[aur-general] User ban request
Can a TU please ban this user [1] before they keep spamming the AUR? The username is some throwaway crap, the email address is for mailinator.com (i.e. it's disposable) and has never voted, and has marked /every single one/ of my 183 packages out-of-date for no reason (oh, this is going to be /so amazingly fun /to undo by hand). [1] https://aur.archlinux.org/account/DHTcWv8/
Can a TU please ban this user [1] before they keep spamming the AUR? The username is some throwaway crap, the email address is for mailinator.com (i.e. it's disposable) and has never voted, and has marked /every single one/ of my 183 packages out-of-date for no reason (oh, this is going to be /so amazingly fun /to undo by hand).
[1] https://aur.archlinux.org/account/DHTcWv8/ Actually, the thing I just noticed that's really funny is that this occurred over the span of almost 4 hours (1:08-4:46 PM, GMT-5), so this user actually went to every single package of mine that was not flagged and flagged each package individually, instead of simultaneously flagging all these packages. Wow, this user must really hate me
On 03/05/2013 05:34 PM, Limao Luo wrote: personally (or be aged about 11 and be really bored...?) to put in that kind of dedication.
And he's back, with another account [2] with an address on a different website (rmqkr.net, which redirects to the disposable email site 10minutemail.com). This is a waste of my time. Can someone respond to this thread so I know that a TU even knows about this? Also, I guess it's really a bot, since the flagging is done across congruent intervals (this time it's 1 minute between flags). [2] https://aur.archlinux.org/account/9Pwrxb1/
On Tue, Mar 05, 2013 at 11:05:07PM -0500, Limao Luo wrote:
And he's back, with another account [2] with an address on a different website (rmqkr.net, which redirects to the disposable email site 10minutemail.com). This is a waste of my time. Can someone respond to this thread so I know that a TU even knows about this? Also, I guess it's really a bot, since the flagging is done across congruent intervals (this time it's 1 minute between flags).
We are well aware of it. https://mailman.archlinux.org/pipermail/aur-dev/2013-February/002371.html The problem is every time I suspend an account (after a patch that was applied yesterday) now he gets logged out, the problem is it creates a new account and starts tagging them out of date again. -- Daniel Wallace Archlinux Trusted User (gtmanfred) Georgia Institute of Technology
On 03/05/2013 11:10 PM, Daniel Wallace wrote:
On Tue, Mar 05, 2013 at 11:05:07PM -0500, Limao Luo wrote:
And he's back, with another account [2] with an address on a different website (rmqkr.net, which redirects to the disposable email site 10minutemail.com). This is a waste of my time. Can someone respond to this thread so I know that a TU even knows about this? Also, I guess it's really a bot, since the flagging is done across congruent intervals (this time it's 1 minute between flags).
[2] https://aur.archlinux.org/account/9Pwrxb1/ We are well aware of it. https://mailman.archlinux.org/pipermail/aur-dev/2013-February/002371.html
The problem is every time I suspend an account (after a patch that was applied yesterday) now he gets logged out, the problem is it creates a new account and starts tagging them out of date again.
Ah, I see. Anyway, thanks for the update. I didn't even think to check aur-dev.
On Tue, Mar 05, 2013 at 11:10:16PM -0500, Daniel Wallace wrote:
On Tue, Mar 05, 2013 at 11:05:07PM -0500, Limao Luo wrote:
And he's back, with another account [2] with an address on a different website (rmqkr.net, which redirects to the disposable email site 10minutemail.com). This is a waste of my time. Can someone respond to this thread so I know that a TU even knows about this? Also, I guess it's really a bot, since the flagging is done across congruent intervals (this time it's 1 minute between flags).
We are well aware of it. https://mailman.archlinux.org/pipermail/aur-dev/2013-February/002371.html
The problem is every time I suspend an account (after a patch that was applied yesterday) now he gets logged out, the problem is it creates a new account and starts tagging them out of date again.
Captchas, man. Captchas. I know it will very very slightly inconvenience some people that have to flag a few packages out of date at a time, but really, it would only save us from crap like this. -- William Giokas | KaiSforza GnuPG Key: 0x73CD09CF Fingerprint: F73F 50EF BBE2 9846 8306 E6B8 6902 06D8 73CD 09CF
On 03/05/2013 11:21 PM, William Giokas wrote:
On Tue, Mar 05, 2013 at 11:10:16PM -0500, Daniel Wallace wrote:
On Tue, Mar 05, 2013 at 11:05:07PM -0500, Limao Luo wrote:
And he's back, with another account [2] with an address on a different website (rmqkr.net, which redirects to the disposable email site 10minutemail.com). This is a waste of my time. Can someone respond to this thread so I know that a TU even knows about this? Also, I guess it's really a bot, since the flagging is done across congruent intervals (this time it's 1 minute between flags).
[2] https://aur.archlinux.org/account/9Pwrxb1/ We are well aware of it. https://mailman.archlinux.org/pipermail/aur-dev/2013-February/002371.html
The problem is every time I suspend an account (after a patch that was applied yesterday) now he gets logged out, the problem is it creates a new account and starts tagging them out of date again. Captchas, man. Captchas. I know it will very very slightly inconvenience some people that have to flag a few packages out of date at a time, but really, it would only save us from crap like this.
Yeah, they mentioned that in the aur-dev conversation, among other ideas like IP blocking (which actually sounds good, except more than one person can have an IP, so I don't know how much that would work, unless there is some timeout period or something for the block) and repeatedly doubling intervals after successive flags that time out after an hour (which, while annoying, doesn't seem like an enough of a deterrent, but I could be wrong). Well, not much to do except wait it out, I guess. I just can't remember which packages I have to update now.
On Tue, Mar 05, 2013 at 11:30:05PM -0500, Limao Luo wrote:
On 03/05/2013 11:21 PM, William Giokas wrote:
On Tue, Mar 05, 2013 at 11:10:16PM -0500, Daniel Wallace wrote:
On Tue, Mar 05, 2013 at 11:05:07PM -0500, Limao Luo wrote:
And he's back, with another account [2] with an address on a different website (rmqkr.net, which redirects to the disposable email site 10minutemail.com). This is a waste of my time. Can someone respond to this thread so I know that a TU even knows about this? Also, I guess it's really a bot, since the flagging is done across congruent intervals (this time it's 1 minute between flags).
[2] https://aur.archlinux.org/account/9Pwrxb1/ We are well aware of it. https://mailman.archlinux.org/pipermail/aur-dev/2013-February/002371.html
The problem is every time I suspend an account (after a patch that was applied yesterday) now he gets logged out, the problem is it creates a new account and starts tagging them out of date again. Captchas, man. Captchas. I know it will very very slightly inconvenience some people that have to flag a few packages out of date at a time, but really, it would only save us from crap like this.
Yeah, they mentioned that in the aur-dev conversation, among other ideas like IP blocking (which actually sounds good, except more than one person can have an IP, so I don't know how much that would work, unless there is some timeout period or something for the block) and repeatedly doubling intervals after successive flags that time out after an hour (which, while annoying, doesn't seem like an enough of a deterrent, but I could be wrong).
Well, not much to do except wait it out, I guess. I just can't remember which packages I have to update now.
ip ban doesn't work when they use tor -- Daniel Wallace Archlinux Trusted User (gtmanfred) Georgia Institute of Technology
On Tue, Mar 05, 2013 at 11:30:05PM -0500, Limao Luo wrote:
On 03/05/2013 11:21 PM, William Giokas wrote:
Captchas, man. Captchas. I know it will very very slightly inconvenience some people that have to flag a few packages out of date at a time, but really, it would only save us from crap like this.
Yeah, they mentioned that in the aur-dev conversation, among other ideas like IP blocking (which actually sounds good, except more than one person can have an IP, so I don't know how much that would work, unless there is some timeout period or something for the block) and repeatedly doubling intervals after successive flags that time out after an hour (which, while annoying, doesn't seem like an enough of a deterrent, but I could be wrong).
Well, not much to do except wait it out, I guess. I just can't remember which packages I have to update now.
Instead of captchas for flagging packages, do we have captchas for creating new accounts already? That seems more sensible. Also, perhaps blocking new accounts using disposable emails, at least temporarily? Allen Li
On Wed, 2013-03-06 at 01:16 -0500, Allen Li wrote:
On Tue, Mar 05, 2013 at 11:30:05PM -0500, Limao Luo wrote:
On 03/05/2013 11:21 PM, William Giokas wrote:
Captchas, man. Captchas. I know it will very very slightly inconvenience some people that have to flag a few packages out of date at a time, but really, it would only save us from crap like this.
Yeah, they mentioned that in the aur-dev conversation, among other ideas like IP blocking (which actually sounds good, except more than one person can have an IP, so I don't know how much that would work, unless there is some timeout period or something for the block) and repeatedly doubling intervals after successive flags that time out after an hour (which, while annoying, doesn't seem like an enough of a deterrent, but I could be wrong).
Well, not much to do except wait it out, I guess. I just can't remember which packages I have to update now.
Instead of captchas for flagging packages, do we have captchas for creating new accounts already? That seems more sensible. Also, perhaps blocking new accounts using disposable emails, at least temporarily?
Allen Li
I'd prefer requesting a non-disposable mail address instead of adding captchas. Then again, you can also create disposable gmail accounts... -- Maxime
I really don't want to see captchas on the AUR (Google doesn't need to more info), nor do I think playing whack-a-mole with disposable email providers is a good idea. What I think we really need is an internal limit on flagging packages. It could be tied to the age of the account and/or hourly rate. As for unflagging, if you have been affected by this troll then post your username and I will mass-unflag your packages. (If any other TU wants this superpower, email me). Maxime Gauduin wrote:
On Wed, 2013-03-06 at 01:16 -0500, Allen Li wrote:
On Tue, Mar 05, 2013 at 11:30:05PM -0500, Limao Luo wrote:
On 03/05/2013 11:21 PM, William Giokas wrote:
Captchas, man. Captchas. I know it will very very slightly inconvenience some people that have to flag a few packages out of date at a time, but really, it would only save us from crap like this.
Yeah, they mentioned that in the aur-dev conversation, among other ideas like IP blocking (which actually sounds good, except more than one person can have an IP, so I don't know how much that would work, unless there is some timeout period or something for the block) and repeatedly doubling intervals after successive flags that time out after an hour (which, while annoying, doesn't seem like an enough of a deterrent, but I could be wrong).
Well, not much to do except wait it out, I guess. I just can't remember which packages I have to update now.
Instead of captchas for flagging packages, do we have captchas for creating new accounts already? That seems more sensible. Also, perhaps blocking new accounts using disposable emails, at least temporarily?
Allen Li
I'd prefer requesting a non-disposable mail address instead of adding captchas. Then again, you can also create disposable gmail accounts...
-- Maxime
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 3/5/2013 8:21 PM, William Giokas wrote:
Captchas, man. Captchas. I know it will very very slightly inconvenience some people that have to flag a few packages out of date at a time, but really, it would only save us from crap like this.
Captchas don't have to be that bad, as long as you have to log in to do anything. You only make them do the captcha once for each login. I suspect, however, that they are not a solution here. If, as this sounds to me, one person really is being targeted, then that suggests that a human being, albeit a very low form of human being, is actually at work here. - -- David Benfell <benfell@parts-unknown.org> <dbenfell@saybrook.edu> See https://parts-unknown.org/node/2 for GnuPG (the attachment you don't understand) information. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJRNuzeAAoJELJhbl/uPb4SyD0P/RrMPXFQiV6QTIQ5neHSFIAl Irw94Kvea10Ud6D1u5Ftt6Va3geWwMNHefnyDIbAXQ/GGQJt9MTqh1HAqtHmyA+V 8pk/hKaWRIt0Y24u53Ci196jCCVFFHDrQcRVFhkwGPEGUXtIlBLYc5kTyE6y5qPi QNHgnTqCfsHvcKnywWeqF9FiEubtz1AI8x3hhqdthlxCwtCouLR0cuMR2/NsCz4H Xq8ZhLfSLAZS0tjJn2qrMadoFKKollt6taHHn2PWMDjnP1hLCnJDCfFhQeFqPj9j 0nzu9pwLUBGFsjeMMB+t2ofVd8wO5eWFIhoaa+qqOut7SqB7Gx64ymzKeCeL4WMb 5CyGxbL54LBre59b1zWPcWDN7OYIVUkKaPaqGrpMOKDyr3jN4LPezUqRSh+3Gpmv NbEDJTMgcdyGMX6MAS7dn5/RqHXpz3Q2PFC1erI60mY779XaX6Yhknq9qdsqXqRw dySF/07FaH32PvLUV40Gfsq+k+mDPfwaRR36yDVlG0ReJOiO55FTRwLAS/qYIu/6 ba6FdGJXp/woNbcnFrMFm9PlhU7PsCSQD8M3FuHnqJdJBvyzFxNY15KsJjF+k6z+ imlVvxf1H3NN3rX/iR+aJx+B0+efyhy3RhHm4KNosvg8+7IGKk2VX0lsrMQVqw7Y JQYDgcefxAi0LX2BVYaq =6mS5 -----END PGP SIGNATURE-----
participants (7)
-
Allen Li
-
Daniel Wallace
-
David Benfell
-
Limao Luo
-
Maxime Gauduin
-
William Giokas
-
Xyne