[aur-dev] [aur-general] Fighting spam on the AUR

Pierre Schmitz pierre at archlinux.de
Fri Mar 15 12:13:43 EDT 2013

Am 13.03.2013 11:33, schrieb Lukas Fleischer:
> Status quo:
>     06:54 < gtmanfred> ok, it really is time for something else
>     06:54 < gtmanfred> the spammer is now creating a new account for
>     every comment and flag out of date
> The account suspension feature does not help here.
> Options:
> * Allow package maintainers to block the "Flag package out-of-date"
>   feature for a certain amount of time. Note that this might eventually
>   cripple the "out-of-date" function. Also, this does not work for
>   comments.
> * Use CAPTCHAs during account registration. We could either use MAPTCHAs
>   ("What is 1 + 1?") or something like reCAPTCHA [1].
> * Moderate new accounts. Might be a lot of work. We need some TUs that
>   review and unlock accounts. Also, it might be hard to distinguish a
>   spam bot from a regular user. If we require a short application text,
>   this might result in less users joining the AUR.
> * Block IP addresses. Bye-bye, Tor users!
> Comments and suggestions welcome! We need to find a proper solution as
> soon as possible!
> [1] http://www.google.com/recaptcha

We already tested all this years ago with the Wiki and Forums. Why
reinvent the wheel instead of just using an existing solution? I could
point you to the code if wanted; it's pretty simple and should be easy
to integrate into the aur registration.



Pierre Schmitz, https://pierre-schmitz.com

More information about the aur-dev mailing list