Gmail dot trick


(Khoa Nguyen) #1

My forum just receive a large number of spaming user registration.
He/She using Gmail dot tricks ( 1 Awesome Gmail Address Tip You Don't Know About. Seriously) to create this large number of email account.

Can you prohibid this trick ?

My discourse is using Cloudflare at a CDN and DNS provider, Discourse can’t work fine caused the IP thing.


(Robin Ward) #2

Couldn’t you ban their IP instead?


(Khoa Nguyen) #3

Hum, I’m using Cloudflare for CDN, and discourse only see Cloudflare, not user’s IP. (in Wordpress, Cloudflare has an plugin to pass the user IP to website)


(Mittineague) #4

At vB we used to get literally thousands of bot “seed” accounts like
aliasg.maila.ccount
alia.sgmai.laccount
ali.asg.mailacco.unt
alias.g.m.ailaccount
al.iasgmai.lacc.ount
… etc. ad nauseum

We eventually had a plugin written to deal with them


(Jeff Atwood) #5

Yeah you’re going to need to turn that off, or figure out how to get CloudFlare to send proper headers for the passthrough IP.


(Khoa Nguyen) #6

Yes. I’m working on that by config Nginx.
Cloudflare actually sends user’s IP via header HTTP_CF_CONNECTING_IP

But prohibid gmail dot trick is useful too.


(Jeff Atwood) #7

You really need to get IP passed through correctly otherwise you are really screwed. That’s about the only effective way to stop spammers, if they are clever.


Config Nginx to receive real IP when using Cloudflare for noobs
(Tiago Carvalho) #8

While in this case banning the IP is the right thing to do, I think there is merit in being able to stop user.name@gmail.com and username@gmail.com from being both registered as two different users at any given discourse forum.

No sane administrator should allow this behaviour (from gmail) and maybe we could have an option to extend this prohibition to other email providers as well.

It would need a simple list like ‘@gmail.com’, ‘@anotherprovidder.com’ and then it would check for registered users by removing the dot or any other relevant character (could have a list as well) to avoid users that want to have two or more accounts.

Maybe a plugin with this functionality would be the best solution.


(Tobias Eigen) #9

Definitely make it optional if you do it at all. I depend on this trick for troubleshooting!