[aur-general] spam in out-of-date notifications for [community] packages

Aaron Griffin aaronmgriffin at gmail.com
Tue Oct 6 13:11:51 EDT 2009 

On Wed, Sep 30, 2009 at 4:47 AM, Evangelos Foutras <foutrelis at gmail.com> wrote:
> Aaron Griffin wrote:
>>
>> On Tue, Sep 29, 2009 at 10:18 AM, Chris Brannon <cmbrannon79 at gmail.com>
>> wrote:
>>
>>>
>>> It seems that someone is sending spam via out-of-date notifications
>>> for packages in the official repos.
>>> How do I clear the out-of-date flag on my packages these days?
>>> I can't seem to be able to do that with the new interface.
>>>
>>
>> Yeah, this happens, and we haven't really found a good solution to
>> this spam problem. I guess we could ban the IP address...
>>
>> If anyone has an idea to solve the spam issue that's not super
>> intrusive, the code (archweb_pub) is publicly available :)
>>
>
> This is a technique I've read somewhere, though I've never tried it on a
> live site. Super unobtrusive and quite elegant. Should catch most bots too.
>
> From 9f55ad4586905bb8f3565b8a363496c57242e2a1 Mon Sep 17 00:00:00 2001
> From: Evangelos Foutras <foutrelis at gmail.com>
> Date: Wed, 30 Sep 2009 12:41:31 +0300
> Subject: [PATCH] Add hidden field to prevent bots from flagging pkg
>
> Technique detailed at http://www.wwohn.com/captcha-alternatives/ (The
> first bullet under "Non interactive alternatives").
> ---
>  packages/views.py |    6 +++++-
>  1 files changed, 5 insertions(+), 1 deletions(-)
>
> diff --git a/packages/views.py b/packages/views.py
> index e5e2c8b..99bdbd6 100644
> --- a/packages/views.py
> +++ b/packages/views.py
> @@ -136,6 +136,10 @@ class FlagForm(forms.Form):
>     email = forms.EmailField(label='* E-mail Address')
>     usermessage = forms.CharField(label='Message To Dev',
>             widget=forms.Textarea, required=False)
> +    # The field below is used to filter out bots that blindly fill out all
> input elements
> +    website = forms.CharField(label='',
> +            widget=forms.TextInput(attrs={'style': 'display:none;'}),
> +            required=False)
>
>  def flag(request, pkgid):
>     pkg = get_object_or_404(Package, id=pkgid)
> @@ -146,7 +150,7 @@ def flag(request, pkgid):
>
>     if request.POST:
>         form = FlagForm(request.POST)
> -        if form.is_valid():
> +        if form.is_valid() and form.cleaned_data['website'] == '':
>             # flag all architectures
>             pkgs = Package.objects.filter(
>                     pkgname=pkg.pkgname, repo=pkg.repo)

I merged and pushed this patch. It's not live, but it will be when we
next push out the archweb code.

Thanks!

More information about the aur-general mailing list