Q: What are DNN Spam Users?
A: Unwelcome user registrations.
I have tried all the recommended solutions to this problem including, changing the registration page, a new registration module and Google Captcha. All my efforts to date have resulted in limited success. The number of registrations on a daily basis is down to just a few.
What I have noticed is that the vast majority of these spam registrations seem to use invalid email addresses. After they register I get an email:
<firstname.lastname@example.org>: host mx01.emig.gmx.net[22.214.171.124] said: 550 Requested action not taken: mailbox unavailable (in reply to RCPT TO command)
This got me thinking. I use Verified Registration where an email is sent with a link for the new user to verify their registration email address. My guess is that genuine new users will wait for the email and click the link all in the same registration sitting. I very much doubt they will wait for a number of hours before doing so.
The question was, could I use this to my benefit. I think I can. To test my theory I created a dll to run as a scheduled task in DNN. The dll calls a stored procedure which checks for entries in the UserPortals table where IsDeleted and Authorised are false. The sp checks the difference between the time the entry was created and the current time. If the difference is greater than a pre-defined limit the entries will be flagged as deleted. Only flagging them as deleted will give the site admin the opportunity to restore any “genuine” entries that may have miss-typed their email address.
For testing I set the time quite short.
In this sample I only give the Spam User 2 minutes before it is deleted.
The code is quite simple:
Yes, values are hard coded but this is just a proof of concept.