Spam user account / user account security plugin

Spam user account / user account security plugin

von Dale Davies -
Anzahl Antworten: 8

I've been toying with the idea of creating a new plugin for Moodle that will...

  • Block new user signups where there is a domain on a list like the one provided here... https://github.com/disposable/disposable-email-domains
  • Check the project honeypot http blacklist for IP addresses and block users from signing up if the IP is on the list, or warn admins of suspicious signups.
  • Same as above for stopforumspam based on the combination of username, IP and email address.
  • Block new user signups where the email address can be found using something like the haveibeenpwned API or something similar, or warn the users at the point of signup.
  • Have a scheduled task that could check user accounts periodically and either email the users reminding them to change their password or force them to change their password.
  • Provide admin reports for the above, possible options to do things like reset users passwords who are on the list.
  • Site admins should be able to enable the various options above depending on how strict they want to be.

Thinking this might be an admin tool and could implement the pre_signup_requests and/or check_password_policy callbacks maybe (not sure if there are any appropriate hooks yet.

I can't see anything that exists already to do all of the above, does anyone have any thoughts? Would this be something you'd find useful?

Als Antwort auf Dale Davies

Re: Spam user account / user account security plugin

von Lukas MuLu Müller -

Hi Dale,

I also wanted to implement some new checks as an alternative to Recaptcha including some Honeypots, minimum time for filling the signup, etc.

Looks like we have a projekt for the MoodleMoot. lächelnd

Greetings from Landsberg,

Lukas/MuLu

Als Antwort auf Lukas MuLu Müller

Re: Spam user account / user account security plugin

von Dale Davies -
https://github.com/daledavies/moodle-tool_registrationrules
Als Antwort auf Dale Davies

Re: Spam user account / user account security plugin

von Dale Davies -
Not sure where else to communicate this! But we now have a basic high level sub plugin management UI, I've built out the rule_checker and rule_checker_result classes, and added a lot more comments.
Als Antwort auf Dale Davies

Re: Spam user account / user account security plugin

von Dale Davies -
Note for the latter I've just written a bit of code, not actually checked to see if it works!
Als Antwort auf Dale Davies

Re: Spam user account / user account security plugin

von Philipp Hager -
I tried to create a space in Matrix for us...

Can you give me your preferred mail addresses?

https://matrix.to/#/@philipp.hager:matrix.org
Als Antwort auf Philipp Hager

Re: Spam user account / user account security plugin

von Philipp Hager -
Now, I've found the link to the space itself: https://matrix.to/#/!oVDvdwByFIuqHOtoMR:matrix.org