On Fri, Mar 15, 2013 at 11:04:38AM +0100, Timothy Redaelli wrote:
On Wednesday, March 13, 2013 11:33:18 AM Lukas Fleischer wrote:
Status quo:
06:54 < gtmanfred> ok, it really is time for something else 06:54 < gtmanfred> the spammer is now creating a new account for every comment and flag out of date
The account suspension feature does not help here.
Options:
* Allow package maintainers to block the "Flag package out-of-date" feature for a certain amount of time. Note that this might eventually cripple the "out-of-date" function. Also, this does not work for comments.
* Use CAPTCHAs during account registration. We could either use MAPTCHAs ("What is 1 + 1?") or something like reCAPTCHA [1].
* Moderate new accounts. Might be a lot of work. We need some TUs that review and unlock accounts. Also, it might be hard to distinguish a spam bot from a regular user. If we require a short application text, this might result in less users joining the AUR.
* Block IP addresses. Bye-bye, Tor users!
Comments and suggestions welcome! We need to find a proper solution as soon as possible!
Hi, I suggest to use http://www.flameeyes.eu/projects/modsec instead (and in wiki too, so we can remove the horrible captcha). It's an Apache mod_security backlist that reduce the spam (using DNSBL and User-Agent validation).
$ curl -I https://aur.archlinux.org |& grep Server Server: nginx/1.2.6