- Status Closed
- Percent Complete
- Task Type TODO
- Category Backend/Core
- Assigned To No-one
- Operating System All
- Severity High
- Priority High
- Reported Version 1.0-beta
- Due in Version Undecided
-
Due Date
Undecided
- Votes
- Private
Attached to Project: Flyspray - The bug killer!
Opened by peterdd - 04.07.2016
Last edited by peterdd - 17.02.2020
Opened by peterdd - 04.07.2016
Last edited by peterdd - 17.02.2020
FS#2159 - fresh registered user accounts created spam tasks
Today it was first time I see real spam on bugs.flyspray.org
The 2 spam accounts registered today and started creating spam posts as new tasks.
What is the reason? Was it by real humans or bots?
So what can we do to reduce this in future?
Ideas for making it harder and unattractive for spammers:
- Users who never opened a nonspam-task or contributed a useful comment should solve a captcha
- Limit the amount of creating tasks for new registered users or a user groups, like limiting to 2 tasks or 1 task per user per day.
- Settings for a more moderated task creation process? Like a quarantine dbtable for tasks?
- If we closed such spam tasks with WTF? reason, it will still be listed by search engines like google at the moment:
- Move spam tasks to a ‘dumpster project’, that is not visible for guests (search engines!) too.
- Or make spamming to visible flyspray projects unattractive, lets set noindex for: closed task for some special reason id?
- Delete spam tasks from database if allowed by your organization
Update: another and this time more aggressive phone number spammer.
Closed by peterdd
17.02.2020 15:55
Reason for closing: Complete
Additional comments about closing:
17.02.2020 15:55
Reason for closing: Complete
Additional comments about closing:
email verification and 2 different
captchas currently keep the spam low.
Limits for fresh/untrusted
selfregistered accounts and content
scanning might be added if really
necessary.
Today 3rd time one spammer added a bunch of phone number spam tasks.
Mechanical turk or bot?
Today a new wave of (probably automated) spamming hit bugs.flyspray.org
This time at least 10 new full registered accounts posted each 2-10 postings of spam.
Each time it gets more aggressive.
Maybe we should introduce a "new task" per day limit for fresh registered users. Lets say a limit of 1. And only if a modarator of bugs.flyspray.org approves, the account is allowed to post more new tasks in a period of time.
It does not solve the spamming if spammer register each time under a new email address.
Additional captcha may help a bit, but will not help against sophisticated bots or cheap 'machanical turks' that solve captcha for the spammers.