While debugging the bootstrap stuff, I created some test projects. I was appalled to see that spammer accounts began to appear immediately, one every few minutes. They all had profiles containing links to commercial sites. This is probably happening to all projects. It would be nice to snuff it out.
I enabled "www.stopforumspam.com". That didn't help. I noticed that the accounts were being created by Web RPCs (not via the web interface, which can be protected with reCAPTCHA). The create-account RPC is used by - account managers (BAM!, etc.) - the BOINC client If it were just account managers we could add some kind of access control (i.e. accept RPCs only from known AMs). But this would break the client. What to do about this? Suggestions are welcome. The ideas I can think of: - periodically delete accounts that have existed for a few days and don't have any hosts - change the client so that it doesn't create accounts via RPC, but instead opens a web page and you create the account there (with a reCAPTCHA). Then use the access-control scheme on the server side. (This would break account creation from existing clients). -- David _______________________________________________ boinc_dev mailing list boinc_dev@ssl.berkeley.edu http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
