On Wed, Mar 13, 2013 at 11:48:50AM +0100, Maxime Gauduin wrote:
On Wed, 2013-03-13 at 11:33 +0100, Lukas Fleischer wrote:
Status quo:
06:54 < gtmanfred> ok, it really is time for something else 06:54 < gtmanfred> the spammer is now creating a new account for every comment and flag out of date
The account suspension feature does not help here.
Options:
* Allow package maintainers to block the "Flag package out-of-date" feature for a certain amount of time. Note that this might eventually cripple the "out-of-date" function. Also, this does not work for comments.
* Use CAPTCHAs during account registration. We could either use MAPTCHAs ("What is 1 + 1?") or something like reCAPTCHA [1].
* Moderate new accounts. Might be a lot of work. We need some TUs that review and unlock accounts. Also, it might be hard to distinguish a spam bot from a regular user. If we require a short application text, this might result in less users joining the AUR.
* Block IP addresses. Bye-bye, Tor users!
Comments and suggestions welcome! We need to find a proper solution as soon as possible!
Blocking IP addresses would be the most effective and require the less work imho. Here's how I'd do it:
Add a 'TOR user' checkbox on the 'My account' page to state whether the user uses TOR or not, and ask the same question during the creation of new accounts.
All new and existing accounts not using TOR are automatically whitelisted.
All new or existing accounts using TOR are automatically blacklisted, and have to send a request to aur-general so they can be granted a special status which bypasses the IP verification.
Give TUs more super powers so they can blacklist or whitelist users/IPs.
What do you think?
Sounds like a reasonable suggestion to me. I don't think we need a "TOR user" check box, though. IP bans and account-based whitelists should suffice.
Cheers.
-- Maxime