[aur-dev] [aur-general] Fighting spam on the AUR
Lukas Fleischer
archlinux at cryptocrack.de
Fri Mar 15 12:33:02 EDT 2013
On Fri, Mar 15, 2013 at 05:13:43PM +0100, Pierre Schmitz wrote:
> Am 13.03.2013 11:33, schrieb Lukas Fleischer:
> > Status quo:
> >
> > 06:54 < gtmanfred> ok, it really is time for something else
> > 06:54 < gtmanfred> the spammer is now creating a new account for
> > every comment and flag out of date
> >
> > The account suspension feature does not help here.
> >
> > Options:
> >
> > * Allow package maintainers to block the "Flag package out-of-date"
> > feature for a certain amount of time. Note that this might eventually
> > cripple the "out-of-date" function. Also, this does not work for
> > comments.
> >
> > * Use CAPTCHAs during account registration. We could either use MAPTCHAs
> > ("What is 1 + 1?") or something like reCAPTCHA [1].
> >
> > * Moderate new accounts. Might be a lot of work. We need some TUs that
> > review and unlock accounts. Also, it might be hard to distinguish a
> > spam bot from a regular user. If we require a short application text,
> > this might result in less users joining the AUR.
> >
> > * Block IP addresses. Bye-bye, Tor users!
> >
> > Comments and suggestions welcome! We need to find a proper solution as
> > soon as possible!
> >
> > [1] http://www.google.com/recaptcha
>
> We already tested all this years ago with the Wiki and Forums. Why
> reinvent the wheel instead of just using an existing solution? I could
> point you to the code if wanted; it's pretty simple and should be easy
> to integrate into the aur registration.
Because we suspect that the bots spamming the AUR were specifically
designed for this specific setup of this specific platform and might
react to such a simple change. Given the effort required to implement
this, I agree that it is worth trying out, though.
I will look into this on Monday/Tuesday. If the captcha will not prove
itself in practice I will implement a blacklist/whitelist based
solution.
Thank you for all the replies.
>
> Greetings,
>
> Pierre
>
> --
> Pierre Schmitz, https://pierre-schmitz.com
More information about the aur-dev
mailing list