random people creating user accounts

Carolina Tiger Rescue's picture

So, last week all of a sudden I had a bunch of random people attempt to create accounts in my "non-live" site. When I had to rebuild the site, I'd forgotten to put it in maintenance mode.

But, since there shouldn't be any links out there pointing to this test site, I suspect the attempts at creating accounts are spammish. Is this normal? how best to handle?

thanks, Amanda


You can turn off anonymous

purdy_nc's picture

You can turn off anonymous user creation on the User Settings page:


Carolina Tiger Rescue's picture

I'm using Drupal 7. When I went to /admin/user/settings this just showed the same page that I get when I click on Configuration. If I then go to "People", it certainly looks like the place where I would disable anonymous users, but that option is not available.

try admin/config/people/accou

dpickerel's picture


turning off anonymous user

Carolina Tiger Rescue's picture

that does seem to be the place, but here's the options I see:

Who can register accounts?
Administrators only
Visitors, but administrator approval is required

and I have it set to visitors, but admin approval required.

The only reference to anonymous on this page is a text input to provide the name used for anonymous users and changing the content to the Anonymous user when an account is cancelled.

Thank you. I was a bit

vfranklyn's picture

Thank you. I was a bit wigged out that anon users could set up an account in D7 and couldn't find where to disable that. Your suggestion worked.

It's pretty common. There's a

dpickerel's picture

It's pretty common. There's a feature in Drupal that advertises your new drupal site, I think they find it from that.

I love hidden captcha for stopping bots. It's my new favorite.

setting up hidden captcha

Carolina Tiger Rescue's picture

I installed hidden captcha- sounds great. I've enabled captcha (a required module) and hidden captcha, but not really sure how this gets added to the signup page the site visitor would see. I see some config options for Captcha but none for hidden captcha. How do I go about getting this set up? There doesn't seem to be any such instructions on the project page.

We have this problem on

jhibbets's picture

We have this problem on opensource.com. We use a combination of CAPTCHA and mollom to help combat this. We eventually block all these users. At first, we were deleting them, but I believe this just allows the spammers to register again using the same email address. We also took another approach to block their profile.

We assume that these accounts are for blackhat SEO - people trying to get links on your site for increased page rankings. When we implemented our point and badge system [http://opensource.com/points-and-badges] we decided to not display user profiles that did not earn more than 10 points. The points and badge system also helps us identify rogue/unsued accounts but more so, to identify active users in our community.

Hope this helps.

think I found it

Carolina Tiger Rescue's picture

OK, under Captcha configuration settings I see that I can select hidden captcha as an option for the user-reg form, so I think that's set now.