created the bogus account. Here is a pic, but with the id removed.



Most if not all bogus accounts have been entered by the testimonials manager. I have postsed on the testimonials manager thread for assistance, and it boils down to me using a captcha that doesn't work with the testimonial manager. I tried installing the one Clyde suggested, and the one he has made a patch for, but it broke my cart...3 different attempts at installing, same results. Needles to say, it is a live site and I cannot have a broken cart, so I went back to my original captcha.

I am going to remove the testimonial manager (unfortunately....it is a great mod), but was wondering about those different ip's with the same zen id....

Any ideas how that could happen?

[Kim]

Daneh-

Instead of using Captcha - talk to the folks at Form Armor about adding your mod to their antispam protection -

[daneh]

Ok, need to add to the prior post. There is another two visitosr with completely different ip's, but with the same exact zen id as the other two. they also made bogus account3....That is four just today.

[daneh]

Thanks Kim, I will look into it better in the am.

I notice they take care of just the contact us and tell a friend forms. I don't think those are my problem.

Thanks for the quick response.

[Kim]

Have you sent out a link in an email or other place that has a zenID attached to it? Do you have Recreate Sessions enabled in the Admin> Configuration> Sessions?

[Kim]

They can do other forms too :)

[daneh]

Recreate sessions is set to true.

I don't believe I ever did send out any emails with id's.

That does make me wonder though....I do remember a link I made early on by copy/paste that had an id in it. I did catch it, but I wonder if that could be it? I remember seeing a post you made about being sure there are no id's posted anywhere.

If so, is there a way to deny a particular id?

I have sent an email to form armor asking about the testimonials manager form. I guess I will see the cost before I decide to remove the mod from my site. thanks Kim.

[daneh]

Update on Form Armor:

After a nice chat with the folks at Form Armor, they are going to work on adding the login/ register page to their offerings. They will be contacting the Zen team about it.

It was already on their radar screen, but according to the woman I spoke to, they will try to get it going soon to try on my site.

Thanks Kim for the suggestion!

[FormArmor]

Just wanted to give you guys an "official" update from Form Armor. (Enjoyed talking with you today daneh!)

We are indeed working on integrating the Form Armor service to work with the Customer Account sign-up form and also for the form that's part of the Testimonials module.

I expect to have this ready to go for daneh's shop and also available to everyone else in the next few weeks.

If you're having spam problems with other forms or form-based modules and would like to try Form Armor, please send me a PM. We're glad to include anti-spam protection and Form Armor integration options for other forms and modules if there's a need for it.

Thanks!

[daneh]

Thanks Larissa, I look forward to giving it a spin.