FS#2159 : fresh registered user accounts created spam tasks

Status Closed
Percent Complete
100%
Task Type TODO
Category Backend/Core
Assigned To No-one
Operating System All
Severity High
Priority High
Reported Version 1.0-beta
Due in Version Undecided
Due Date Undecided
Votes
Private

Attached to Project: Flyspray
Opened by peterdd - 04.07.2016
Last edited by peterdd - 17.02.2020

FS#2159 - fresh registered user accounts created spam tasks

Today it was first time I see real spam on bugs.flyspray.org

The 2 spam accounts registered today and started creating spam posts as new tasks.

What is the reason? Was it by real humans or bots?

So what can we do to reduce this in future?

Ideas for making it harder and unattractive for spammers:

Users who never opened a nonspam-task or contributed a useful comment should solve a captcha
Limit the amount of creating tasks for new registered users or a user groups, like limiting to 2 tasks or 1 task per user per day.
Settings for a more moderated task creation process? Like a quarantine dbtable for tasks?

If we closed such spam tasks with WTF? reason, it will still be listed by search engines like google at the moment:

Move spam tasks to a ‘dumpster project’, that is not visible for guests (search engines!) too.
Or make spamming to visible flyspray projects unattractive, lets set noindex for: closed task for some special reason id?
Delete spam tasks from database if allowed by your organization

Update: another and this time more aggressive phone number spammer.

Closed by peterdd
17.02.2020 15:55
Reason for closing: Complete
Additional comments about closing:

email verification and 2 different captchas currently keep the spam low. Limits for fresh/untrusted selfregistered accounts and content scanning might be added if really necessary.

Comments (2)
Related Tasks (1/0)

peterdd commented on 23.07.2016 20:38

Today 3rd time one spammer added a bunch of phone number spam tasks.
Mechanical turk or bot?

peterdd commented on 25.10.2016 13:45

Today a new wave of (probably automated) spamming hit bugs.flyspray.org :-(

This time at least 10 new full registered accounts posted each 2-10 postings of spam.

Each time it gets more aggressive.

Maybe we should introduce a "new task" per day limit for fresh registered users. Lets say a limit of 1. And only if a modarator of bugs.flyspray.org approves, the account is allowed to post more new tasks in a period of time.

It does not solve the spamming if spammer register each time under a new email address.

Additional captcha may help a bit, but will not help against sophisticated bots or cheap 'machanical turks' that solve captcha for the spammers.

	Tasks related to this task (1)
	FS#2105 - countermeasures for 'add task anonymous' spam

Loading...

Keyboard shortcuts

Available keyboard shortcuts

Alt + ⇧ Shift + l Login Dialog / Logout
Alt + ⇧ Shift + a Add new task
Alt + ⇧ Shift + m My searches
Alt + ⇧ Shift + t focus taskid search

Tasklist

o open selected task
j move cursor down
k move cursor up

Task Details

n Next task
p Previous task
Alt + ⇧ Shift + e ↵ Enter Edit this task
Alt + ⇧ Shift + w watch task
Alt + ⇧ Shift + y Close Task

Task Editing

Alt + ⇧ Shift + s save task