[aur-dev] Fighting spam on the AUR

Lukas Fleischer archlinux at cryptocrack.de
Wed Mar 13 06:33:18 EDT 2013

Status quo:

    06:54 < gtmanfred> ok, it really is time for something else
    06:54 < gtmanfred> the spammer is now creating a new account for
    every comment and flag out of date

The account suspension feature does not help here.


* Allow package maintainers to block the "Flag package out-of-date"
  feature for a certain amount of time. Note that this might eventually
  cripple the "out-of-date" function. Also, this does not work for

* Use CAPTCHAs during account registration. We could either use MAPTCHAs
  ("What is 1 + 1?") or something like reCAPTCHA [1].

* Moderate new accounts. Might be a lot of work. We need some TUs that
  review and unlock accounts. Also, it might be hard to distinguish a
  spam bot from a regular user. If we require a short application text,
  this might result in less users joining the AUR.

* Block IP addresses. Bye-bye, Tor users!

Comments and suggestions welcome! We need to find a proper solution as
soon as possible!

[1] http://www.google.com/recaptcha

More information about the aur-dev mailing list