View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0034408 | mantisbt | security | public | 2024-04-19 04:20 | 2024-05-04 04:46 |
Reporter | cas | Assigned To | dregad | ||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | closed | Resolution | won't fix | ||
Product Version | 2.26.1 | ||||
Summary | 0034408: Avoiding spam by adding option for Admin approval of new users | ||||
Description | Given increased spam logins, there is a need to enable admin approval for new accounts. In case this is found useful, i can create easily a pull request such this can go inbto a future release. | ||||
Additional Information | Would be useful on this site too given the spam activity | ||||
Tags | No tags attached. | ||||
In addition, password can only be activated after admin approval |
|
See pul request https://github.com/mantisbt/mantisbt/pull/1996 |
|
@cas While I appreciate your contribution, I am unfortunately not at all convinced by the proposed solution, which I don't believe would be much help in addressing the problem.
Moreover, using the realname field to store some predetermined string (like |
|
FYI, we were discussing this topic internally a few weeks ago, and @vboctor proposed the idea of an anti-spam plugin which, while not ideal IMO as it would still require potentially a lot of manual work (like forums moderation), at least it can be done with some context, i.e. actual posts (issues / bugnotes). I'm thinking we probably need to build an anti-spam plugin. This would be triggered when creating an issue or a note and can trigger one of four actions: no-op (useful for channing), allow (to allow now), deny (to deny now), quarantine for review (to quarantine now). If all plugins int he chain return no-op, then issue is accepted. Allow/Deny are straight forward. Quarantine would add the inputs of the create issue / create note command + triggering user to a table. Then provide a UI for admins to triage and accept or reject. This will enable anti-spam plugin(s) to provide functionality like: If from banned IPs, reject. |
|