[aur-general] We've got a spam issue in our AUR
Lukas Fleischer
lfleischer at archlinux.org
Sun Jul 12 18:33:02 UTC 2015
On Sun, 12 Jul 2015 at 17:54:10, Daniel Micay wrote:
> On 12/07/15 11:24 AM, Andrejs Mivreņiks wrote:
> > Hi,
> >
> > The user instmania[1] has posted spam links in the comments section
> > of almost every recently updated package. For example [2]
> >
> > [1] https://aur4.archlinux.org/account/instmania/
> > [2] https://aur4.archlinux.org/packages/warthunder/
>
> I submitted a patch to remove the incentive to do this:
>
> https://lists.archlinux.org/pipermail/aur-dev/2015-July/003608.html
>
> It would be nice to implement the registration question we have on the
> forums and wiki too.
>
We introduced a similar (even harder and quickly changing) question the
last time we had issues with a spam bot. It didn't help, the spammer
revamped his bot within a couple of minutes, see [1]. Our next
countermeasure was to require email confirmations on registration (and
preventing the same email address from being used twice) which worked
fine. Obviously, all that doesn't help when a human registers himself.
The only additional thing I can think of is some flood control
mechanism which does not fix the problem itself but helps reducing the
degree of damage...
[1] https://lists.archlinux.org/pipermail/aur-dev/2013-March/002438.html
More information about the aur-general
mailing list