[aur-general] Fighting spam on the AUR
Leonidas Spyropoulos
artafinde at gmail.com
Fri Mar 15 08:26:28 EDT 2013
On 15 Mar 2013 11:25, "Dave Reisner" <d at falconindy.com> wrote:
>
> On Fri, Mar 15, 2013 at 11:04:38AM +0100, Timothy Redaelli wrote:
> > On Wednesday, March 13, 2013 11:33:18 AM Lukas Fleischer wrote:
> > > Status quo:
> > >
> > > 06:54 < gtmanfred> ok, it really is time for something else
> > > 06:54 < gtmanfred> the spammer is now creating a new account for
> > > every comment and flag out of date
> > >
> > > The account suspension feature does not help here.
> > >
> > > Options:
> > >
> > > * Allow package maintainers to block the "Flag package out-of-date"
> > > feature for a certain amount of time. Note that this might
eventually
> > > cripple the "out-of-date" function. Also, this does not work for
> > > comments.
> > >
> > > * Use CAPTCHAs during account registration. We could either use
MAPTCHAs
> > > ("What is 1 + 1?") or something like reCAPTCHA [1].
> > >
> > > * Moderate new accounts. Might be a lot of work. We need some TUs that
> > > review and unlock accounts. Also, it might be hard to distinguish a
> > > spam bot from a regular user. If we require a short application
text,
> > > this might result in less users joining the AUR.
> > >
> > > * Block IP addresses. Bye-bye, Tor users!
> > >
> > > Comments and suggestions welcome! We need to find a proper solution as
> > > soon as possible!
> > >
> > > [1] http://www.google.com/recaptcha
> >
> > Hi,
> > I suggest to use http://www.flameeyes.eu/projects/modsec instead (and
in wiki
> > too, so we can remove the horrible captcha).
> > It's an Apache mod_security backlist that reduce the spam (using DNSBL
and
> > User-Agent validation).
>
> $ curl -I https://aur.archlinux.org |& grep Server
> Server: nginx/1.2.6
I had quite a success with projecthoneypot.org
as another suggestion.
More information about the aur-general
mailing list