Below is what plan.io got back to me with. I list some options below that. ===== start message =======
Due to the structure of our regular plans, where each additional user comes with a price attached, running Planio in combination with self registration is a very rare use case. Consequently, the problems you're seeing are more or less unique to pulp.plan.io. Nevertheless I would like to assure you, that we are 100 % committed to support the open source projects, which are hosted on Planio. In order to find out, what might be done to improve your situation, I had a closer look at our web server logs. In the following table you may see the user registrations on pulp.plan.io over the last 7 days. Time of Registration (Berlin time) Comment 2018-10-30 11:02 Failed at email activation 2018-10-30 10:41 Spam account - see ashutoshweb3.txt 2018-10-29 10:55 Failed at email activation 2018-10-28 14:38 Spam account - see rrbb45.txt 2018-10-27 11:03 Did not post anything - see Himanshu0709.txt 2018-10-26 19:43 Failed at email activation 2018-10-26 12:27 Spam account - see itsalina.txt 2018-10-26 11:49 Spam account - see peterjobs.txt 2018-10-25 13:46 Spam account - see ketty33.txt 2018-10-25 11:54 Spam account - see johnrenfroe.txt 2018-10-25 07:10 Failed at email activation 2018-10-24 22:37 Failed at email activation 2018-10-24 22:19 Failed at email activation 2018-10-24 14:39 Regular user After taking a closer look at the user sessions of the successful spammers, I think it's safe to say that pulp.plan.io is not attacked by automated scripts, but by human users. Each sessions is very different. The time spent on the registration page is relatively long. They are not only requesting the plain web pages, but also additional assets. Consequently, the obvious solution, i.e. adding a capture to the registration page, would not help with your situation. Do you maybe have alternative ideas of how Planio could be more helpful in addressing these issues? How would you address this situation in a self-hosted environment? ===== end message ======= They make a compelling point that we probably won't do better on our own since these are real humans they will be able to beat the captchas and other bayesian systems we would put into place in a self-hosted environment. I think this leaves only two choices: a) manage the spam better b) create a "trusted users" group and have that allow users to either post comments, post issues, or both and then disable those permissions for "other accounts". This would prevent a new user from filing a bug in a self-service way though. c) add an approval step to the self-service registration d) $other_idea What should we do? On Tue, Oct 30, 2018 at 9:50 AM Brian Bouterse <bbout...@redhat.com> wrote: > I've contacted plan.io support about the untenable spam situation [0] in > the Redmine tracker. I'll let you know what they say, and we can take it > from there. > > [0]: https://pulp.plan.io/issues/67 >
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev
