Archives
Contributors
In Odoo Community 16, how to prevent mass user registrations from unknown sources?
During some time now, my website www.relationalgames.com has been under the generosity of someone with probable access to a large database of user emails.
I would love to understand who this might be and reach out to them, while at the same time, prevent that such operations take place without my consent.
I have now more that 5000 users registered in the website, though none of them is an active user, even though the email domains do seem to exist.
I would like to block bots from signing up or asking for password regenerations through the website, unless they have my permission to do it.
I've tried to activate Google Recaptcha, but it doesn't seem to work for this scenario.
Any thoughts or suggestions?
Antes de imprimir este e-mail por favor tenha em conta a regra dos 3 Rs : Reduzir, Reutilizar, Reciclar
by Diogo Cordeiro - 04:50 - 14 Jul 2025
Follow-Ups
-
Re: [SPAM] Re: In Odoo Community 16, how to prevent mass user registrations from unknown sources?
I've been reluctant to implement this myself since I am wanting to transition to a more functional/management role.
Would anyone here be available to implement this?
What is the best place where people can advertise Odoo related work/bounties ?
Cheers,Diogo Cordovil S. Cordeiro------------------------------------------------------------------------------------------------
Antes de imprimir este e-mail por favor tenha em conta a regra dos 3 Rs : Reduzir, Reutilizar, ReciclarBefore printing this e-mail please consider the 3 R rule : Reduce; Reuse; RecycleOn Mon, Jul 14, 2025 at 9:23 PM Axel Mendoza <notifications@odoo-community.org> wrote:No it doesn't protect it, there will be things that need to be done to integrate it but I like it more since it has more stable api(not a lot of changes) than google recaptcha and simple to use by the end user while secureOn Mon, Jul 14, 2025 at 1:48 PM hugues de keyzer <notifications@odoo-community.org> wrote:hello,
diogo, indeed, odoo’s
google_recaptchamodule doesn’t work for registrations of new users. we’ve just created a module for this very problem for one of our clients. here it is: https://github.com/OCA/server-auth/pull/809
it uses recaptcha v2 (keys to be configured in the website settings), which is based on a challenge presented to the user (while
google_recaptchauses recaptcha v3, which only returns a score and it’s up to the website owner to decide on the minimum acceptable score). the downside of recaptcha v2 is that it’s sometimes hard for humans to pass the challenge and that users train google’s ai models in exchange of the service.indeed, i think that cloudflare’s turnstile looks more promising in that regard and would thus be a better replacement, if someone feels up to the task.
axel, do you know whether
website_cf_turnstileprotects the registration form too (unlikegoogle_recaptcha)?
kind regards,
hugues
Le 2025-07-14 à 21:35, Axel Mendoza a écrit :
Hello DiogoTry to downgrade website_cf_turnstile that exists in Odoo 17.0 and 18.0The 17.0 version should work very well in 16.0 with minor changes regarding to the assets
But your website seems to be not using anything at all to protect the spam account registrations
Best Regards
On Mon, Jul 14, 2025 at 9:37 AM Enric Tobella Alomar <notifications@odoo-community.org> wrote:
There is a setting for this. search for "Let your customers log in to see their documents"
Kind regards,
El lun, 14 jul 2025 a las 16:52, Diogo Cordovil S. Cordeiro (<notifications@odoo-community.org>) escribió:
Hello,
During some time now, my website www.relationalgames.com has been under the generosity of someone with probable access to a large database of user emails.
I would love to understand who this might be and reach out to them, while at the same time, prevent that such operations take place without my consent.
I have now more that 5000 users registered in the website, though none of them is an active user, even though the email domains do seem to exist.
I would like to block bots from signing up or asking for password regenerations through the website, unless they have my permission to do it.
I've tried to activate Google Recaptcha, but it doesn't seem to work for this scenario.
Any thoughts or suggestions?
Diogo Cordovil S. Cordeiro------------------------------------------------------------------------------------------------
Antes de imprimir este e-mail por favor tenha em conta a regra dos 3 Rs : Reduzir, Reutilizar, Reciclar
Before printing this e-mail please consider the 3 R rule : Reduce; Reuse; Recycle
_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
--
Enric Tobella AlomarCEO & Founder
_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
by Diogo Cordeiro - 11:45 - 23 Jul 2025 -
Re: [SPAM] Re: In Odoo Community 16, how to prevent mass user registrations from unknown sources?
No it doesn't protect it, there will be things that need to be done to integrate it but I like it more since it has more stable api(not a lot of changes) than google recaptcha and simple to use by the end user while secureOn Mon, Jul 14, 2025 at 1:48 PM hugues de keyzer <notifications@odoo-community.org> wrote:hello,
diogo, indeed, odoo’s
google_recaptchamodule doesn’t work for registrations of new users. we’ve just created a module for this very problem for one of our clients. here it is: https://github.com/OCA/server-auth/pull/809
it uses recaptcha v2 (keys to be configured in the website settings), which is based on a challenge presented to the user (while
google_recaptchauses recaptcha v3, which only returns a score and it’s up to the website owner to decide on the minimum acceptable score). the downside of recaptcha v2 is that it’s sometimes hard for humans to pass the challenge and that users train google’s ai models in exchange of the service.indeed, i think that cloudflare’s turnstile looks more promising in that regard and would thus be a better replacement, if someone feels up to the task.
axel, do you know whether
website_cf_turnstileprotects the registration form too (unlikegoogle_recaptcha)?
kind regards,
hugues
Le 2025-07-14 à 21:35, Axel Mendoza a écrit :
Hello DiogoTry to downgrade website_cf_turnstile that exists in Odoo 17.0 and 18.0The 17.0 version should work very well in 16.0 with minor changes regarding to the assets
But your website seems to be not using anything at all to protect the spam account registrations
Best Regards
On Mon, Jul 14, 2025 at 9:37 AM Enric Tobella Alomar <notifications@odoo-community.org> wrote:
There is a setting for this. search for "Let your customers log in to see their documents"
Kind regards,
El lun, 14 jul 2025 a las 16:52, Diogo Cordovil S. Cordeiro (<notifications@odoo-community.org>) escribió:
Hello,
During some time now, my website www.relationalgames.com has been under the generosity of someone with probable access to a large database of user emails.
I would love to understand who this might be and reach out to them, while at the same time, prevent that such operations take place without my consent.
I have now more that 5000 users registered in the website, though none of them is an active user, even though the email domains do seem to exist.
I would like to block bots from signing up or asking for password regenerations through the website, unless they have my permission to do it.
I've tried to activate Google Recaptcha, but it doesn't seem to work for this scenario.
Any thoughts or suggestions?
Diogo Cordovil S. Cordeiro------------------------------------------------------------------------------------------------
Antes de imprimir este e-mail por favor tenha em conta a regra dos 3 Rs : Reduzir, Reutilizar, Reciclar
Before printing this e-mail please consider the 3 R rule : Reduce; Reuse; Recycle
_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
--
Enric Tobella AlomarCEO & Founder
_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
by Axel Mendoza - 10:21 - 14 Jul 2025 -
Re: [SPAM] Re: In Odoo Community 16, how to prevent mass user registrations from unknown sources?
hello,
diogo, indeed, odoo’s
google_recaptchamodule doesn’t work for registrations of new users. we’ve just created a module for this very problem for one of our clients. here it is: https://github.com/OCA/server-auth/pull/809
it uses recaptcha v2 (keys to be configured in the website settings), which is based on a challenge presented to the user (while
google_recaptchauses recaptcha v3, which only returns a score and it’s up to the website owner to decide on the minimum acceptable score). the downside of recaptcha v2 is that it’s sometimes hard for humans to pass the challenge and that users train google’s ai models in exchange of the service.indeed, i think that cloudflare’s turnstile looks more promising in that regard and would thus be a better replacement, if someone feels up to the task.
axel, do you know whether
website_cf_turnstileprotects the registration form too (unlikegoogle_recaptcha)?
kind regards,
hugues
Le 2025-07-14 à 21:35, Axel Mendoza a écrit :
Hello DiogoTry to downgrade website_cf_turnstile that exists in Odoo 17.0 and 18.0The 17.0 version should work very well in 16.0 with minor changes regarding to the assets
But your website seems to be not using anything at all to protect the spam account registrations
Best Regards
On Mon, Jul 14, 2025 at 9:37 AM Enric Tobella Alomar <notifications@odoo-community.org> wrote:
There is a setting for this. search for "Let your customers log in to see their documents"
Kind regards,
El lun, 14 jul 2025 a las 16:52, Diogo Cordovil S. Cordeiro (<notifications@odoo-community.org>) escribió:
Hello,
During some time now, my website www.relationalgames.com has been under the generosity of someone with probable access to a large database of user emails.
I would love to understand who this might be and reach out to them, while at the same time, prevent that such operations take place without my consent.
I have now more that 5000 users registered in the website, though none of them is an active user, even though the email domains do seem to exist.
I would like to block bots from signing up or asking for password regenerations through the website, unless they have my permission to do it.
I've tried to activate Google Recaptcha, but it doesn't seem to work for this scenario.
Any thoughts or suggestions?
Diogo Cordovil S. Cordeiro------------------------------------------------------------------------------------------------
Antes de imprimir este e-mail por favor tenha em conta a regra dos 3 Rs : Reduzir, Reutilizar, Reciclar
Before printing this e-mail please consider the 3 R rule : Reduce; Reuse; Recycle
_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
--
Enric Tobella AlomarCEO & Founder
_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
by hugues - 09:46 - 14 Jul 2025 -
Re: In Odoo Community 16, how to prevent mass user registrations from unknown sources?
Hello DiogoTry to downgrade website_cf_turnstile that exists in Odoo 17.0 and 18.0The 17.0 version should work very well in 16.0 with minor changes regarding to the assetsBut your website seems to be not using anything at all to protect the spam account registrationsBest RegardsOn Mon, Jul 14, 2025 at 9:37 AM Enric Tobella Alomar <notifications@odoo-community.org> wrote:There is a setting for this. search for "Let your customers log in to see their documents"Kind regards,El lun, 14 jul 2025 a las 16:52, Diogo Cordovil S. Cordeiro (<notifications@odoo-community.org>) escribió:Hello,
During some time now, my website www.relationalgames.com has been under the generosity of someone with probable access to a large database of user emails.
I would love to understand who this might be and reach out to them, while at the same time, prevent that such operations take place without my consent.
I have now more that 5000 users registered in the website, though none of them is an active user, even though the email domains do seem to exist.
I would like to block bots from signing up or asking for password regenerations through the website, unless they have my permission to do it.
I've tried to activate Google Recaptcha, but it doesn't seem to work for this scenario.
Any thoughts or suggestions?Diogo Cordovil S. Cordeiro------------------------------------------------------------------------------------------------
Antes de imprimir este e-mail por favor tenha em conta a regra dos 3 Rs : Reduzir, Reutilizar, ReciclarBefore printing this e-mail please consider the 3 R rule : Reduce; Reuse; Recycle_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
--Enric Tobella AlomarCEO & Founder_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
by Axel Mendoza - 09:34 - 14 Jul 2025 -
Re: In Odoo Community 16, how to prevent mass user registrations from unknown sources?
There is a setting for this. search for "Let your customers log in to see their documents"Kind regards,El lun, 14 jul 2025 a las 16:52, Diogo Cordovil S. Cordeiro (<notifications@odoo-community.org>) escribió:Hello,
During some time now, my website www.relationalgames.com has been under the generosity of someone with probable access to a large database of user emails.
I would love to understand who this might be and reach out to them, while at the same time, prevent that such operations take place without my consent.
I have now more that 5000 users registered in the website, though none of them is an active user, even though the email domains do seem to exist.
I would like to block bots from signing up or asking for password regenerations through the website, unless they have my permission to do it.
I've tried to activate Google Recaptcha, but it doesn't seem to work for this scenario.
Any thoughts or suggestions?Diogo Cordovil S. Cordeiro------------------------------------------------------------------------------------------------
Antes de imprimir este e-mail por favor tenha em conta a regra dos 3 Rs : Reduzir, Reutilizar, ReciclarBefore printing this e-mail please consider the 3 R rule : Reduce; Reuse; Recycle_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe
--Enric Tobella AlomarCEO & Founder
by Enric Tobella Alomar - 05:36 - 14 Jul 2025
