diff options
| author | Ben Sturmfels <ben@sturm.com.au> | 2021-09-04 22:48:23 +1000 |
|---|---|---|
| committer | Ben Sturmfels <ben@sturm.com.au> | 2021-09-04 22:48:23 +1000 |
| commit | 120f144f0eb014e694a584a627c8b17856da5b51 (patch) | |
| tree | 6f10abf7f055de38abffc19a3828be39c5d123be | |
| parent | 00fb2b3d9b0fe3f1f12cb205be743b9b4c5a32df (diff) | |
| download | mediagoblin-120f144f0eb014e694a584a627c8b17856da5b51.tar.lz mediagoblin-120f144f0eb014e694a584a627c8b17856da5b51.tar.xz mediagoblin-120f144f0eb014e694a584a627c8b17856da5b51.zip | |
Disable registrations by default due to spam.
| -rw-r--r-- | docs/source/siteadmin/deploying.rst | 3 | ||||
| -rw-r--r-- | docs/source/siteadmin/production-deployments.rst | 26 | ||||
| -rw-r--r-- | docs/source/siteadmin/relnotes.rst | 1 | ||||
| -rw-r--r-- | mediagoblin.example.ini | 5 | ||||
| -rw-r--r-- | mediagoblin/config_spec.ini | 2 |
5 files changed, 22 insertions, 15 deletions
diff --git a/docs/source/siteadmin/deploying.rst b/docs/source/siteadmin/deploying.rst index 5327c62d..5520ba30 100644 --- a/docs/source/siteadmin/deploying.rst +++ b/docs/source/siteadmin/deploying.rst @@ -317,6 +317,9 @@ your own email address and enter a secure password when prompted:: $ ./bin/gmg adduser --username you --email you@example.com $ ./bin/gmg makeadmin you +Public registrations is disabled by default due to automated spam +registrations. For more details, see ":ref:`enable-registration`" + Test the Server ~~~~~~~~~~~~~~~ diff --git a/docs/source/siteadmin/production-deployments.rst b/docs/source/siteadmin/production-deployments.rst index 52563e6e..022d8175 100644 --- a/docs/source/siteadmin/production-deployments.rst +++ b/docs/source/siteadmin/production-deployments.rst @@ -18,28 +18,30 @@ Further Considerations for Production Deployments This page extends upon our ":doc:`deploying`" guide to describe some common issues affecting production deployments. +.. _enable-registration: Should I Keep Open Registration Enabled? ---------------------------------------- -Unfortunately, in this current release of MediaGoblin we are suffering -from spammers registering to public instances en masse. As such, you -may want to either: +Unfortunately, enabling public registrations in MediaGoblin will usually result +in many thousands of automated spam registrations. Spam accounts will typically +remain un-activated, but the volume alone may cause poor performance on your +site. For this reason, registrations are disabled by default and we recommend +against enabling public registration. -a) Disable registration on your instance and just make - accounts for people you know and trust (eg via the `gmg adduser` - command). You can disable registration in your mediagoblin.ini - like so:: +Should you choose to enable registration, you can update in your mediagoblin.ini +like so:: [mediagoblin] allow_registration = false -b) Enable a CAPTCHA plugin. But unfortunately, though some CAPTCHA - plugins exist, for various reasons we do not have any general - recommendations we can make at this point. +Alternatively, you may wish to just make accounts for people you know and trust +(eg via the `gmg adduser` command). -We hope to have a better solution to this situation shortly. We -apologize for the inconvenience in the meanwhile. +A further option may be to enable a CAPTCHA plugin. But unfortunately, though +some CAPTCHA plugins exist, for various reasons we do not have any general +recommendations we can make at this point. We hope to provide a better solution +to this problem in the future. Confidential Files diff --git a/docs/source/siteadmin/relnotes.rst b/docs/source/siteadmin/relnotes.rst index 78342d99..04eb5366 100644 --- a/docs/source/siteadmin/relnotes.rst +++ b/docs/source/siteadmin/relnotes.rst @@ -44,6 +44,7 @@ This chapter has important information about our current and previous releases. - Remove Debian 10 development Dockerfile (BenSturmfels) - Document running multiple MediaGoblin instances on one server (Ben Sturmfels) - Begin conversion from jQuery to vanilla JS (Ben Sturmfels) +- Disable registration by default due to spam (Ben Sturmfels) **Bug fixes:** diff --git a/mediagoblin.example.ini b/mediagoblin.example.ini index 6da625b6..1a2216a5 100644 --- a/mediagoblin.example.ini +++ b/mediagoblin.example.ini @@ -27,8 +27,9 @@ email_debug_mode = true # email_smtp_host = "" # email_smtp_port = 0 -# Set to false to disable registrations -allow_registration = true +# Set to true to enable registrations. We recommend reading "Should I Keep Open +# Registration Enabled?" in the production deployment documentation first. +allow_registration = false # Set to false to disable the ability for users to report offensive content allow_reporting = true diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini index 9025a436..80e7f268 100644 --- a/mediagoblin/config_spec.ini +++ b/mediagoblin/config_spec.ini @@ -50,7 +50,7 @@ email_smtp_pass = string(default=None) # Set to false to disable registrations -allow_registration = boolean(default=True) +allow_registration = boolean(default=False) # tag parsing tags_max_length = integer(default=255) |