Friendica: Add pending account automatic cleanup

Created on 11 Dec 2018 · 3Comments · Source: friendica/friendica

Every admin had probably already found Mr. Chris Greenwalty in his database.

These fake accounts should be prevented, in which an account becomes active only then, if a confirmation is present.

A possible solution:

User registers new
User receives welcome mail with confirmation link [domain][hashwert]
User confirms link
Application sends login data

The e-mail address can be marked as 'real' and used for the password forgotten process.

As long as the link with the hash value is not authenticated against the DB, the user should be kept as penging in the DB and automatically deleted after e.g. 7 working days.

In addition to the additional security for users and admins, account corpses are also avoided.

New Feature

Source

loma-one

👍1

Most helpful comment

This is also related to #4752

JonnyTischbein on 11 Dec 2018

👍3

All 3 comments

All of what you are describing is already happening almost to the letter. We don't allow users to set their password at registration, they are sent in the registration confirmation email. So they can't post anything until they received the login email, or the forgotten password email.

The only thing missing is the automatic account cleanup task.

MrPetovan on 11 Dec 2018

👍1

The problem with Mr.Greenwalty and other "promotional" accounts is that he/they use valid email addresses to create accounts. They log in normally, set up their profile and add their advertising. Then they leave and never come back.
If your node has an open registration policy (w/o approval by the admin) there is nothing you can do about it. Because they do this like normal users the accounts are totally valid and "active". There is no technical way to prevent it. You can only delete them manually.