[aur-general] We've got a spam issue in our AUR

Johannes Löthberg johannes at kyriasis.com
Mon Jul 13 19:43:25 UTC 2015

On 12/07, Ido Rosen wrote:
>On Sun, Jul 12, 2015 at 2:24 PM, Lukas Fleischer
><lfleischer at archlinux.org> wrote:
>> On Sun, 12 Jul 2015 at 18:25:47, Andrejs Mivreņiks wrote:
>>> Hi,
>>> Suspending the account is good, though what about messages? Are they
>>> going to be removed? Also there is totally no spam protection that I know of at
>>> this moment in AUR, at some point it might turn out to be a bigger problem than
>>> that today.
>>> [...]
>> I deleted all 15 comments the user posted. Given that only a very low
>> number of packages were affected, I suspect that he copy-pasted the
>> message manually. There is really nothing we can do about that (apart
>> from disabling comments)...
>I'm not sure if this is worthwhile, but:
>https://pypi.python.org/pypi/django-bogofilter/0.1 (example of
>integrating bogofilter to forum comments in Django/Python)
>We could add this email-style spam filtering (using bogofilter or any
>similar package), and make comments that fail it have to use a
>CAPTCHA?  Or just make all comments require a CAPTCHA.  Or a "report
>spam" link for comments.
>Another thought for improving comments might be to implement
>reddit-style upvoting/downvoting.

Not all spam is automated , so just requiring a CAPTCHA wouldn't be very 
useful. I think a slightly better approach would be to add the comment 
to a queue if it fails the spam filter, and require a TU to approve it.

  Johannes Löthberg
  PGP Key ID: 0x50FB9B273A9D0BB5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1495 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/aur-general/attachments/20150713/059eb151/attachment.asc>

More information about the aur-general mailing list