Hi, @drbauder.
When I initially implemented ReCAPTCHA v2 for OJS 2.4.8, I didn’t cover the use case of notification list subscriptions and I inadvertently broke (the now unusable) ReCAPTCHA v1. This was fixed in the patches @asmecher references.
Unfortunately, ReCAPTCHA alone will not stop all spam registrations. We’ve found several instances of botnets (or distributed mechanical turks?) targeting specific journals we host of publish. These registrations are completing the ReCAPTCHA challenge and in many cases are also completing email verification (!!!). We were experiencing these registrations on the order of hundreds per day.
We are piloting three new modules to help to address this:
-
GitHub - ulsdevteam/pkp-formHoneypot: User registration honeypot plugin for OJS / OMP.
- This allows the Journal Manager the ability to setup one of the fields on the registration form as a bot honeypot. This reduced our spam registrations from hundreds per day to dozens per day in some journals.
-
GitHub - ulsdevteam/pkp-akismet: Akismet anti-spam plugin for OJS / OMP
- This allows use of the third-party anti-spam service Akismet (subscription required). In my experience, this is catching about half of the submitted spam in some journals.
-
GitHub - ulsdevteam/pkp-recentUsers: Allows PKP OJS Journal Managers the ability to browse users by recent activity
- This allows journal managers to browse users by recent activity (such as most recent user registrations). This requires early adoption of features scheduled against OJS 2.4.9. The journal manager could then review and disable recent spam registrations.