On 4/11/19 5:36 PM, Lukas Fleischer via aur-general wrote: > On Thu, 11 Apr 2019 at 15:13:32, Daniel M. Capella via aur-general wrote: >> On April 5, 2019 7:54:44 AM EDT, NicoHood <archlinux at nicohood.de> wrote: >>> Should and how can we better protect ourselves from spam comments? >> >> Perhaps we should add CAPTCHA for account registrations. > > IIRC, we had an issue with spam bots several years ago. We tried adding > a CAPTCHA back then and it did not help (which, of course, does not > imply that CAPTCHAs do not work in general). > > The issue was eventually resolved by requiring users to confirm their > email address and set an initial password from the confirmation email > before using their accounts. If this no longer works and massive > spamming continues to be a problem, I am open to trying other techniques > again. > > That being said, I think we should first figure out whether spammer > account creation is automated or done manually this time. > > Lukas >
As a next step we could add a requirement to "unlock" a new account by checking its first comment. But this requires additional work on our side. It seems that those spammers are real persons then.