On Fri, Mar 15, 2013 at 05:13:43PM +0100, Pierre Schmitz wrote:
Am 13.03.2013 11:33, schrieb Lukas Fleischer:
Status quo:
06:54 < gtmanfred> ok, it really is time for something else 06:54 < gtmanfred> the spammer is now creating a new account for every comment and flag out of date
The account suspension feature does not help here.
Options:
* Allow package maintainers to block the "Flag package out-of-date" feature for a certain amount of time. Note that this might eventually cripple the "out-of-date" function. Also, this does not work for comments.
* Use CAPTCHAs during account registration. We could either use MAPTCHAs ("What is 1 + 1?") or something like reCAPTCHA [1].
* Moderate new accounts. Might be a lot of work. We need some TUs that review and unlock accounts. Also, it might be hard to distinguish a spam bot from a regular user. If we require a short application text, this might result in less users joining the AUR.
* Block IP addresses. Bye-bye, Tor users!
Comments and suggestions welcome! We need to find a proper solution as soon as possible!
We already tested all this years ago with the Wiki and Forums. Why reinvent the wheel instead of just using an existing solution? I could point you to the code if wanted; it's pretty simple and should be easy to integrate into the aur registration.
Because we suspect that the bots spamming the AUR were specifically designed for this specific setup of this specific platform and might react to such a simple change. Given the effort required to implement this, I agree that it is worth trying out, though. I will look into this on Monday/Tuesday. If the captcha will not prove itself in practice I will implement a blacklist/whitelist based solution. Thank you for all the replies.
Greetings,
Pierre
-- Pierre Schmitz, https://pierre-schmitz.com