--removed: -Check for an analysis after ~1 day: https://savannah.gnu.org/support/index.php?106304#comment9 -
??changed: - -- Validated post (captcha or login) -- Validated post (validated captcha or authentified) ++added: Check for an analysis after ~1 day: https://savannah.gnu.org/support/index.php?106304#comment9 Conclusion: distributed and dumb for the most part (95%), and %5 remaining distributed and clever. Apparently we need to be a bit more challenging for the 5% one. Or, we need to accept there will be 5% clever spam anyway and filter them after-the-fact. TODO: better analyse 5% remaining posts Ideas (more challenging): * text captcha or textcha - http://moinmo.in/HelpOnTextChas * beware: i18n * randomized text fields: * beware: pre-filling the fields on error * cons: needs cookie for anonymous users (not implemented) * reduce number of links per posts + surge protection (limit msgs/min) * URL block-lists? Ideas (post-moderation): * Currently requires 5 spam points (user=1, tracker admin=2, project admin=5), but often normal users don't reach 5 points. Implement a moderation form for admins or site-admins, which would be able to quickly moderate the spam. * Beware: lack of moderation team, lots of dead projects Rejected ideas: * captcha: * accessibility issues * clever spammers (the 5% we track) know how to read captcha * I don't like decrypting numbers on screen 20 times per day * recaptcha: graphic or sound captcha via a webservice: no server-side source code * give less privileges to anonymous users: * it discourages contribution (forces to create an account, remember password, etc.) * some spammers already create accounts, so don't feel safe because the user is authenticated, it can very well be a spammer nevertheless * akisnet (or something, no need to advertise): interesting idea based on centralization and cross-site analysis, via webservice (somewhat similar to Razor/Pyzor); but this is essentially a proprietary external solution; we would also need to paid a monthly fee since we're bigger than a classic blog. A free software implementation would need a huge traffic too to get consistent and reactive detection. -- forwarded from https://savannah.gnu.org/maintenance/[EMAIL PROTECTED]://savannah.gnu.org/maintenance _______________________________________________ Savannah-cvs mailing list [email protected] http://lists.gnu.org/mailman/listinfo/savannah-cvs
