captcha type support for user registration?

[Jeremy Kerr]

Hi Andy,

>> My ITS recently noticed that some people are using the registration
>> form on our patchwork servers to send out confirmation emails to
>> random addresses. I was wondering if anyone else had experienced that
>> or had implemented some type of protection against this abuse?
> 
> I don't operate a Patchwork instance so I can't say about the
> regularity of such abuse. Jeremy might be able to offer better advice,
> however.

Yep, we see the same on patchwork.ozlabs.org - it seems that there's
bots that fill out random web forms with random values. I see about
20-40 per day.

I probably wouldn't bother with a captcha for our instance though; it's
a fairly trivial amount of email traffic for those confirmations, and
the non-confirmed accounts should get purged form the db after the
expiry.

So yes, if you do propose a patch for this, please make it optional via
a django setting :)

Cheers,


Jeremy