-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Lukas Fleischer <[email protected]> wrote:
>I analyzed recent additions to the AUR user database in the hope of >finding a way to delete all spammer accounts. > >Unfortunately, the account creation bot seems to be a bit more clever >than I thought. Various different user names (both random user names, >user names extracted from IRC channels etc.) and various different >email >addresses (different hosts, some local parts match the user name and >some don't) were used. > >The only obvious pattern is that following fields are always empty: > >* RealName >* IRCNick >* PGPKey > >However, using that filter and also filtering by ID (51617 is the first >account obviously created by a bot) and last login (1363737600 is >2013-03-20 00:00:00 which is after the login form has been disabled for >Tor users) still leaves 18378 accounts: > > mysql> SELECT COUNT(*) FROM Users WHERE RealName = '' AND > -> IRCNick = '' AND PGPKey = '' AND ID >= 51617 AND > -> ID <= 70072 AND LastLogin < 1363737600; > +----------+ > | COUNT(*) | > +----------+ > | 18378 | > +----------+ > 1 row in set (0.01 sec) > >My suggestion is: > >1. Set the password field of these accounts to "", so that they will no > longer be able to login. They can still use the password reset form. > >2. Delete all accounts that still have an empty password field in ~2 > weeks. > >If there are any objections or alternative suggestions, please let me >know. Otherwise, I will unset password fields before I re-enable the >registration form (on Tuesday, 2013-03-26). > >Regards, >Lukas The only suggestion I have to include a message about passwords being cleared on the login screen, more specifically the failed login screen. - -- Sent from my Android Phone. Daniel Wallace Arch Linux Trusted User GTManfred -----BEGIN PGP SIGNATURE----- Version: APG v1.0.8 iQFUBAEBCAA+BQJRT4JzNxxEYW5pZWwgV2FsbGFjZSAoZ3RtYW5mcmVkKSA8ZGFu aWVsLndhbGxhY2VAZ2F0ZWNoLmVkdT4ACgkQX6XlVE8BDUjk4gf/fCqpAr8OUnIk oy/1L0iZzIg0McX9yysXd1L49tWlrFOMD+NLl+14j5ZdOmsbUx/GrLDngQVvqO9Z BM8NWd6V9gPCk6R3dxZybtojsvR/TbivilmH36arkdNyLBjNOMaIyxTAAnpGZEOJ vETGYDmQgb5fw1sqfSrrLqND/s4KXfcSLngQW6eeqOSvHUJRvNGLZDE3UTT2qS1w GF2Z87B5d9SMTauvcTicFvN0pleE22upB9NA4ldtO0eIhxFfdLuSf8Qi+RUX6nl0 uZXMDa+nKHZ9A0Xcma7lKKpzOy1haj9ZBAOs8xN+Sl5JNmEhXT0fKmPO3AvNYHgh nrrn6LYIiw== =CH2W -----END PGP SIGNATURE-----
