[aur-general] We've got a spam issue in our AUR

Lukas Fleischer lfleischer at archlinux.org
Sun Jul 12 18:33:02 UTC 2015

On Sun, 12 Jul 2015 at 17:54:10, Daniel Micay wrote:
> On 12/07/15 11:24 AM, Andrejs Mivreņiks wrote:
> > Hi,
> > 
> > The user instmania[1] has posted spam links in the comments section
> > of almost every recently updated package. For example [2]
> > 
> > [1] https://aur4.archlinux.org/account/instmania/
> > [2] https://aur4.archlinux.org/packages/warthunder/
> I submitted a patch to remove the incentive to do this:
> https://lists.archlinux.org/pipermail/aur-dev/2015-July/003608.html
> It would be nice to implement the registration question we have on the
> forums and wiki too.

We introduced a similar (even harder and quickly changing) question the
last time we had issues with a spam bot. It didn't help, the spammer
revamped his bot within a couple of minutes, see [1]. Our next
countermeasure was to require email confirmations on registration (and
preventing the same email address from being used twice) which worked
fine. Obviously, all that doesn't help when a human registers himself.

The only additional thing I can think of is some flood control
mechanism which does not fix the problem itself but helps reducing the
degree of damage...

[1] https://lists.archlinux.org/pipermail/aur-dev/2013-March/002438.html

More information about the aur-general mailing list