On Fri, Mar 15, 2013 at 11:04:38AM +0100, Timothy Redaelli wrote:
On Wednesday, March 13, 2013 11:33:18 AM Lukas Fleischer wrote:
Status quo:
06:54 < gtmanfred> ok, it really is time for something else 06:54 < gtmanfred> the spammer is now creating a new account for every comment and flag out of date
The account suspension feature does not help here.
Options:
* Allow package maintainers to block the "Flag package out-of-date" feature for a certain amount of time. Note that this might eventually cripple the "out-of-date" function. Also, this does not work for comments.
* Use CAPTCHAs during account registration. We could either use MAPTCHAs ("What is 1 + 1?") or something like reCAPTCHA [1].
* Moderate new accounts. Might be a lot of work. We need some TUs that review and unlock accounts. Also, it might be hard to distinguish a spam bot from a regular user. If we require a short application text, this might result in less users joining the AUR.
* Block IP addresses. Bye-bye, Tor users!
Comments and suggestions welcome! We need to find a proper solution as soon as possible!
Hi, I suggest to use http://www.flameeyes.eu/projects/modsec instead (and in wiki too, so we can remove the horrible captcha). It's an Apache mod_security backlist that reduce the spam (using DNSBL and User-Agent validation).
But blacklisting is bad too. We already had discussed this issue: if the spammer is coming from a provider who gives IPs dynamically to their users, then one spammer will be blocked and changes the IP... the next user of the blocked IP then will not have access to AUR. Ciao, Oliver