[aur-general] Fighting spam on the AUR

Lukas Fleischer archlinux at cryptocrack.de
Wed Mar 13 07:23:53 EDT 2013 

On Wed, Mar 13, 2013 at 06:59:59PM +0800, Felix Yan wrote:
> On Wednesday, March 13, 2013 11:48:50 Maxime Gauduin wrote:
> > On Wed, 2013-03-13 at 11:33 +0100, Lukas Fleischer wrote:
> > > Status quo:
> > > 
> [...]
> > > 
> > > * Use CAPTCHAs during account registration. We could either use MAPTCHAs
> > >   ("What is 1 + 1?") or something like reCAPTCHA [1].
> > > 
> > > * Moderate new accounts. Might be a lot of work. We need some TUs that
> > >   review and unlock accounts. Also, it might be hard to distinguish a
> > >   spam bot from a regular user. If we require a short application text,
> > >   this might result in less users joining the AUR.
> > > 
> > > * Block IP addresses. Bye-bye, Tor users!
> > > 
> > > Comments and suggestions welcome! We need to find a proper solution as
> > > soon as possible!
> > > 
> [...]
> > 
> > All new or existing accounts using TOR are automatically blacklisted,
> > and have to send a request to aur-general so they can be granted a
> > special status which bypasses the IP verification.
> > 
> > Give TUs more super powers so they can blacklist or whitelist users/IPs.
> > 
> > What do you think?
> > 
> > Cheers.
> 
> And there're thousands of free proxy lists with millions of available candidate IPs, I don't really think this could stop the spammers.

We could IP ban every spammer as soon as he is noticed. I assume that we
will not be attacked by dozens of spammers or a botnet.

> 
> So IMHO I'd +1 for captchas (though hate it a lot).
> 
> And maybe some more captchas than just in registering: (just examples)
> 
> * 5th or more out-of-date flags in a day
> * 5th or more comments (in different packages) in a day
> * 5th or more same comment sentence

I do not think this is needed. We can suspend every spam account. If we
find a way to stop automated account creation, I do not think there will
be lots of spammers any time soon.

> 
> This should not bother existing users too much.
> 
> But nothing could really stop him if he still hate us so much and register & post manually, just as suggested before.
> 
> Felix Yan
> Twitter: @felixonmars
> Wiki: http://felixc.at

More information about the aur-general mailing list