On 15 Mar 2013 11:25, "Dave Reisner" <[email protected]> wrote: > > On Fri, Mar 15, 2013 at 11:04:38AM +0100, Timothy Redaelli wrote: > > On Wednesday, March 13, 2013 11:33:18 AM Lukas Fleischer wrote: > > > Status quo: > > > > > > 06:54 < gtmanfred> ok, it really is time for something else > > > 06:54 < gtmanfred> the spammer is now creating a new account for > > > every comment and flag out of date > > > > > > The account suspension feature does not help here. > > > > > > Options: > > > > > > * Allow package maintainers to block the "Flag package out-of-date" > > > feature for a certain amount of time. Note that this might eventually > > > cripple the "out-of-date" function. Also, this does not work for > > > comments. > > > > > > * Use CAPTCHAs during account registration. We could either use MAPTCHAs > > > ("What is 1 + 1?") or something like reCAPTCHA [1]. > > > > > > * Moderate new accounts. Might be a lot of work. We need some TUs that > > > review and unlock accounts. Also, it might be hard to distinguish a > > > spam bot from a regular user. If we require a short application text, > > > this might result in less users joining the AUR. > > > > > > * Block IP addresses. Bye-bye, Tor users! > > > > > > Comments and suggestions welcome! We need to find a proper solution as > > > soon as possible! > > > > > > [1] http://www.google.com/recaptcha > > > > Hi, > > I suggest to use http://www.flameeyes.eu/projects/modsec instead (and in wiki > > too, so we can remove the horrible captcha). > > It's an Apache mod_security backlist that reduce the spam (using DNSBL and > > User-Agent validation). > > $ curl -I https://aur.archlinux.org |& grep Server > Server: nginx/1.2.6
I had quite a success with projecthoneypot.org as another suggestion.
