Hi,
As you may have noticed, I've disabled the user notes entry system, because
we were receiving more than 100 spam notes per day for two months. That's
too much work..
I don't really want to enable the thing before "fixing" the problem with
spam. We currently have a words blacklist plus a DNS check with two major
on-line blacklists, but noone was filtering the spam.
So we have to discuss our options:
1. delete all user notes :P
2. implement a captcha system on the mirrors
3. implement the captcha in the master server
4. ??
The implication of 2. is that the system would be hackable. Sending the spam
directly to the master server would easily avoid the protection. The other
problem is that the captcha that is on the bugs site requires gd. Other
systems (such as phpBB registration image) don't require any extension,
though. However it is licensed under GPL (we can not bundle it..)
I vote on 3, as it's the safest mechanism. We simply put the master server
generating the images and creating sessions to save the keys. The mirrors
would just need to fetch the image and parse the http headers to get the php
session id (that's easy with php >= 4.3).
So I ask you to propose other ideas, vote, whatever, so that we can enable
the notes again.
Thanks,
Nuno
