[aur-general] We've got a spam issue in our AUR
lfleischer at archlinux.org
Sun Jul 12 18:33:02 UTC 2015
On Sun, 12 Jul 2015 at 17:54:10, Daniel Micay wrote:
> On 12/07/15 11:24 AM, Andrejs Mivreņiks wrote:
> > Hi,
> > The user instmania has posted spam links in the comments section
> > of almost every recently updated package. For example 
> >  https://aur4.archlinux.org/account/instmania/
> >  https://aur4.archlinux.org/packages/warthunder/
> I submitted a patch to remove the incentive to do this:
> It would be nice to implement the registration question we have on the
> forums and wiki too.
We introduced a similar (even harder and quickly changing) question the
last time we had issues with a spam bot. It didn't help, the spammer
revamped his bot within a couple of minutes, see . Our next
countermeasure was to require email confirmations on registration (and
preventing the same email address from being used twice) which worked
fine. Obviously, all that doesn't help when a human registers himself.
The only additional thing I can think of is some flood control
mechanism which does not fix the problem itself but helps reducing the
degree of damage...
More information about the aur-general