Maybe the first comment / issue posted by an account would need to be approved, but once approved they could post subsequent comments / issues without delay?
On Wed, Oct 31, 2018 at 1:28 PM, Brian Bouterse <bbout...@redhat.com> wrote: > Below is what plan.io got back to me with. I list some options below that. > > ===== start message ======= > > Due to the structure of our regular plans, where each additional user > comes with a price attached, running Planio in combination with self > registration is a very rare use case. Consequently, the problems you're > seeing are more or less unique to pulp.plan.io. > > Nevertheless I would like to assure you, that we are 100 % committed to > support the open source projects, which are hosted on Planio. > > In order to find out, what might be done to improve your situation, I had > a closer look at our web server logs. In the following table you may see > the user registrations on pulp.plan.io over the last 7 days. > Time of Registration (Berlin time) Comment > 2018-10-30 11:02 Failed at email activation > 2018-10-30 10:41 Spam account - see ashutoshweb3.txt > 2018-10-29 10:55 Failed at email activation > 2018-10-28 14:38 Spam account - see rrbb45.txt > 2018-10-27 11:03 Did not post anything - see Himanshu0709.txt > 2018-10-26 19:43 Failed at email activation > 2018-10-26 12:27 Spam account - see itsalina.txt > 2018-10-26 11:49 Spam account - see peterjobs.txt > 2018-10-25 13:46 Spam account - see ketty33.txt > 2018-10-25 11:54 Spam account - see johnrenfroe.txt > 2018-10-25 07:10 Failed at email activation > 2018-10-24 22:37 Failed at email activation > 2018-10-24 22:19 Failed at email activation > 2018-10-24 14:39 Regular user > > After taking a closer look at the user sessions of the successful > spammers, I think it's safe to say that pulp.plan.io is not attacked by > automated scripts, but by human users. Each sessions is very different. The > time spent on the registration page is relatively long. They are not only > requesting the plain web pages, but also additional assets. > > Consequently, the obvious solution, i.e. adding a capture to the > registration page, would not help with your situation. > > Do you maybe have alternative ideas of how Planio could be more helpful in > addressing these issues? How would you address this situation in a > self-hosted environment? > > ===== end message ======= > > They make a compelling point that we probably won't do better on our own > since these are real humans they will be able to beat the captchas and > other bayesian systems we would put into place in a self-hosted > environment. I think this leaves only two choices: > > a) manage the spam better > > b) create a "trusted users" group and have that allow users to either post > comments, post issues, or both and then disable those permissions for > "other accounts". This would prevent a new user from filing a bug in a > self-service way though. > > c) add an approval step to the self-service registration > > d) $other_idea > > What should we do? > > > > On Tue, Oct 30, 2018 at 9:50 AM Brian Bouterse <bbout...@redhat.com> > wrote: > >> I've contacted plan.io support about the untenable spam situation [0] in >> the Redmine tracker. I'll let you know what they say, and we can take it >> from there. >> >> [0]: https://pulp.plan.io/issues/67 >> > > _______________________________________________ > Pulp-dev mailing list > Pulp-dev@redhat.com > https://www.redhat.com/mailman/listinfo/pulp-dev > >
_______________________________________________ Pulp-dev mailing list Pulp-dev@redhat.com https://www.redhat.com/mailman/listinfo/pulp-dev
