[aur-general] Spammers in AUR user comments

NicoHood archlinux at nicohood.de
Thu Apr 11 18:50:11 UTC 2019

On 4/11/19 5:36 PM, Lukas Fleischer via aur-general wrote:
> On Thu, 11 Apr 2019 at 15:13:32, Daniel M. Capella via aur-general wrote:
>> On April 5, 2019 7:54:44 AM EDT, NicoHood <archlinux at nicohood.de> wrote:
>>> Should and how can we better protect ourselves from spam comments?
>> Perhaps we should add CAPTCHA for account registrations.
> IIRC, we had an issue with spam bots several years ago. We tried adding
> a CAPTCHA back then and it did not help (which, of course, does not
> imply that CAPTCHAs do not work in general).
> The issue was eventually resolved by requiring users to confirm their
> email address and set an initial password from the confirmation email
> before using their accounts. If this no longer works and massive
> spamming continues to be a problem, I am open to trying other techniques
> again.
> That being said, I think we should first figure out whether spammer
> account creation is automated or done manually this time.
> Lukas

As a next step we could add a requirement to "unlock" a new account by
checking its first comment. But this requires additional work on our
side. It seems that those spammers are real persons then.

More information about the aur-general mailing list