How do unauthenticated users get onto our site?

antispam
spam
accounts
retag add tags

We have a site that requires validation with an outside authentication service (a wiki/LDAP) but yet we see users with obvious bad names on our site and "posting" questions with nonsense in them.

It is apparent that there are others who use AskBot with similar issues.
I have a few questions:

How did these users create accounts for themselves if they did not use our (what we thought was a) sinlge external authentication?
How can we stop this from happening?
How did these bots find the site? (we don't publish it - it is a closed site)

EDIT Note that I was able to reproduce the ability to sign in with nonsense accounts by navigating to [mysite]/account/signup/?login_provider=local there is no way to get there from a UI as far as I could tell, but the url works and allows a person to signup.

tim

asked 2014-12-13 19:15:56 -0500, updated 2014-12-21 21:04:10 -0500

edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

Comments

The attempts apparently just came through the usual registration page. Although it was not possible to get to that page through the UI, the url still worked. We are hosting on our own server. Users must be registered to see content/post. We fixed this by using the domain whitelist for emails in order to register.

tim (2014-12-21 12:59:45 -0500) edit

Which url was that?

Evgeny (2014-12-21 13:52:36 -0500) edit

.../account/signup/?login_provider=local

tim (2014-12-21 21:02:57 -0500) edit

How do unauthenticated users get onto our site? edit

Comments

1 Answer

Comments

How do unauthenticated users get onto our site?