"Hacked" emails making accounts...

Hacked is in scare-quotes for a reason, so if you're checking this site for the first time because you think your email was hacked and it made an account listen (read) up. You were probably NOT hacked. All the bot network needed was your email address, NOT your password, to make the unwanted account. That's it. And how did they GET that? Well, you either went somewhere you shouldn't have, you signed up on a shifty website and they gave it/sold it/ had their database compromised, or you have your full email address listed somewhere publicly without protections ( you should start typing "dot com" instead of ".com").

And because of that, the bots that have it are using your email address to sign up for things on Drupal sites among others (a lot of the spam is for medicine, bootleg fashion or comments saying "good blog post nice information good article"). It's using your email address- they don't have your email password, I certainly don't have your email password, so you weren't hacked- they just used your email as an impersonation to attack my site with spam. Despite security measures, they get around it. You don't have to write to me asking me to remove you from the registry- I can tell the difference between hundreds of spams and the small handful of people who are here because they actually care about my hard work, and if I didn't delete it already, I'll get it the next time I purge the registry of hundreds of fake accounts. Yes, I find the fact that it's signing up complete strangers for my site incredibly frustrating, disheartening, enraging, embarrassing... but please don't blame me for it.

I've now changed the "welcome" email to include a line about accounts made in error because I've been getting an increasing amount of emails demanding I remove their account, as well as spam accounts getting through to make comments circumventing approval. I'm loathe to employ a captcha- I HATE captcha, and it discourages the steadily dwindling amount of interested readers from saying anything. When I can afford it though I may look into something similar to what Top Webcomics does for their anonymous voter page... maybe something like that would slow down the fake accounts and be less aggravating for users.

Comments

Xade's picture
Xade

captcha may be evil but it is a necessary one and a good tool against the spammer war. Sometimes just a simple question is enough to help out. I have a character quiz that I sometimes change and it has done a lot to drastically reduce the spammers because they have to actually read through my blog archives to find out who the character is and they will mosey along. I chose my main character because I haven't done the comic yet, I'm waiting on the 3d base characters before actually starting on the comic, but once the comic is actively updating I'll be choosing different questions pertaining to it. So perhaps that idea might help you, the character quiz, Don't make it obvious (don't say "Who is the title character?" chose a description like oh...."Who has the unique pointy hairdo?" and don't forget the capital letter in the reply

Razzy Jazz's picture
Razzy Jazz

To farther Xade's idea which I think is a good one, the questions could be something like "What species is [name]?" because if you stick with the most recurring/well known characters even new readers should be able to answer.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.