[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [SavaneTasks] (edit) antispam ideas
From: |
Beuc |
Subject: |
[Savannah-cvs] [SavaneTasks] (edit) antispam ideas |
Date: |
Fri, 15 Aug 2008 19:28:57 +0000 |
--removed:
-Check for an analysis after ~1 day:
https://savannah.gnu.org/support/index.php?106304#comment9
-
??changed:
- -- Validated post (captcha or login)
-- Validated post (validated captcha or authentified)
++added:
Check for an analysis after ~1 day:
https://savannah.gnu.org/support/index.php?106304#comment9
Conclusion: distributed and dumb for the most part (95%), and %5 remaining
distributed and clever.
Apparently we need to be a bit more challenging for the 5% one. Or, we need to
accept there will be 5% clever spam anyway and filter them after-the-fact.
TODO: better analyse 5% remaining posts
Ideas (more challenging):
* text captcha or textcha - http://moinmo.in/HelpOnTextChas
* beware: i18n
* randomized text fields:
* beware: pre-filling the fields on error
* cons: needs cookie for anonymous users (not implemented)
* reduce number of links per posts + surge protection (limit msgs/min)
* URL block-lists?
Ideas (post-moderation):
* Currently requires 5 spam points (user=1, tracker admin=2, project admin=5),
but often normal users don't reach 5 points. Implement a moderation form for
admins or site-admins, which would be able to quickly moderate the spam.
* Beware: lack of moderation team, lots of dead projects
Rejected ideas:
* captcha:
* accessibility issues
* clever spammers (the 5% we track) know how to read captcha
* I don't like decrypting numbers on screen 20 times per day
* recaptcha: graphic or sound captcha via a webservice: no server-side source
code
* give less privileges to anonymous users:
* it discourages contribution (forces to create an account, remember
password, etc.)
* some spammers already create accounts, so don't feel safe because the user
is authenticated, it can very well be a spammer nevertheless
* akisnet (or something, no need to advertise): interesting idea based on
centralization and cross-site analysis, via webservice (somewhat similar to
Razor/Pyzor); but this is essentially a proprietary external solution; we would
also need to paid a monthly fee since we're bigger than a classic blog. A free
software implementation would need a huge traffic too to get consistent and
reactive detection.
--
forwarded from
https://savannah.gnu.org/maintenance/address@hidden://savannah.gnu.org/maintenance
- [Savannah-cvs] [SavaneTasks] (edit) antispam ideas,
Beuc <=