On Wed, Mar 13, 2013 at 11:33 AM, Lukas Fleischer <archlinux@cryptocrack.de> wrote:
Status quo:
06:54 < gtmanfred> ok, it really is time for something else 06:54 < gtmanfred> the spammer is now creating a new account for every comment and flag out of date
The account suspension feature does not help here.
Options:
* Allow package maintainers to block the "Flag package out-of-date" feature for a certain amount of time. Note that this might eventually cripple the "out-of-date" function. Also, this does not work for comments.
I suggest a flag 24–hour immunity for added/updated packages and a 60–minute immunity after a package gets unflagged.
* Use CAPTCHAs during account registration. We could either use MAPTCHAs ("What is 1 + 1?") or something like reCAPTCHA [1].
MAPTCHAs can be solved easily by bots, reCAPTCHA itself is evil, and image CAPTCHAs can be solved by Indians for a dollar or two per thousand images.
* Moderate new accounts. Might be a lot of work. We need some TUs that review and unlock accounts. Also, it might be hard to distinguish a spam bot from a regular user. If we require a short application text, this might result in less users joining the AUR.
Maybe block the ability of commenting and flagging in the first 24 hours of an user account’s existence?
* Block IP addresses. Bye-bye, Tor users!
Don’t worry, http://proxy.org is here to help our lovely spammers. Also, is email verification necessary? If yes, block 10minutemail.com and other services of this kind. If not, make it so and see “if yes”. -- Kwpolska <http://kwpolska.tk> | GPG KEY: 5EAAEA16 stop html mail | always bottom-post http://asciiribbon.org | http://caliburn.nl/topposting.html