[aur-general] Fighting spam on the AUR
Timothy Redaelli
tredaelli at archlinux.info
Fri Mar 15 06:04:38 EDT 2013
On Wednesday, March 13, 2013 11:33:18 AM Lukas Fleischer wrote:
> Status quo:
>
> 06:54 < gtmanfred> ok, it really is time for something else
> 06:54 < gtmanfred> the spammer is now creating a new account for
> every comment and flag out of date
>
> The account suspension feature does not help here.
>
> Options:
>
> * Allow package maintainers to block the "Flag package out-of-date"
> feature for a certain amount of time. Note that this might eventually
> cripple the "out-of-date" function. Also, this does not work for
> comments.
>
> * Use CAPTCHAs during account registration. We could either use MAPTCHAs
> ("What is 1 + 1?") or something like reCAPTCHA [1].
>
> * Moderate new accounts. Might be a lot of work. We need some TUs that
> review and unlock accounts. Also, it might be hard to distinguish a
> spam bot from a regular user. If we require a short application text,
> this might result in less users joining the AUR.
>
> * Block IP addresses. Bye-bye, Tor users!
>
> Comments and suggestions welcome! We need to find a proper solution as
> soon as possible!
>
> [1] http://www.google.com/recaptcha
Hi,
I suggest to use http://www.flameeyes.eu/projects/modsec instead (and in wiki
too, so we can remove the horrible captcha).
It's an Apache mod_security backlist that reduce the spam (using DNSBL and
User-Agent validation).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.archlinux.org/pipermail/aur-general/attachments/20130315/e92d2cba/attachment.asc>
More information about the aur-general
mailing list