cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Catalog Spam

jfenton
Community Participant
2 15 1,814

Some Catalog users have noticed a sharp increase in fake accounts being created over the last few weeks. We're adding 2 new features to Catalog to help mitigate the issue. 

 

First, you'll notice in your beta environment that we've added reCAPTCHA to the registration process. This will block bots from being able to create Catalog accounts, as well as deter groups of humans from creating fake users. By default this will be turned on for all accounts in production on the 18th. However, we know some institutions have customized the registration flow. If you would prefer not to have reCAPTCHA added to your registration page, please let your CSM know before the 18th. While the reCAPTCHA setting isn't user accessible, we can also easily enable or disable it at any point in the future for institutions who would like a change. 

 

Second, we're adding the option for institutions to use and manage a list of allowed or blocked domains for new user registration. For example, if an institution was seeing fake accounts getting created from the domain fakeusers.net, they could add that to their blocked list. Or, if an institution only wanted users to be able to create new accounts using their institution's domain, they could add that to their allowed list. 

 

These lists will be configurable in the UI under the Catalog info tab. Sub accounts will have the option of inheriting the setting from the parent account or managing their own list. Only one list can be active at a time per Catalog, and an allowed or blocked list does not need to be used. Look for this to hit beta later today or tomorrow. The plan is also to push this to Production on the 18th. 

 

We know these changes are coming rapidly and appreciate any feedback. 

 

 

Edit 4/15/20

We were hoping to have the allowed and blocked lists ready to go out along with the reCAPTCHA work, but it's going to take us a bit longer to get it wrapped up. Only reCAPTCHA will go to production on the 18th. We'll see how much this mitigates the creation of fake accounts and evaluate if we need to release the registration restriction lists early or if it can go out with the normal release. If we do decide to release it early I'll update this post. 

15 Comments