On 4/11/19 5:36 PM, Lukas Fleischer via aur-general wrote:
On Thu, 11 Apr 2019 at 15:13:32, Daniel M. Capella via aur-general wrote:
On April 5, 2019 7:54:44 AM EDT, NicoHood <archlinux at nicohood.de> wrote:
Should and how can we better protect ourselves from spam comments?
Perhaps we should add CAPTCHA for account registrations.
IIRC, we had an issue with spam bots several years ago. We tried adding a CAPTCHA back then and it did not help (which, of course, does not imply that CAPTCHAs do not work in general).
The issue was eventually resolved by requiring users to confirm their email address and set an initial password from the confirmation email before using their accounts. If this no longer works and massive spamming continues to be a problem, I am open to trying other techniques again.
That being said, I think we should first figure out whether spammer account creation is automated or done manually this time.
As a next step we could add a requirement to "unlock" a new account by checking its first comment. But this requires additional work on our side. It seems that those spammers are real persons then.