Hi, Dave and Everyone, Spammers have become a seriously problem for web sites of all stripes and sizes. Note especially that the big sites like Google, Yahoo, MySpace, and Facebook have tons of spam accounts because they are, by definition, sites that allow everyone to sign up for an account. Those sites have millions of valid users -- and a presumably a proportionate fraction of spam accounts too.
So this just means we will have to carefully consider how to address this issue. As far as I remember, the "file upload" code that I had developed and handed over to Ben for the OFLB beta does some checks to see if the font files included in a zip package are really font files (as opposed to trojan files that happened to be named with ".TTF" or the like). In light of Fontfreedom's comment, it will be worthwhile to revisit that code and see whether additional rigor and vigilance is required before going live. This is certainly an important part of what we can do to avoid spammer activity. The fact that OpenId is attacked by spammers does not necessarily mean that OpenId is at fault or an inappropriate choice. I think most of us will agree that it is still worthwhile to use Google or Facebook services even though those sites suffer from orders of magnitude more spam accounts than smaller sites. So I'm personally not yet ready to discount the possible value of using OpenId as a login service. A further investigation of the merits --or lack thereof-- is required. Best - Ed On Wed, Mar 10, 2010 at 4:49 AM, Dave Crossland <[email protected]> wrote: > On 9 March 2010 21:57, <[email protected]> wrote: >> OpenID = Let the spam roll in like crazy. >> >> I've used it on my sites b4...I do drupal dev, and that's just it... > > Okay cool. How do you block spam? >
