New user registration is broken.

Ben Cooksley bcooksley at kde.org
Thu Mar 29 21:22:58 UTC 2018 

On Fri, Mar 30, 2018 at 7:25 AM, Ricard Anufriev
<ricardwork at googlemail.com> wrote:
> I know this is more of a web team and not a sysadmin concern, but:

Hi Ricard,

>
> When I try to register again a big, red warning explained to me how my
> attempt has been logged due to its criminal nature and KDE thinks about
> taking legal actions against me. Lastly it told me to contact the sysadmin
> via email if there was a problem.

That message was written at a time when we were dealing with a huge
influx of call centre spammers (all based out of India based on their
IP addresses) who were registering numerous accounts in very quick
succession to attack our wikis and forum. We were killing off 10+
accounts in the space of a few hours. Contributors were left quite
exasperated as these attacks effectively left our wikis unusable until
the damage was cleaned up.

It was intended to make them think twice about what they were doing,
and was part of a suite of measures we were forced to introduce to
keep our spaces usable for the wider community. Given that all our
measures have now succeeded in defeating them, the message probably
should be revised yes.

>
> Suggestions to fix the problem:
> - Replace combo box with a text field (I believe the need for suggested nick
> names is rather small compared to people, who want to have the creative
> freedom to just input it)

Unfortunately this is a matter of community policy in relation to
Subversion usernames, and developers Identity usernames are also used
as their Subversion usernames.
Community policy requires them to be based on the developers real name.

This limitation stems back to the original intention of Identity,
which was never for user services, but was for services aimed at
developers (originally, Reviewboard and Redmine)

We therefore can't change this, at least not within the current framework.

> - Change the red warning to something less threatening and add in some
> possible solution (i.e. "You are trying to register again. If you are having
> a problem, clear the cookies or click here to get a new activation email.").
> I think no criminal will stop their attempt just because they saw a stern
> warning.
> - Don't take legal action against me and  I guess you won't, but this is the
> first time I've gotten legal threats by an international organisation, so
> maybe I shouldn't take it too lightly.
> - Please assure that you are not regarding my attempt to use your site as an
> attack and that you won't take legal action against me because of this
> "incident".

You can disregard the warning, it's aimed at actual spammers which you aren't.

>
> Cheers,
> Ricard Anufriev

Regards,
Ben Cooksley
KDE Sysadmin

>
>
>
> Am 29.03.2018 um 15:43 schrieb Nate Graham:
>>
>> Ben, how can we fix this for the remaining 1% so you don't have to answer
>> emails like this and handle sysadmin tickets? 1% of the possible universe of
>> likely new KDE Identity account owners could be a lot of people.
>>
>> Nate
>>
>>
>> On 03/29/2018 01:51 AM, Ben Cooksley wrote:
>>>
>>> On Thu, Mar 29, 2018 at 8:43 PM, Ricard Anufriev
>>> <ricardwork at googlemail.com> wrote:
>>>>
>>>> Hi,
>>>
>>>
>>> Hi Ricard,
>>>
>>>>
>>>> please check the new user registration page ("Complete Registration on
>>>> KDE
>>>> Identity") which is provided by the confirmation mail (send after
>>>> completing
>>>> https://identity.kde.org/index.php?r=registration/index )
>>>>
>>>> The registration page asks for a Username, but instead of a text field
>>>> it
>>>> has a combo box, which has only one element "Not selected". Using this
>>>> option will, of course, fail and result in "Username cannot be blank."
>>>> or
>>>> "Username is invalid.".
>>>>
>>>> Fix: Use a text field for Username.
>>>
>>>
>>> This system works in 99% of cases. The usual cases where it fails are
>>> where the person enters an extremely common name, or where they have
>>> entered the bare minimum in order to satisfy the system's requirements
>>> (ie. they've not provided their actual name, or a reasonable
>>> pseudonym)
>>>
>>> I've checked and we don't seem to have a pending registration for your
>>> email address, so please send the address you tried to register with
>>> to sysadmin at kde.org and we will look into why you had issues here.
>>>
>>>>
>>>>
>>>> Cheers,
>>>>
>>>> --
>>>> Ricard Anufriev
>>>>
>>>
>>> Regards,
>>> Ben Cooksley
>>> KDE Sysadmin
>>>
>>
>
> --
> Ricard Anufriev
>

More information about the kde-www mailing list