Re: [aur-general] Spammers in AUR user comments
I'm also receiving comments from lots of different spam accounts in unity-editor. I'm not a TU and the web gui doesn't seem to have an option to deal with it. What's the protocol for these cases? Thanks, Oscar.
On April 5, 2019 7:54:44 AM EDT, NicoHood <archlinux at nicohood.de> wrote:
Should and how can we better protect ourselves from spam comments?
Perhaps we should add CAPTCHA for account registrations. On April 10, 2019 7:35:14 AM EDT, Oscar via aur-general <aur-general@archlinux.org> wrote:
I'm also receiving comments from lots of different spam accounts in unity-editor. I'm not a TU and the web gui doesn't seem to have an option to deal with it.
What's the protocol for these cases?
Shoot us an email here.
Thanks, Oscar.
-- Best, Daniel <https://danielcapella.com>
On Thu, 11 Apr 2019 at 15:13:32, Daniel M. Capella via aur-general wrote:
On April 5, 2019 7:54:44 AM EDT, NicoHood <archlinux at nicohood.de> wrote:
Should and how can we better protect ourselves from spam comments?
Perhaps we should add CAPTCHA for account registrations.
IIRC, we had an issue with spam bots several years ago. We tried adding a CAPTCHA back then and it did not help (which, of course, does not imply that CAPTCHAs do not work in general). The issue was eventually resolved by requiring users to confirm their email address and set an initial password from the confirmation email before using their accounts. If this no longer works and massive spamming continues to be a problem, I am open to trying other techniques again. That being said, I think we should first figure out whether spammer account creation is automated or done manually this time. Lukas
On 4/11/19 5:36 PM, Lukas Fleischer via aur-general wrote:
On Thu, 11 Apr 2019 at 15:13:32, Daniel M. Capella via aur-general wrote:
On April 5, 2019 7:54:44 AM EDT, NicoHood <archlinux at nicohood.de> wrote:
Should and how can we better protect ourselves from spam comments?
Perhaps we should add CAPTCHA for account registrations.
IIRC, we had an issue with spam bots several years ago. We tried adding a CAPTCHA back then and it did not help (which, of course, does not imply that CAPTCHAs do not work in general).
The issue was eventually resolved by requiring users to confirm their email address and set an initial password from the confirmation email before using their accounts. If this no longer works and massive spamming continues to be a problem, I am open to trying other techniques again.
That being said, I think we should first figure out whether spammer account creation is automated or done manually this time.
Lukas
As a next step we could add a requirement to "unlock" a new account by checking its first comment. But this requires additional work on our side. It seems that those spammers are real persons then.
participants (4)
-
Daniel M. Capella
-
Lukas Fleischer
-
NicoHood
-
Oscar