XF 2.2 Connected accounts let spammers in without any checking (at least Google one)

[Alan_SP]

What I did and noticed is, when I setup Google for my connected accounts, spammers have a free ticket to enter my forum.

I had few spammers get in without problems, and guess what, all with gmail.com address. So, I tested how it goes with my gmail.

After I registered using connected account, I was immediately registered. No checks by StopForumSpam, nothing. And, spammers use this big time.

I suggest that users after registration with connected account go to usual spammers' protection services, and only if they pass it, they be let in.

Or, it is also possible, that by some miracle they aren't in StopForumSpam database, but on other forum I also manage, I don't get this many spammers in so short time, i.e. it seems to me that the difference is Google's connected account.

 

[Chris D]

This is incorrect.

We do perform the usual spam checks, regardless of the method of registration:

$input = $this->getConnectedRegistrationInput($providerData);
$registration = $this->setupConnectedRegistration($input, $providerData);
$registration->checkForSpam();

If they were let through without issue then it means that Stop Forum Spam didn't detect them as a spammer, or didn't meet the thresholds you have set in your options.

 

[Alan_SP]

Well, it is possible, of course, but threshold is set at 1, so anything in database should trigger them.

For now, I'm testing without Google as connected account. I got 2 spammers in 2 days. But, as you say, it may be just my bad luck, but I never had this much spammers in so short span. They usually got caught and sent to approval, or, if they passed somehow, this was like maybe once in a month or two. But now 2 in 2 days...